Business Associate Agreement

THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is entered into as of __________________, 20___, by and between _____________________________ (“Doctor”) and AMEDSPACE TEK, LLC, a Delaware limited liability company (“Business Associate”) dba RESIDEN with reference to the following facts:

A. Doctor is a “Covered Entity,” as defined in 45 C.F.R. §160.103, and Business Associate is a “Business Associate,” also as defined in 45 C.F.R. §160.103.

B. Doctor and Business Associate have entered into that certain License Agreement, dated ________________, 20 ___ (the “License Agreement”), pursuant to which Business Associate is to perform functions or activities for or on behalf of, or to provide services to, Doctor which will involve receiving, creating, maintaining and/or transmitting Protected Health Information (as defined below) (“PHI”) of Doctor.

C. Doctor and Business Associate desire to protect the privacy and provide for the security of PHI used by or disclosed to Business Associate in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the regulations promulgated thereunder (the “HIPAA Rules”), the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”), and similar state laws and regulations.

NOW, THEREFORE, the parties hereto do hereby agree as follows:

  1. Definitions.

    All capitalized terms used in this Agreement that are not defined herein have the meanings ascribed to them in the HIPAA Rules.

  2. Permitted Uses and Disclosures by Business Associate.

    (a) Business Associate may Use PHI only if necessary for the proper management and administration of Business Associate or to carry out Business Associate’s legal responsibilities, including the performance of its obligations under the License Agreement.

    (b) Business Associate may Disclose PHI received for the purposes described in Section 2(a) hereof only if required by law or if Business Associate obtains reasonable assurances from the person to whom the information is disclosed that (i) such information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to such person and (ii) that such person will notify Business Associate of any instances of which such person is aware in which the confidentiality of the information has been breached.

    (c) Business Associate may Use PHI to provide Data Aggregation services relating to the health care operations of Doctor to the extent contemplated by the License Agreement.

    (d) In addition to the foregoing, Business Associate –

    (i) shall not Use or further Disclose the information other than as permitted or required by this Agreement or as required by law;

    (ii) shall use appropriate safeguards to prevent Use or Disclosure of the information other than as provided for in this Agreement;

    (iii) shall report to Doctor, orally and in writing, as soon as possible but in no event later than five (5) calendar days after Business Associate becomes aware of any Use or Disclosure of PHI not permitted by this Agreement, including any Breach of Unsecured PHI as required by the HIPAA Rules;

    (iv) shall ensure that any agents, including a Subcontractor, to whom Business Associate provides PHI received from Doctor, or created or received by Business Associate on behalf of Doctor, agrees to the same restrictions and conditions that apply to Business Associate with respect to such information;

    (v) shall provide access to PHI by the individual to whom such information relates, to the extent required by HIPAA;

    (vi) shall make PHI available to the individual to whom such information relates for the purpose of amending such information, and shall incorporate any such amendments to the information, to the extent required by HIPAA;

    (vii) shall make available the information required to provide an accounting of Disclosures to the individual to whom the Disclosure of PHI relates, to the extent required by HIPAA;

    (viii) shall make Business Associate’s internal practices, books, and records relating to the Use and Disclosure of PHI received from Doctor, or created or received by Business Associate on behalf of Doctor, available to the Secretary of Health and Human Services or his/her delegee for purposes of determining Doctor’s compliance with HIPAA;

    (ix) shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PHI (“ePHI”) that it creates, receives, maintains, or transmits on behalf of the Doctor as required by the Standards for the Protection of Electronic Protected Health Information at 45 CFR part 164, subpart C;

    (x) shall assure that any agent, including a Subcontractor to whom it provides ePHI, shall agree to implement reasonable and appropriate safeguards to protect such information; and

    (xi) shall report to Doctor any Security Incident of which Business Associate becomes aware.

    (e) Business Associate shall comply with all of the obligations required of a business associate under the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), Title XIII of the American Recovery and Reinvestment Act of 2009, and regulations issued thereunder, including but not limited to the following

    (i) In the event of a Breach of Unsecured PHI, Business Associate shall provide written notification of the Breach to Doctor without unreasonable delay and in no case later than sixty (60) calendar days after discovery of the Breach. Such written notification shall include, to the extent possible, the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, Used, or Disclosed during the Breach. Business Associate also shall provide Doctor with any other available information that Doctor is required to include in notification to the individual under the HITECH Act and regulations at the time of the foregoing written notification or promptly thereafter as information becomes available.

    (f) Doctor may terminate the License Agreement referenced in Recital B hereof if Business Associate has violated a material term of this Agreement.

  3. Term and Termination.

    (a) The Term of this Agreement shall be effective as of the date first set forth above and shall terminate on the date of termination of the License Agreement.

    (b) Upon termination of this Agreement, Business Associate shall, if feasible, return or destroy all PHI received from Doctor, or created or received by Business Associate on behalf of Doctor, that Business Associate still maintains in any form and retain no copies of such information or, if such return or destruction is not feasible, protect such information as required by this Agreement and limit further Uses and Disclosures to those purposes that make the return or destruction of the information infeasible; 

  4. Miscellaneous.

    This Agreement contains the entire agreement of the parties and supersedes any prior agreement or discussions of the parties. This Agreement may be amended only by a written agreement signed by all parties. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Any obligation required to be performed after termination of this Agreement shall survive termination hereof. A copy of this Agreement transmitted by fax or email which shows a party’s signature shall be deemed an original.


_______________________ AMEDSPACE TEK, LLC dba Residen
(“Doctor”) (Business Associate”)

By: By:

Printed Name: Printed Name:

Title: Title: