Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

{{company_name}}

{{company_address}}

Telephone: {{company_phone}}

Email: {{company_email}}

Website: {{company_website}}

BETWEEN:

**{{covered_entity_name}}**, a company duly incorporated in accordance with the laws of {{jurisdiction}}, with its principal place of business at {{covered_entity_address}} (hereinafter referred to as "Covered Entity").

AND

**{{business_associate_name}}**, a company duly incorporated in accordance with the laws of {{jurisdiction}}, with its principal place of business at {{business_associate_address}} (hereinafter referred to as "Business Associate").

RECITALS

WHEREAS, Covered Entity and Business Associate have entered into an underlying service agreement dated {{service_agreement_date}} (the "Underlying Agreement"), pursuant to which Business Associate provides certain services to Covered Entity.

WHEREAS, in connection with the services provided under the Underlying Agreement, Business Associate may receive, create, maintain, use, or transmit Protected Health Information (PHI) on behalf of Covered Entity.

WHEREAS, both parties acknowledge their obligations under data protection laws and regulations, including those pertaining to the privacy and security of PHI.

DEFINITIONS

1. **"Protected Health Information" (PHI)** shall have the same meaning as the term is defined in applicable data protection laws and regulations, including, but not limited to, individually identifiable health information transmitted or maintained in any form or medium.

2. **"Breach"** shall mean the acquisition, access, use, or disclosure of PHI in a manner not permitted by this Agreement which compromises the security or privacy of the PHI.

3. **"Security Incident"** shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

OBLIGATIONS OF BUSINESS ASSOCIATE

1. **Permitted Uses and Disclosures:** Business Associate shall not use or disclose PHI other than as permitted or required by the Underlying Agreement, this Agreement, or as required by law.

2. **Safeguards:** Business Associate shall implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.

3. **Reporting of Incidents:** Business Associate shall report to Covered Entity any Use or Disclosure of PHI not provided for by this Agreement of which it becomes aware, including Breaches of unsecured PHI, and any Security Incident.

4. **Subcontractors:** Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions and conditions that apply to Business Associate.

5. **Access and Amendment:** Business Associate shall provide access and amendment to PHI as required by applicable laws and regulations, and assist Covered Entity in fulfilling its obligations.

6. **Accounting of Disclosures:** Business Associate shall maintain and make available to Covered Entity information required for Covered Entity to provide an accounting of disclosures of PHI.

OBLIGATIONS OF COVERED ENTITY

1. **Notice of Privacy Practices:** Covered Entity shall notify Business Associate of any limitation in its notice of privacy practices.

2. **Changes in Permissions:** Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an individual to use or disclose his or her PHI.

3. **Restrictions:** Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to.

TERM AND TERMINATION

1. **Term:** The Term of this Agreement shall commence on {{effective_date}} and shall remain in effect until terminated in accordance with the provisions herein.

2. **Termination for Cause:** Covered Entity may terminate this Agreement if Business Associate materially breaches any term and fails to cure the breach within {{cure_period}} days after written notice.

3. **Effect of Termination:** Upon termination of this Agreement for any reason, Business Associate shall, at the option of Covered Entity, return or destroy all PHI received from Covered Entity, or created or maintained by Business Associate on behalf of Covered Entity, that Business Associate still maintains in any form.

MISCELLANEOUS

1. **Governing Law:** This Agreement shall be governed by and construed in accordance with the laws of {{jurisdiction}}.

2. **Amendment:** No alteration or variation of this Agreement shall be of any force or effect unless reduced to writing and signed by both parties.

3. **Entire Agreement:** This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior discussions, negotiations, and agreements.

4. **Notices:** Any notice required or permitted to be given under this Agreement shall be in writing and delivered to the addresses set forth above.

SIGNATURES

IN WITNESS WHEREOF, the parties have executed this Business Associate Agreement as of the date first written above.

**FOR COVERED ENTITY:**

_____________________________

Name: {{covered_entity_contact_name}}

Title: {{covered_entity_contact_title}}

Date: {{covered_entity_signature_date}}

**FOR BUSINESS ASSOCIATE:**

_____________________________

Name: {{business_associate_contact_name}}

Title: {{business_associate_contact_title}}

Date: {{business_associate_signature_date}}