This Business Associate Agreement (“BAA”) is made as of the date (“Effective Date”) accepted by client (“COVERED ENTITY”) and is by and between Brobizco, LLC (“BUSINESS ASSOCIATE”) and COVERED ENTITY. (snapscale is a DBA of Brobizco LLC). By “submitting” this Agreement, COVERED ENTITY acknowledges and agrees that it has agreed to be bound by the terms of this Agreement.
WHEREAS, COVERED ENTITY will make available and/or transfer to BUSINESS ASSOCIATE certain information in conjunction with goods or services that are confidential and must be afforded special treatment and protection.
WHEREAS, BUSINESS ASSOCIATE will have access to and/or receive from COVERED ENTITY certain information, that can be used or disclosed only in accordance with this BAA and the Department of Health and Human Services (“HHS”) HIPAA Privacy and Security, Social Security Act, and the HIPAA HITECH Standards.
NOW THEREFORE, the parties agree as follows:
1. To the limitations on use and disclosure as established under the terms of this BAA.
2. BUSINESS ASSOCIATE hereby agrees to refrain from the use or disclosure of the information provided or made available other than as expressly permitted or required under this contract.
3. BUSINESS ASSOCIATE shall establish and maintain appropriate safeguards to prevent the use or disclosure of information and implement and maintain administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any electronic protected health information that BUSINESS ASSOCIATE receives from COVERED ENTITY or that BUSINESS ASSOCIATE creates, receives, maintains or transmits on behalf of COVERED ENTITY.
The term of this BAA shall commence as of the Effective Date and shall expire when all information provided by the COVERED ENTITY to BUSINESS ASSOCIATE is destroyed or returned to the COVERED ENTITY.
THE PARTIES HEREBY AGREE that BUSINESS ASSOCIATE shall be permitted to use and/or disclose information provided or made available from the COVERED ENTITY in connection with the performance of its obligations under the Agreement and all Statements of Work.
Except as otherwise limited in this BAA:
(a) BUSINESS ASSOCIATE is permitted to use information if necessary, to properly manage and/or administer its commerce (excluding support for marketing).
(b) BUSINESS ASSOCIATE may use information to provide Data Aggregation services to COVERED ENTITY as permitted by 45 CFR § 164.504(e)(2)(i)(B).
(c) BUSINESS ASSOCIATE may use information to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR § 164.502(j)(1).
BUSINESS ASSOCIATE hereby agrees to immediately report to COVERED ENTITY any and all breaches or improper uses or disclosures aside from those permitted in this BAA or by the Health Insurance Portability and Accountability Act (HIPAA).
BUSINESS ASSOCIATE agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information in any manner other than as provided for by this BAA and as required by the Health Insurance Portability and Accountability Act. Upon request, BUSINESS ASSOCIATE shall allow COVERED ENTITY to review such safeguards and security measures and procedures.
BUSINESS ASSOCIATE agrees to mitigate, to the maximum extent practicable, any harmful effect that is known to Business Associate from use or disclosure of information in a manner contrary to terms of this BAA or according to the Health Insurance Portability and Accountability Act.
BUSINESS ASSOCIATE hereby agrees that any and all information provided or made available to its subcontractors or agents shall be executed under same terms, conditions, and restrictions on use and disclosure of information as agreed upon in this BAA.
BUSINESS ASSOCIATE agrees to develop/implement a punitive course of action for its employees, subcontractors, or agents who violate terms of this BAA or privacy regulations under the Health Insurance Portability and Accountability Act.
BUSINESS ASSOCIATE hereby agrees to make its internal practices (including policies and procedures), books, and records relating to use or disclosure of information gained or received under terms of this BAA available to the Secretary of the Department of Health and Human Services or the Secretarys designee for purpose of determining compliance with Privacy and Security standards under the Health Insurance Portability and Accountability Act.
BUSINESS ASSOCIATE hereby agrees to make available and provide individuals the right to inspect and receive a copy of their protected health information in accordance with 45 CFR §164.524. BUSINESS ASSOCIATE agrees to cooperate in making protected health information available to individuals for amendment and agrees to document explicit modifications by the individual in accordance with 45 CFR §164.526. BUSINESS ASSOCIATE agrees to provide an account of protected health information disclosures to an individual in accordance with 45 CFR §164.528.
If BUSINESS ASSOCIATE conducts any HIPAA Standard Transaction for or on behalf of COVERED ENTITY, Business Associate shall comply in accordance with 45 CFR §162.
Shared information, including de-identified protected health information, shall be and remains property of COVERED ENTITY. BUSINESS ASSOCIATE agrees that it acquires no title or rights to an individuals protected health information as a result of this BAA.
BUSINESS ASSOCIATE agrees that COVERED ENTITY has the right to immediately terminate this BAA and seek relief under “Disputes” if COVERED ENTITY determines that BUSINESS ASSOCIATE has violated a material term of this BAA.
Upon termination of this BAA for any reason, BUSINESS ASSOCIATE hereby agrees to return or destroy all information received or created on behalf of COVERED ENTITY. BUSINESS ASSOCIATE agrees not to retain any copies of information after termination of this BAA. If return or destruction of the information is not feasible, BUSINESS ASSOCIATE agrees to extend protections outlined in this BAA.
BUSINESS ASSOCIATE acknowledges that by accepting the information from COVERED ENTITY, it becomes a holder of medical records information under the state Privacy laws and is subject to the provisions of that law. If the HIPAA Privacy or Security Rules and the state Privacy law conflict regarding the degree of protection provided for protected health information, BUSINESS ASSOCIATE shall comply with the more restrictive protection requirement.
Non-compliance by BUSINESS ASSOCIATE (or any of its subcontractors or agents) with any terms of this BAA or the Health Insurance Portability and Accountability Act will automatically be considered grounds for breach.
Notwithstanding any rights or remedies provided for in this BAA, COVERED ENTITY retains all rights to seek injunctive relief to prevent or stop unauthorized use or disclosure of information by BUSINESS ASSOCIATE or any agent, contractor, or third party that received information from BUSINESS ASSOCIATE.
The parties agree to exercise good faith in performance of this BAA.
Both parties shall indemnify the other party and hold it harmless from and against any penalties, losses, claims, damages or liabilities (or actions in respect thereof) to which it may become subject insofar as such penalties, losses, claims, damages or liabilities (or actions in respect thereof) arise out of or are based upon any unauthorized use or disclosure of Protected Health Information.
Any controversy or claim arising from or relating to the terms defined under this BAA are subject to settlement as set forth in the Agreement, except for injunctive relief.
Each party agrees to bear its own legal expenses and any other cost incurred for actions or proceedings brought about by enforcement of this BAA, or from an alleged dispute, breach, default, misrepresentation, or injunctive action associated with the provisions of this contract.
Neither party has the authority to reassign this BAA without the others written consent.
The terms of this BAA consist of this document and constitute the entire agreement between the stated parties.
Both parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for them to comply with the requirements of the Health Insurance Portability and Accountability Act.
Any ambiguity in this BAA shall be resolved to permit COVERED ENTITY and BUSINESS ASSOCIATE to comply with the Health Insurance Portability and Accountability Act.
© 2025 snapscale
Services
Resources
About
