Business Associate Agreement
This Business Associate Agreement (“Agreement”) is entered into by and between the party agreeing to these terms (“Covered Entity”), which may be an individual healthcare provider or an organization that is a covered entity under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and Awake Technologies Inc., located at 66 West Flagler Street, 33130 Miami, Florida, USA (“Business Associate”).
1. Definitions.
All capitalized terms used in this Agreement not otherwise defined have the meanings set forth in the Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164), the Security Rule (45 CFR Part 160 and Subpart C of Part 164), the Breach Notification Rule (45 CFR Part 164 Subpart D), and the Omnibus Rule within the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
2. Permitted Uses and Disclosures.
Business Associate may use or disclose Protected Health Information as minimally necessary to perform its services for Covered Entity pursuant to any service agreement(s), or as required by law. Business Associate may use or disclose Protected Health Information as necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, if such use or disclosure does not violate HIPAA or the Minimum Necessary standard.
3. Obligations of Business Associate.
Business Associate shall:
(a) Use appropriate safeguards, including implementing administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information as required by the HIPAA Security Rule;
(b) Report to Covered Entity any Security Incident, Breach of Unsecured PHI, or unauthorized use or disclosure of Protected Health Information of which it becomes aware within 10 days of discovery, including the identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed to have been, accessed, acquired, or disclosed during such Breach;
(c) Enter into Business Associate Agreements with subcontractors that create, receive, maintain or transmit Protected Health Information on its behalf that impose the same restrictions and conditions as this Agreement;
(d) Make Protected Health Information available as necessary to satisfy Covered Entity’s obligations under the HIPAA Privacy Rule, within 30 days of a request and in a reasonable format;
(e) Make reasonable efforts to incorporate any amendments or corrections to Protected Health Information within 30 days as directed by Covered Entity;
(f) Maintain records and provide to Covered Entity information required for an accounting of disclosures within 30 days of a request;
(g) Make its internal practices, books, and records relating to the use and disclosure of Protected Health Information available to the Secretary for purposes of determining compliance with the HIPAA Rules within 30 days of a request;
(h) At termination of the Agreement, if feasible, return or destroy all Protected Health Information within 30 days; if return or destruction is not feasible, extend the protections of this Agreement to the information and limit further uses and disclosures;
(i) Maintain appropriate written policies and procedures to comply with the HIPAA Privacy, Security and Breach Notification Rules.
4. Term and Termination.
This Agreement shall be effective upon acceptance by Covered Entity, and shall terminate when all Protected Health Information is destroyed by Business Associate or returned to Covered Entity. Covered Entity may immediately terminate this Agreement and services upon notice in the event the parties determine Business Associate has breached a material term.
5. Authority to Enter Agreement.
The person accepting this Agreement on behalf of Covered Entity represents and warrants that they have the authority to bind Covered Entity to the terms of this Agreement.