BUSINESS ASSOCIATE AGREEMENT (BAA)
(HIPAA COMPLIANCE AND DATA PROTECTION)
This Business Associate Agreement (“BAA”) supplements the Master Services Agreement and is entered into by and between:
COVERED ENTITY: MONDOIVF, LLC, a Florida limited liability company ("Company").
BUSINESS ASSOCIATE: The individual or legal entity executing this Agreement ("Contractor").
Definitions: "PHI" refers to Protected Health Information as defined in 45 CFR § 160.103. "Breach" shall have the same meaning as defined in 45 CFR § 164.402.
1. OBLIGATIONS OF THE BUSINESS ASSOCIATE
The Business Associate agrees to:
- Not use or disclose PHI other than as permitted or required by this Agreement or as required by law.
- Use appropriate administrative, physical, and technical safeguards to prevent unauthorized use or disclosure of PHI, including the implementation of the HIPAA Security Rule requirements.
- Mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI in violation of this Agreement.
2. REPORTING DISCLOSURES AND BREACHES
The Business Associate shall report to the Covered Entity any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR § 164.410. Notification must be made within 48 hours of discovery.
3. SUBCONTRACTORS
The Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions and conditions that apply to the Business Associate with respect to such information.
4. ACCESS AND AMENDMENT
The Business Associate agrees to make PHI available to the Covered Entity or to an individual to meet the requirements of access, amendment, and accounting of disclosures in accordance with HIPAA regulations.
5. TERM AND TERMINATION
5.1 Term: This Agreement shall be effective as of the date of execution and shall terminate when all PHI is destroyed or returned to the Covered Entity.
5.2 Termination for Cause: Upon Covered Entity’s knowledge of a material breach by Business Associate, Covered Entity shall provide an opportunity for Business Associate to cure the breach. If Business Associate does not cure the breach within the specified timeframe, Covered Entity may terminate this Agreement and the underlying Master Services Agreement immediately.
6. RETURN OR DESTRUCTION OF PHI
Upon termination of this Agreement for any reason, Business Associate shall return or, if agreed to by Covered Entity, destroy all PHI received from Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate.
7. AUDIT AND CHECKLIST COMPLIANCE
The Business Associate acknowledges that they are subject to periodic security audits by the Covered Entity. Failure to comply with the Company’s HIPAA Security Checklist or failure to provide proof of adequate data encryption and storage protocols shall be considered a material breach of this Agreement.
8. MISCELLANEOUS
This Agreement shall be governed by the laws of the State of Florida and applicable Federal Law (HIPAA/HITECH Act). Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the HIPAA Rules.