This Business Associate Agreement (BAA) is entered into by and between SnapNotes, a Business Associate, and the Covered Entity, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations.
SnapNotes agrees to safeguard all Protected Health Information (PHI) in compliance with HIPAA standards.
1.1 Security Measures: SnapNotes will implement administrative, physical, and technical safeguards to protect PHI.
1.2 Compliance Training: SnapNotes will ensure all employees are trained to comply with HIPAA standards.
SnapNotes will only use or disclose PHI as necessary to provide services as outlined in the agreement with the Covered Entity.
2.1 Use for Management: SnapNotes may use PHI for proper management and administrative functions as permitted by law.
2.2 Disclosure Restrictions: SnapNotes will ensure PHI is disclosed only as legally required or for specified purposes.
SnapNotes will notify the Covered Entity promptly upon discovering any breach of unsecured PHI, in accordance with 45 CFR §164.410.
3.1 Reporting Timeline: Notification will occur within 30 days of discovery.
3.2 Mitigation Efforts: SnapNotes will take reasonable measures to mitigate harmful effects resulting from unauthorized disclosure of PHI.
SnapNotes agrees to report any security incidents affecting electronic PHI to the Covered Entity promptly.
SnapNotes will ensure that any subcontractors receiving PHI will agree in writing to the same terms, conditions, and safeguards as outlined in this BAA.
6.1 Access to PHI: Upon request, SnapNotes will furnish the Covered Entity with PHI maintained in a designated record set.
6.2 Amendment of PHI: SnapNotes will amend any PHI as directed by the Covered Entity.
6.3 Accounting of Disclosures: SnapNotes will maintain records of all PHI disclosures as required by 45 CFR §164.528.
This BAA will be effective as of the date specified in the agreement and will remain in effect until terminated by either Party as described herein.
7.1 Termination for Breach: Either Party may terminate the agreement if the other Party fails to cure a material breach within 30 days of receiving written notice.
7.2 Effect of Termination: Upon termination, all PHI in the possession of SnapNotes will be returned to the Covered Entity or destroyed.
The Covered Entity retains all rights to PHI data shared under this agreement; SnapNotes’ stewardship does not confer ownership rights over the PHI.
The Parties acknowledge that they will comply with the applicable provisions of the HITECH Act as it becomes effective, and will amend this BAA as necessary to comply with any future HHS regulations.
All notices regarding this BAA shall be sent to the addresses specified in the underlying agreement.
By using SnapNotes services, you acknowledge and agree to the terms of this Business Associate Agreement. For further questions or clarifications, please contact us.