Free Nursing Home HIPAA Business Associate Agreement (BAA)

Effective Date: [Date]

Parties:

This Business Associate Agreement ("Agreement") is entered into by and between:

• Nursing Home Name: [Your Company Name], a [Legal Structure] organized under the laws of [Jurisdiction], with its principal place of business located at [Your Company Address] ("Covered Entity"), and

• Business Associate Name: [Second Party], a [Legal Structure] organized under the laws of [Jurisdiction], with its principal place of business located at [Second Party Address] ("Business Associate").

RECITALS

WHEREAS, Covered Entity is a "covered entity" as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), including its implementing regulations, the Privacy Rule and the Security Rule;

WHEREAS, Business Associate provides certain services to or on behalf of Covered Entity, and in the course of providing such services, Business Associate may receive, create, maintain, or transmit protected health information ("PHI") as defined by HIPAA;

WHEREAS, Covered Entity and Business Associate desire to ensure compliance with HIPAA and to protect the privacy and security of PHI as required by HIPAA and its implementing regulations; and

WHEREAS, this Agreement is intended to satisfy the requirements of HIPAA and to ensure that Business Associate appropriately safeguards PHI and complies with HIPAA requirements.

AGREEMENT

1. Permitted Uses and Disclosures of PHI: Business Associate may use or disclose PHI only as necessary to perform its services on behalf of Covered Entity or as required by law. Business Associate shall not use or further disclose PHI except as permitted or required by this Agreement or as required by law.

2. Safeguards and Security Measures: Business Associate shall implement appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by this Agreement. Business Associate shall comply with the HIPAA Security Rule with respect to electronic PHI.

3. Reporting and Response to Breaches: Business Associate shall report to Covered Entity any breach of unsecured PHI without unreasonable delay but in no event later than [Timeframe] following discovery of the breach. Business Associate shall also mitigate, to the extent practicable, any harmful effects of the breach.

4. Compliance with HIPAA Regulations: Business Associate shall comply with all applicable requirements of HIPAA, including but not limited to the Privacy Rule, the Security Rule, and the Breach Notification Rule.

5. Subcontractors and Agents: Business Associate may engage subcontractors or agents to perform services on its behalf, provided that Business Associate obtains written assurances that such subcontractors or agents will comply with the same restrictions and conditions that apply to Business Associate with respect to PHI.

6. Access, Amendment, and Disclosure Accounting: Business Associate shall provide access to PHI to Covered Entity in order to allow Covered Entity to comply with its obligations under the HIPAA Privacy Rule, including providing individuals with access to their PHI, amending PHI, and providing an accounting of disclosures of PHI.

7. Minimum Necessary Standard Compliance: Business Associate shall use, disclose, and request only the minimum amount of PHI necessary to accomplish the purpose of the use, disclosure, or request, in accordance with the HIPAA minimum necessary standard.

8. Data Retention and Destruction: Business Associate shall retain PHI only for the period necessary to perform its services for Covered Entity, and upon termination of this Agreement, Business Associate shall return or destroy all PHI in its possession or control in accordance with HIPAA requirements.

TERM AND TERMINATION

1. Term of the Agreement: This Agreement shall become effective as of the Effective Date and shall continue in effect until terminated as provided herein.

2. Termination for Cause: Covered Entity may terminate this Agreement immediately if Business Associate breaches any material term of this Agreement and fails to cure such breach within [Timeframe] of written notice of the breach from Covered Entity.

3. Obligations Upon Termination: Upon termination of this Agreement for any reason, Business Associate shall return or destroy all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, in accordance with HIPAA requirements.

4. Survival of Certain Provisions: The obligations of Business Associate under Sections 3 (Reporting and Response to Breaches), 4 (Compliance with HIPAA Regulations), and 7 (Minimum Necessary Standard Compliance) shall survive the termination of this Agreement.

MISCELLANEOUS PROVISIONS

1. Governing Law and Jurisdiction: This Agreement shall be governed by and construed in accordance with the laws of [Jurisdiction], without regard to its conflicts of law principles. Any disputes arising under or related to this Agreement shall be resolved exclusively in the state or federal courts located in [Jurisdiction].

2. Entire Agreement: This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements and understandings, whether written or oral, relating to such subject matter.

3. Amendments and Modifications: This Agreement may be amended or modified only by a written agreement signed by both parties.

4. Severability: If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the validity, legality, or enforceability of the remaining provisions shall not be affected or impaired thereby.

5. No Third-Party Beneficiaries: This Agreement is not intended to confer any rights or remedies upon any person or entity other than the parties hereto.

6. Notices: Any notices or other communications required or permitted to be given under this Agreement shall be in writing and shall be deemed to have been duly given if delivered personally or sent by certified or registered mail, return receipt requested, postage prepaid.

7. Waiver: No waiver by either party of any provision of this Agreement shall be effective unless explicitly set forth in writing and signed by the waiving party.

8. Counterparts and Electronic Signatures: This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. This Agreement may be executed and delivered by electronic signature, which shall be deemed an original.

SIGNATURES

This sentence serves as a testimony that the parties involved in this agreement have signed and executed it according to the terms and conditions contained within. Signing of this agreement transpired as of the Effective Date that was previously written at the beginning of this document.

[Your Name]

[Your Company Name]

[Date]

[Representative's Name]

[Second Party]

[Date]

Nursing Home Templates @ Template.net