Home > HIPAA-BAA
This HIPAA Fastn, Inc. Agreement ("Agreement") is entered into by and between the Business Associate Fastn, Inc., having its principal place of business at Fastn, Inc. Fastn, Inc. and Covered Entity collectively referred to as the "Parties".
1. BACKGROUND
Covered Entity and Fastn, Inc. have entered into an agreement whereby Fastn, Inc. may have access to, use, or disclose Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations, including the Privacy Rule (45 C.F.R. Parts 160 and 164) and the Security Rule (45 C.F.R. Parts 160, 162, and 164) (collectively, "HIPAA Rules"), in connection with the services provided by Fastn, Inc. to Covered Entity ("Services").
In accordance with the HIPAA Rules, Covered Entity is a "covered entity" and Fastn, Inc. is a Fastn, Inc. as defined under HIPAA.
The Parties desire to comply with the requirements of HIPAA and to protect the privacy and security of PHI in accordance with the HIPAA Rules.
2. TERMS AND CONDITIONS
1. Definitions
1.1. "PHI" shall have the meaning given to it under the HIPAA Rules and shall include, without limitation, any information that is created, received, maintained, or transmitted by Fastn, Inc. on behalf of Covered Entity in connection with the Services.
1.2. "Electronic Protected Health Information" or "ePHI" shall have the meaning given to it under the HIPAA Rules and shall include PHI that is transmitted or maintained in electronic form.
1.3. "Designated Record Set" shall have the meaning given to it under the HIPAA Rules and shall include, without limitation, any group of records maintained by or for Covered Entity that is used, in whole or in part, to make decisions about individuals.
1.4. "Breach" shall have the meaning given to it under the HIPAA Rules and shall mean the acquisition, access, use, or disclosure of PHI in a manner not permitted by the HIPAA Rules, which compromises the security or privacy of the PHI.
1.5. "Security Incident" shall have the meaning given to it under the HIPAA Rules and shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
2. Obligations of Fastn, Inc.
2.1. Use and Disclosure of PHI. Fastn, Inc. shall not use or disclose PHI, except as necessary to perform the Services or as otherwise required by law. Fastn, Inc. shall comply with the requirements of the HIPAA Rules with respect to the use and disclosure of PHI, including, without limitation, the minimum necessary standard.
2.2. Safeguards. Fastn, Inc. shall implement appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in this Agreement. Such safeguards shall comply with the requirements of the HIPAA Rules, including, without limitation, the Security Rule.
2.3. Reporting of Breaches and Security Incidents. Fastn, Inc. shall report to Covered Entity any Breach or Security Incident of which it becomes aware without unreasonable delay, but in no event later than 72 hours after discovery of the Breach or Security Incident.
2.4. Access to PHI. Fastn, Inc. shall provide access to PHI to Covered Entity or an individual as required by the HIPAA Rules within the timeframes and in the manner specified by the HIPAA Rules.
3. Obligations of Covered Entity
3.1. Notice of Privacy Practices. Covered Entity shall provide Fastn, Inc. with a copy of its current notice of privacy practices, or any changes thereto, as required by the Privacy Rule.
3.2. Changes to Authorization or Permission. Covered Entity shall notify Fastn, Inc. of any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent that such changes may affect Fastn, Inc.'s use or disclosure of PHI.
3.3. Restrictions on Use or Disclosure. Covered Entity shall notify Fastn, Inc. of any restrictions on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by, to the extent that such restrictions may affect Fastn, Inc.'s use or disclosure of PHI.
4. Term and Termination
4.1. Term. This Agreement shall be effective as of the date of its execution by both Parties and shall continue in effect until terminated by either Party in accordance with this Section 4.
4.2. Termination for Convenience. Either Party may terminate this Agreement for any reason or no reason upon written notice to the other Party.
4.3. Termination for Breach. Either Party may terminate this Agreement upon written notice to the other Party in the event of a material breach of this Agreement by the other Party, unless the breach is cured within a reasonable time period specified by the non-breaching Party.
5. Miscellaneous
5.1. Entire Agreement. This Agreement constitutes the entire understanding between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous agreements, understandings, representations, and warranties, whether oral or written, relating to the subject matter hereof.
5.2. Amendments. This Agreement may not be amended or modified except in writing signed by both Parties.
5.3. No Third-Party Beneficiaries. This Agreement is not intended to and does not confer any rights or benefits upon any person or entity other than the Parties hereto and their respective successors and permitted assigns.
5.4. Governing Law and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the state or jurisdiction where Covered Entity is located. Any disputes arising under or in connection with this Agreement shall be resolved in the courts of competent jurisdiction in the same state or jurisdiction.
5.5. Survival. The obligations and responsibilities of the Parties under this Agreement shall survive termination of this Agreement for any reason, to the extent necessary to fulfill the purposes for which the PHI was disclosed or received under this Agreement.