Exhibit C: Business Associate Agreement (BAA)

Outlines HIPAA-compliant responsibilities when pie accesses or manages protected health information on behalf of a covered entity.

This Business Associate Agreement (“BAA”) is entered into by and between [Client.Company] (“Covered Entity”) and pie Health, LLC (“Business Associate”), and is incorporated into the General Services Agreement (“Agreement”) between the parties.

This BAA is effective as of the effective date of the Agreement and shall remain in force for the duration of the Agreement, including any Statements of Work (“SOWs”) executed thereunder, unless terminated sooner in accordance with its terms.

1. Purpose

This Agreement sets forth the terms and conditions under which Business Associate may receive, create, maintain, use, or disclose Protected Health Information (“PHI”) in the course of providing services to Covered Entity pursuant to the General Services Agreement or other written agreement between the parties (“Underlying Agreement”).

2. Definitions

All capitalized terms not defined herein shall have the meaning set forth in 45 CFR §§ 160 and 164 (“HIPAA Rules”).

3. Obligations of Business Associate

Business Associate agrees to:

a. Use or disclose PHI only as necessary to perform services under the Underlying Agreement, or as required by law.

b. Implement administrative, physical, and technical safeguards to prevent unauthorized use or disclosure of PHI.

c. Report to Covered Entity any use or disclosure of PHI not permitted by this Agreement within five (5) business days of discovery.

d. Ensure any subcontractors that receive PHI agree in writing to the same restrictions and conditions.

e. Make PHI available to Covered Entity or the individual to whom it pertains, as required by 45 CFR § 164.524.

f. Provide access to records for HHS audit or investigation, as required.

g. Upon termination of this Agreement, return or destroy all PHI, if feasible.

4. Permitted Uses and Disclosures

Business Associate may use PHI:

To provide the services described in the Underlying Agreement.
For internal operations related to its performance of those services (e.g., quality review, administrative support).
To comply with legal obligations.

5. Term and Termination

This Agreement shall remain in effect for as long as Business Associate maintains PHI received from Covered Entity and shall terminate upon written confirmation that all PHI has been returned or destroyed.

Covered Entity may terminate this Agreement immediately if it determines that Business Associate has violated a material term.

6. Miscellaneous

This Agreement is governed by the laws of the State of Texas.
This Agreement may be amended only in writing signed by both parties.
In the event of a conflict with the Underlying Agreement, this Agreement shall control as to HIPAA-related obligations.

PreviousExhibit B: Customer Data Privacy NextExhibit D: Provider and Group Authorization to Represent

Last updated 7 months ago

hashtag1. Purpose

hashtag2. Definitions

hashtag3. Obligations of Business Associate

hashtag4. Permitted Uses and Disclosures

hashtag5. Term and Termination

hashtag6. Miscellaneous