Business Associate Agreement (HIPAA)

This Agreement (“Agreement”) is made and effective at the date and time your Practice in Tune account is created and is entered into by and between you (“Covered Entity”) and Practice in Tune by Alkin Solutions LLC (“Business Associate”). 

I. Term. This Agreement will expire upon the earlier of: (i) a permitted termination in accordance with this Agreement; (ii) the natural expiration or termination of the existing Agreement; or (ii) the execution of an updated Agreement that supersedes this Agreement.

II. Effect of Amendment. To the extent of any inconsistency between the terms of this Agreement and the remainder of the Agreement, the terms of this Agreement will govern. By Covered Entity electronically accepting the terms of this Agreement made available by Business Associate, Covered Entity and Business Associate agree that it constitutes a written agreement between the parties. If you do not have legal authority to bind Covered Entity, or do not agree to these terms, please do not sign or accept the terms of this Agreement.

III. HIPAA. In the event Business Associate creates, receives, maintains, or otherwise is exposed to personally identifiable patient information defined as Protected Health Information (“PHI”) in the Health Insurance Portability and Accountability Act of 1996 or its relevant regulations (“HIPAA”) and otherwise meets the definition of Business Associate as defined in the HIPAA Privacy Standards (45 CFR Parts 160 and 164), Business Associate will:

(i) Recognize that HITECH (the Health Information Technology for Economic and Clinical Health Act of 2009) and the regulations thereunder (including 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316), apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity;

(ii) Not use or further disclose the PHI, except as permitted by law;

(iii) Not use or further disclose the PHI in a manner that had the Covered Entity done so, would violate the requirements of HIPAA;

(iv) Use appropriate safeguards to protect the PHI other than as provided for by this Agreement;

(v) Comply with each applicable requirement of 45 C.F.R. Part 162 if the Business Associate conducts standard transactions for or on behalf of the Covered Entity;

(vi) Report to the Covered Entity any security incident or other disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware;

(vii) Ensure that any subcontractors or agents who receive or are exposed to PHI are explained the Business Associate obligations and agree to the same conditions;

(viii) Make available PHI in accordance with the individual’s rights;

(viiii) Account for PHI disclosures for up to the past six (6) years as requested by Covered Entity, which shall include: (i) dates of disclosure, (ii) names of the entities or persons who received the PHI, (iii) a brief description of the PHI disclosed, and (iv) a brief statement of the purpose and basis of such disclosure; 

(ix) Make its internal practices and records that relate to the use and disclosure of PHI available to the U.S. Secretary of Health and Human Services for purposes of determining Covered Entity’s compliance with HIPAA; and

(x) Incorporate any amendments to PHI to enter into a Business Associate Agreement or other necessary Agreements to comply with HIPAA with notice to Covered Entity.

IV. Termination Upon Breach of Provisions. Notwithstanding any other provision of this Agreement, Covered Entity may immediately terminate this Agreement if it determines that Business Associate breaches any term in this Agreement. Covered Entity may give written notice to Business Associate in the event of a breach and give Business Associate thirty (30) days to cure such breach. In the event that termination of this Agreement and the Agreement is not feasible, Business Associate hereby acknowledges that the Covered Entity shall be required to report the breach to the Secretary of the U.S. Department of Health and Human Services.

V. Return or Destruction of PHI upon Termination. Upon the termination of this Agreement, unless otherwise directed by Covered Entity, Business Associate shall either return or destroy all PHI received from the Covered Entity or created or received by Business Associate on behalf of the Covered Entity in which Business Associate maintains in any form. Business Associate shall not retain any copies of such PHI. To the extent that it is not feasible for Business Associate to return or destroy such PHI, the terms and provisions of this Agreement shall survive such termination and such PHI shall be used or disclosed solely as permitted by law for so long as Business Associate maintains such PHI.

VI. Third Party Beneficiaries. The parties agree that the terms of this Agreement shall apply only to themselves and are not for the use of any third party beneficiaries.

VII. De-Identified Data. Business Associate and its subcontractors may disclose non-personally identifiable information. 

VIII. Amendment. Business Associate and Covered Entity agree to amend this Agreement to the extent necessary to allow either party to comply with relevant state or federal laws or regulations created or amended to protect the privacy of patient information. All amendments shall be made in writing and electronically accepted by both parties.

IX. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the most current version of HIPAA and the HIPAA privacy regulations at that time.