Facebook X-twitter Youtube Instagram Linkedin
Portal
EMS

Business Associate Agreement

  • Home
  • Business Associate Agreement

Effective Upon Acceptance

By subscribing to our services and clicking “I Accept” during the registration process, you agree to the terms outlined in this Business Associate Agreement (“Agreement”) between you, a HIPAA Covered Entity (“Covered Entity,” “you,” “your”), and OrthoAlign Solution, acting as a Business Associate (“Business Associate,” “we,” “us,” “our”).

Recitals

  • Services Provided: OrthoAlign Solution delivers services as described in our Terms of Service. In doing so, we may access, create, store, or transmit Protected Health Information (“PHI”) on your behalf, subject to HIPAA, the HITECH Act, and related regulations.
  • HIPAA Compliance: As a Business Associate, OrthoAlign Solution assumes responsibilities for safeguarding PHI in accordance with HIPAA regulations.
  • Mutual Agreement: Both parties acknowledge their obligations under HIPAA and agree to comply with the terms of this Agreement.

Definitions

  • Protected Health Information (PHI): As defined in 45 CFR §160.103, limited to data handled by OrthoAlign Solution on behalf of the Covered Entity.
  • Electronic PHI: PHI in electronic format, as defined by HIPAA.
  • Individual: A person whose PHI is involved, including personal representatives.
  • Privacy Rule & Security Rule: Federal standards for handling PHI under 45 CFR Parts 160 and 164.
  • Breach: Unauthorized access or disclosure of PHI as defined in 45 CFR §164.402.
  • Subcontractor: Any third party engaged by OrthoAlign Solution who handles PHI.

Responsibilities of OrthoAlign Solution

  • Permitted Use: We may use or disclose PHI only as necessary to deliver services outlined in our Terms of Service and Privacy Policy, or as required by law.
  • Administrative Use: PHI may be used internally for management and legal compliance.
  • Disclosure Conditions: Any disclosure must be legally required or made to parties who agree to maintain confidentiality and report breaches.

Covered Entity Obligations

  • You agree not to request any use or disclosure of PHI that would violate HIPAA if performed by you directly.

Safeguards & Security

  • OrthoAlign Solution will implement administrative, physical, and technical safeguards to protect PHI.
  • Staff will be trained to ensure compliance and prevent unauthorized access or disclosure.

Incident & Breach Reporting

  • Security Incidents: We will notify you in writing within five business days of discovering any unauthorized use or disclosure.
  • Breach Notification: Any breach of unsecured PHI will be reported within 30 calendar days of discovery, per HIPAA requirements.

Mitigation & Subcontractor Agreements

  • We will take reasonable steps to mitigate any harmful effects of unauthorized disclosures.
  • All subcontractors will be contractually bound to the same privacy and security standards.

Access & Amendment Requests

  • Upon request, we will provide access to PHI in a Designated Record Set to help you respond to individual requests.
  • If an individual contacts us directly, we will forward the request to you within ten business days.
  • Amendments to PHI will be made upon your instruction.