Light mode illustration

HIPAA Business Associate Agreement (BAA)

Effective: August 5, 2025
Parties: [Covered Entity Name] ("Covered Entity") and Nexalink Health, Inc. ("Business Associate").

Template only — to be finalized and executed by both parties.

1. Definitions

Terms not defined here have the meanings in HIPAA, HITECH, and implementing regulations (45 CFR Parts 160 and 164). "PHI" includes ePHI.

2. Permitted Uses & Disclosures

Business Associate may use and disclose PHI solely to perform Services for Covered Entity as described in the underlying agreement, for proper management and administration, and as required by law, subject to 45 CFR §164.504(e)(4).

3. Safeguards

Business Associate will implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of ePHI, including encryption in transit and at rest, access controls, audit logging, and workforce training.

4. Reporting

Business Associate will report to Covered Entity any use or disclosure not provided for by this BAA and any Security Incident or Breach of Unsecured PHI without unreasonable delay and within required legal timelines.

5. Subcontractors

Business Associate will ensure subcontractors that create, receive, maintain, or transmit PHI on its behalf agree in writing to the same restrictions and conditions.

6. Access; Amendments; Accounting

To the extent Covered Entity is obligated under HIPAA, Business Associate will make PHI available for access, amendment, and accounting of disclosures as required by 45 CFR §§164.524, 164.526, and 164.528.

7. Books & Records

Business Associate will make internal practices, books, and records relating to use and disclosure of PHI available to the Secretary of HHS for determining Covered Entity’s compliance.

8. Termination

Upon termination of the underlying agreement, Business Associate will, if feasible, return or destroy PHI it maintains. If return or destruction is infeasible, Business Associate will extend protections and limit further use/disclosure to the purposes that make return or destruction infeasible.

9. Indemnification & Liability

Indemnity and liability follow the underlying agreement to the extent permitted by law. Nothing in this BAA limits either party’s HIPAA/HITECH obligations.

10. Miscellaneous

This BAA supersedes conflicting provisions regarding PHI. Amendments required to comply with law will be executed in good faith.