Last updated: January 1, 2025
This Business Associate Agreement ("BAA") supplements and is incorporated into the Respan Terms of Use and is entered into by Respan, Inc. ("Business Associate") and the customer entity executing this agreement ("Covered Entity"). This BAA is required under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health (HITECH) Act when Respan processes Protected Health Information ("PHI") on behalf of a Covered Entity.
Terms used in this BAA but not defined herein shall have the same meaning as those terms in 45 CFR Parts 160 and 164. "Protected Health Information" or "PHI" means individually identifiable health information as defined in 45 CFR § 160.103. "Security Incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations.
Business Associate may use or disclose PHI only: (a) as necessary to provide the services described in the service agreement; (b) as required by law; (c) for Business Associate's proper management and administration, provided that disclosures are required by law or Business Associate obtains reasonable assurances from the recipient; or (d) to provide data aggregation services relating to the health care operations of Covered Entity.
Business Associate agrees to: (a) not use or disclose PHI other than as permitted or required by this BAA; (b) implement appropriate administrative, physical, and technical safeguards to protect PHI; (c) report to Covered Entity any use or disclosure of PHI not permitted by this BAA within 15 business days of becoming aware; (d) ensure any subcontractors that create or receive PHI agree to the same restrictions; (e) make PHI available to Covered Entity as required; and (f) return or destroy all PHI upon termination.
BAA coverage is available to customers on the Team or Enterprise plan. To request a signed BAA, contact compliance@respan.ai with your organization details and plan information. We will review your request and respond within 5 business days.
Either party may terminate this BAA if the other party materially breaches any term and fails to cure the breach within 30 days of written notice. Upon termination, Business Associate shall return or destroy all PHI. If return or destruction is infeasible, Business Associate shall extend protections to the PHI for as long as it is retained.
For questions about HIPAA compliance or to request a BAA, contact compliance@respan.ai.