Grahek Technology

Business Associate Agreement


Business Associate Agreement

This Business Associate Agreement (“Agreement”) is entered into effective April 25, 2024 (the “Effective Date”), by and between (“Covered Entity”) and Grahek Enterprises, LLC d/b/a Grahek Technology (“Business Associate”).

Recitals

WHEREAS Covered Entity is a (hospital, medical practice, licensed physician) that has hired Business Associate to provide technology services (“Services”) for Covered Entity. (Covered Entity and Business Associate are at times referred to herein collectively as the “Parties” and individually, as a “Party”); and

WHEREAS in the course of providing Services for Covered Entity, Business Associate will have access to individually identifiable health information (“PHI”) that is protected from use or disclosure under the Privacy Standards of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA Privacy Standards”); and

WHEREAS Covered Entity is required by the HIPAA Privacy Standards to enter into this Agreement, and to keep this Agreement in full force and effect to disclose and/or grant access to PHI in connection with the performance of the Services; and

WHEREAS the Parties intend this Agreement to comply with the provisions of 45 C.F.R. § 164.504(e).

NOW, THEREFORE, in consideration of the covenants contained herein and other good and valuable consideration, the sufficiency of which is hereby acknowledged, Business Associate and Covered Entity hereby agree as follows:

  1. Permitted Uses.
    1. Business Associate may use or disclose PHI solely as necessary to perform the Services. Notwithstanding anything to the contrary, Business Associate may not use or further disclose PHI in a manner that would violate the HIPAA Privacy Standards if used or further disclosed by the Covered Entity in such manner, except that Business Associate may use PHI received by Business Associate in performing the services hereunder as necessary: (i) for the proper management and administration of the Business Associate; or (ii) to carry out the legal responsibilities of the Business Associate; or (iii) to provide data aggregation services relating to the health care operations of Covered Entity.
    2. Business Associate may disclose PHI for the reasons set forth in items (i) or (ii) of the immediately preceding subsection, if: (i) the disclosure is required by law, or (ii) the Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that the PHI will be held confidentially and not used or further disclosed, except for the purpose for which it was disclosed to the person or as required by law, and the person notifies the Business Associate of any instances of which the person is aware in which the confidentiality of the PHI has been breached.
  2. Limitation on Use and Appropriate Safeguards. Business Associate will not use or further disclose PHI except as permitted by this Agreement or as required by law, and will use appropriate safeguards to prevent any use or disclosure of PHI other than as permitted by this Agreement or as required by law.
  3. Report of Breach. Business Associate will report to Covered Entity any use or disclosure of PHI not permitted by this Agreement immediately upon becoming aware of such use or disclosure.
  4. Agents, Subcontractors. Business Associate will enter into an Assurance Agreement with any agents, including any subcontractor, to whom it provides PHI, in which that person(s) agrees to the same restrictions and conditions that apply to the Business Associate with respect to such information.
  5. Access to PHI. Business Associate will make available PHI to individuals in accordance with 45 C.F.R. § 164.524.
  6. Amendment to PHI. Business Associate will make available PHI for amendment and incorporate any amendments to PHI in accordance with 45 C.F.R. § 164.526.
  7. Accounting of PHI. Business Associate will make available the information required to provide an accounting of disclosures in accordance with 45 C.F.R. § 164.528.
  8. Availability of Books and Records to Secretary. Business Associate will make its internal practices, books, and records relating to the use and disclosure of PHI received from, created by, or received by the Business Associate on behalf of the Covered Entity available to the Secretary of the United States Department of Health and Human Services for purposes of determining the Covered Entity’s compliance with the HIPAA Privacy Standards.
  9. Termination.
    1. This Agreement will terminate automatically when Business Associate ceases to perform the Services.
    2. This agreement may be terminated by Covered Entity upon 30 days’ prior written notice to Business Associate.
    3. Covered Entity may terminate this Agreement immediately upon written notice to the Business Associate, if the Covered Entity determines that Business Associate has breached or violated a material term of this Agreement.
    4. Business Associate will, upon termination of this Agreement, if feasible, return or destroy all PHI received from, or created or received by the Business Associate on behalf of the Covered Entity that the Business Associate still maintains in any form, and will retain no copies of such PHI. If return or destruction is not feasible, Business Associate agrees to extend the protections of this Agreement to such PHI and limit all further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible.
  10. Covered Entity’s Access to Facilities, Books and Records. Business Associate will, upon reasonable request, give Covered Entity access for inspection and copying to Business Associate’s facilities used for the maintenance or processing of PHI, and to its books, records, practices, policies, and procedures concerning the use and disclosure of PHI, for the purpose of determining Business Associate’s compliance with this Agreement.
  11. Entire Agreement; Amendment. This Agreement constitutes the entire agreement of the parties and supersede and render null and void all prior agreements between the Parties with respect to the subject matter hereof. No amendments or additions to this Agreement will be binding unless they are in writing and signed by the Parties.
  12. Severability. In the event any term or provision of this Agreement is rendered invalid or unenforceable by any valid act of Congress or the state legislature, or by any regulation duly promulgated by officers of the United States or the State of South Dakota acting in accordance with law, or is held by any court of competent jurisdiction to be invalid, void, or unenforceable, the remaining provisions of this Agreement will remain in full force and effect.
  13. Miscellaneous. This Agreement is binding upon and for the benefit of the Parties, their successors, and assigns; provided that neither Party may assign their rights or obligations under this Agreement without the prior written consent of the other Party, except that Covered Entity may assign this Agreement to an affiliate or successor of Covered Entity without the consent of Business Associate.
  14. Governing Law and Forum Selection. This Agreement is governed by and construed in accordance with the substantive laws of the South Dakota without regard to conflicts of law principles. The parties agree that any appropriate state court sitting in Pennington County, South Dakota or any Federal Court sitting in Rapid City, South Dakota shall have exclusive jurisdiction of any case or controversy arising under or in connection with this Agreement and shall be a proper forum in which to adjudicate such case or controversy. Each party irrevocably consents to the jurisdiction of such courts, and irrevocably waives, to the fullest extent permitted by law, the defense of an inconvenient forum to the maintenance of such suit, action, or proceeding in any such court and further waives the right to object, with respect to such suit, action, or proceeding, that such court does not have jurisdiction over such party.
  15. Remedies. Business Associate agrees that monetary damages would be inadequate to compensate the Covered Entity for any breach by the Business Associate of its covenants and agreements set forth herein. Accordingly, Business Associate agrees and acknowledges that any such breach or threatened breach will cause irreparable injury to the Covered Entity and that, in addition to any other remedies that may be available, in law, in equity or otherwise, the Covered Entity is entitled to obtain injunctive relief against the breach or threatened breach of this Agreement or the continuation of any such breach by the receiving party, without the necessity of proving actual damages.
  16. Waiver. Delay or failure to exercise any right or remedy hereunder will not impair such right or remedy, or be construed as a waiver thereof or an acquiescence to a breach of this Agreement. Any single or partial exercise of any right or remedy will not preclude any other or further exercise thereof or the exercise of any other right or remedy.
  17. Paragraph Headings. The paragraph headings in this Agreement are for convenience only. They form no part of this Agreement and do not affect its interpretation.
  18. Counterparts. This Agreement may be executed in any number of counterparts, each of which will be deemed an original, but all of which together constitute one original Agreement. Facsimile or electronically authenticated signatures are accepted and enforceable in lieu of original signatures. Each party represents and warrants that it has the authority to execute and bind the party to this Agreement.

IN WITNESS WHEREOF, the undersigned have executed this Agreement as of the day and year first written above.

 

Grahek (Business Associate):

Dated this April 25, 2024

Grahek Enterprises, L.L.C D/B/A Grahek Technology

By: Chad Grahek

Its: President

 

Client (Covered Entity):

Dated this April 25, 2024

By:

Its:

 

 

Leave this empty:

Signature arrow sign here


Signature Certificate
Document name: Business Associate Agreement
lock iconUnique Document ID: b2e1e391f1b3dd0f03b95225a31253f305ba3b3a
Timestamp Audit
April 28, 2019 2:38 pm MDTBusiness Associate Agreement Uploaded by Chad Grahek - chad@grahektechnology.com IP 24.111.189.2
Audit trial Qr code
This audit trail report provides a detailed record of the online activity and events recorded for this document.
https://www.grahektechnology.com/
Audit Trail Serial# daf31a05629b9961c473fed527b9d807