Accurecord AI Business Associate Agreement (BAA)

This Business Associate Agreement (“BAA”) is entered into by and between Accurecord AI, having an address at 309 Old County Rd Apt 246, Belmont, CA 94002 (“Business Associate”), and each customer of Accurecord AI that is a Covered Entity or an existing Business Associate of a Covered Entity under HIPAA (“Covered Entity” or “Customer”), and is effective as of the date it is fully executed by both parties (the “Effective Date”). This BAA may be incorporated into and is made part of the underlying service agreement between Business Associate and Covered Entity (the “Service Agreement”) solely with respect to the parties’ handling of Protected Health Information. In the event of any conflict between this BAA and the Service Agreement regarding the use or disclosure of PHI, the terms of this BAA shall control. RECITALS: • Covered Entity is subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its regulations, including the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Parts 160 and 164 (collectively, “HIPAA”). • Business Associate provides certain services (Accurecord AI’s coding platform and related services) to Covered Entity under the Service Agreement, which may involve the creation, receipt, maintenance, or transmission of Protected Health Information (“PHI”) on behalf of Covered Entity. Therefore, Business Associate is a “business associate” as defined by HIPAA (45 C.F.R. §160.103). • The parties enter into this BAA to establish the terms under which Business Associate may Use or Disclose PHI provided by or on behalf of Covered Entity, consistent with the requirements of HIPAA and applicable law. NOW, THEREFORE, in consideration of the mutual promises and agreements below and in the Service Agreement, the parties agree as follows: 1. Definitions Unless otherwise defined in this BAA, all capitalized terms have the meanings set forth in HIPAA or the Service Agreement (as applicable). 2. Permitted Uses and Disclosures of PHI Business Associate may Use or Disclose PHI solely for the purpose of providing services to or on behalf of Covered Entity as described in the Service Agreement and only as permitted by HIPAA and this BAA. 3. Obligations of Business Associate Business Associate agrees to implement appropriate safeguards, report breaches without unreasonable delay (no later than five (5) calendar days after discovery), ensure subcontractors agree to equivalent protections, and assist Covered Entity with HIPAA-required requests and reporting. 4. Obligations of Covered Entity Covered Entity will provide required notices and limitations, not request impermissible uses/disclosures, and disclose only the minimum necessary PHI. 5. Term and Termination This BAA remains effective for the duration of the Service Agreement and so long thereafter as Business Associate retains any PHI, and requires return or destruction of PHI upon termination when feasible. 6. Miscellaneous Regulatory references, amendments for compliance, interpretation, notices, governing law, counterparts, and related provisions apply. IN WITNESS WHEREOF, the parties hereto have executed this Business Associate Agreement as of the dates set forth below. Covered Entity: Customer Name By: ______________________________________ Name: Print Name Title: Title Date: _______________ Business Associate: Accurecord AI By: ______________________________________ Name: Print Name of Authorized Signatory Title: Title Date: _______________