HIPAA Business Associate Agreement

This Agreement is entered into on this _____________day of___________________________, 20______, between ________________________________________________________________________, hereinafter referred to as "Covered Entity" and Kendrick Information Technologies, hereinafter referred to as "Business Associate."

It is hereby Agreed by the two Parties named above, as follows:

1.  Covered Entity will make available and/or transfer to Business Associate certain confidential information, in conjunction with goods or services that are being provided by Business Associate to Covered Entity.  This information must be afforded special treatment and protection.
2.  Business Associate will have access to and/or receive from Covered Entity certain information that can be used or disclosed only in accordance with this Agreement and the Privacy Regulations of the U.S. Department of Health and Human Services.
3.  Business Associate hereby agrees that it shall be prohibited from using or disclosing the information provided or made available by the Covered Entity for any purpose other than as expressly permitted or required by this Agreement.
4.  The term of this Contract shall commence as of the date entered above (the Effective Date), and shall expire when all the information provided by Covered Entity to Business Associate is destroyed or returned to the Covered Entity.
5.  Business Associate shall be permitted to use and/or disclose information provided or made available from the Covered Entity for the following stated purposes:  computer and/or related information technology purposes.
6.  Business Associate is permitted to use information if necessary for the proper management and administration of Business Associate or to carry out legal responsibilities of Business Associate.
7.  Business Associate is permitted to disclose information received from Covered Entity for the proper management and administration of Business Associate or to carry out legal responsibilities of Business Associate, provided that the disclosure is required by law; or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that is will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, the person will use appropriate safeguards to prevent use or disclosure of the information, and the person immediately notifies the Business Associate of any instance of which it is aware in which the confidentiality of the information has been breached.
8.  Business Associate is also permitted to use or disclose information to provide data aggregation services relating to the healthcare operations of the Covered Entity.
9.  Business Associate will establish and maintain appropriate safeguards to prevent any disclosure of the information, other than as provided for by the contract.
10.  Business Associate hereby agrees that is shall immediately report to the Covered Entity any discovery use or disclosure of information not provided for or allowed by the contract.
11.  Business Associate hereby agrees that, anytime information is provided or made available to any subcontractors or agents, Business Associate must enter into a subcontract with the subcontractor or agent that contains the same terms, conditions, and restrictions on the use and disclosure of information as contained in this Agreement.  Business Associate must obtain the Covered Entity’s approval prior to entering into such agreements.
12.  Business Associate hereby agrees to make available and provide right of access to information by the individual, including substitution of the word “Covered Entity” with “Business Associate” where appropriate.
13.  Business Associate agrees to make information available for amendment and to incorporate any amendments to information, including substitution of the word “Covered Entity” with “Business Associate” where appropriate.
14.  Business Associate agrees to make information available as required to provide an accounting of disclosures, including substitution of the word “Covered Entity” with “Business Associate” where appropriate.
15.  Business Associate hereby agrees to make its internal practices, books and records relating to the use or disclosure of information received from, or created or received by, Business Associate on behalf of Covered Entity, available to the Secretary of Health and Human Services or the Secretary’s designee for the purpose of determining compliance with the privacy regulations.
16.  At termination of the contract, Business Associate hereby agrees to return or destroy all information received from, or created or received by, Business Associate on behalf of the Covered Entity.  Business Associate agrees not to retain any copies of the information after termination of the contract.  If return or destruction of the information is not feasible, Business Associate agrees to extend protections of the contract for as long as necessary to protect the information and to limit any further use or disclosure.  If Business Associate elects to destroy the information, it shall certify to the Covered Entity that the information has been destroyed.
17.  Business Associate agrees to have procedures in place for mitigating, to the maximum extent practicable, any deleterious effect from the use or disclosure of information in a manner contrary to the contract or the Privacy Regulations.
18.  Business Associate agrees and understands that it must develop and implement a system of sanctions for any employee, subcontractor or agent who violates this Agreement or the Privacy Regulations.
19.  The information shall be and remain the property of the Covered Entity.  Business Associate agrees that it acquires no title or rights to the information, including any de-identified information, as a result of the contract.
20.  Business Associate agrees that the Covered Entity has the right to immediately terminate the contract and seek relief if the Covered Entity determines that Business Associate has violated a material term of the contract.
21.  Any non-compliance by Business Associate with the contract or the privacy regulations will automatically be considered to be grounds for breach, if Business Associate knew and failed to immediately take reasonable steps to cure the non-compliance.
22.  Disputes.  Any controversy or claim arising out of or relating to the contract will be finally settled by compulsory arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association, except for injunctive relief as described below.
23.  Notwithstanding any rights or remedies provided for in the contract, the Covered Entity retains all rights to seek injunctive relief to prevent or stop the unauthorized use or disclosure of information by Business Associate or any agent, contractor or third party that received information from Business Associate.
24.  This Agreement shall be binding on the Parties and their successors, but neither Party may assign this agreement without the prior written consent of the other, which consent shall not be unreasonably withheld.
25.  The Parties agree to exercise good faith in the performance of this Agreement.
26.  Except as otherwise specified in this Agreement, if any legal action or other proceeding is brought for the enforcement of the contract, or because of an alleged dispute, breach, default, misrepresentation, or injunctive action, in connection with any of the provisions of this Agreement, each party shall bear its own legal expenses and the other cost incurred in that action or proceeding.
27.  This Agreement consists of this document and constitutes the entire agreement between the parties.  There are no understandings or agreements relating to this Agreement which are not fully expressed in the contract, and no change, waiver or discharge of obligations arising under the contract shall be valid unless in writing and executed by the party against whom such change, waiver or discharge is sought to be enforced.
In Witness Whereof, Covered Entity and Business Associate have caused this Agreement to be signed and delivered to their duly authorized representatives, as of the date set forth above.

COVERED ENTITY:                                                           BUSINESS ASSOCIATE:

By:_______________________________________        By:_________________________________

Print Name:________________________________         Print Name: Bobby Kendrick

Title:_____________________________________          Title: President/Owner