Business Associate Agreement for BirdEye “Covered Entity” Customers
These Standard HIPAA Business Associate Agreement Terms and Conditions (“HIPAA Addendum”) shall be incorporated into the Master Service Agreement for Customers that are Covered Entities (as defined below) that provide Protected Health Information (“PHI”)(as defined below) to BirdEye in connection with the BirdEye For Local Business and Enterprise services they have purchased. These terms supplement the purchase agreement between BirdEye and Customers (“Underlying Agreement”) in order to comply with the federal Standards for Hipaa of Individually Identifiable Health Information, located at 45 C.F.R. Part 160 and Part 164, Subparts A through E (“Hipaa Rule”) and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the “HITECH Act”).
1. CATCH-ALL DEFINITIONS
The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
2. SPECIFIC DEFINITIONS
Terms used, but not otherwise defined, in this HIPAA Addendum shall have the same meaning as those terms in the Privacy Rule or the HITECH Act.
- “Breach” shall have the same meaning given to such term under 42 U.S.0 § 17921.
- “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean BirdEye.
- “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean [Insert Name of Covered Entity].
- “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
- “Individual” shall have the same meaning as the term “individual” in 45 C.F.R. §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
- “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of the Covered Entity.
- “Required by Law” shall have the same meaning as the term “required by law” in 45 C.F.R. §160.103.
- “Unsecured PHI” shall have the same meaning given to such term under the HITECH Act and any guidance issued pursuant to this act.