Business Associate Agreement (BAA)

Based on the sample Business Associate Agreement (BAA) provisions published by the United States Department of Health and Human Services (HHS), from January 2013

When is this BAA applicable?

Preliminary note: this Business Associate Agreement (BAA) shall not be used as a standalone binding agreement, and shall be incorporated into the relevant parties’ master agreement.

This Business Associate Agreement (“BAA”) forms part of the agreement between Kahun Medical Ltd. (“Business Associate“, “Company“, “we“, “us“, or “our“) and the partner entity specified in the order form or applicable agreement (“Covered Entity“, “Partner” “you“, or “your” and the “Agreement”, respectively). This BAA is designed to reflect the parties’ agreements and allocation of roles with regard to the Processing of Protected Health Information (as this term defined under HIPAA legislation). Both the Covered Entity and Business Associate shall be referred to as the “Parties” and each, a “Party”.

APPLICABILITY AND SCOPE

Applicability. This BAA and the obligations hereunder apply only to the extent that: (a) PHI or ePHI are shared by Covered Entity with Business Associate; and (b) the United States Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) applies to Partner and the Services rendered by Company, as those defined in the Agreement. 

This BAA does not apply to (a) aggregated reporting or statistics information; or (b) data that do not (or no longer) qualify as PHI or ePHI.

I. INTERPRETATION AND DEFINITIONS

1. The headings in this BAA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this BAA.

2. Terms used in their singular form include the plural and vice versa, as the context may require.  

3. Definitions:

3.1. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

3.2. “Authorized Affiliate” means any of Partner’s Affiliate(s) which is explicitly permitted to use the Services pursuant to the Agreement between the Parties, but has not signed its own agreement with Company, and is not a “Partner” as defined under the Agreement.

3.3. “Business Associate” means a person or entity, other than a member of the workforce of a Covered Entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information (PHI). A “Business Associate” also is a subcontractor that creates, receives, maintains, or transmits PHI on behalf of another Business Associate.

3.4. “Covered Entity” shall shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Partner.

3.5. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.

3.8. “Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.9. “Protected/Personal Health Information (PHI)” or “Electronic Protected/Personal Health Information (ePHI)” shall have the meaning given under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 in the United States, only to the extent of its applicability on the Agreement and respected Services (demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care);

3.10. “Services” means the technology, platform, solutions and related services provided by Company, in accordance with the terms of the Agreement;

II. Obligations and Activities of Business Associate

Business Associate agrees to:

(a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;

(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;

(c) Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;

(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information;

(e) Make available protected health information in a designated record set to the Covered Entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.524;

(f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR 164.526;

(g) Maintain and make available the information required to provide an accounting of disclosures to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.528;

(h)  To the extent the business associate is to carry out one or more of covered entity’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s); and

(i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.

III. Permitted Uses and Disclosures by Business Associate

(a) Business associate may only use or disclose protected health information as necessary to perform the Services, as instructed by the covered entity and as stipulated in Annex A of the DPA signed by the Parties (“Scope and nature of processing”). In addition, Business Associate is authorized to use protected health information to de-identify the information in accordance with 45 CFR 164.514(a)-(c).  

(b) Business Associate may use or disclose protected health information as required by law.

(c) Business Associate agrees to make uses and disclosures and requests for protected health information consistent with covered entity’s minimum necessary policies and procedures.

(d) Business associate may disclose protected health information for the proper management and administration of business associate or to carry out the legal responsibilities of the business associate, provided the disclosures are required by law, or business associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies business associate of any instances of which it is aware in which the confidentiality of the information has been breached.

(e) Business associate may provide data aggregation services relating to the health care operations of the covered entity.

V.  Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions

The Parties may choose to remove this Provision.

(a) Covered entity shall notify business associate of any limitation(s) in the notice of privacy practices of covered entity under 45 CFR 164.520, to the extent that such limitation may affect business associate’s use or disclosure of protected health information.

(b) Covered entity shall notify business associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect business associate’s use or disclosure of protected health information.

(c) Covered entity shall notify business associate of any restriction on the use or disclosure of protected health information that covered entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect business associate’s use or disclosure of protected health information.

VI. Permissible Requests by Covered Entity

Covered entity shall not request business associate to use or disclose protected health information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by covered entity, except for aggregation, statistics, management, administrations, development necessities and legal responsibilities of Business Associate.

VII. Term and Termination

(a) Term. The Term of this Agreement shall be effective as of the effective date stipulated in the order form, and shall terminate at the earliest of: (a) termination of the Agreement; (b) inapplicability of HIPAA. 

(b) Termination for Cause. Business associate authorizes termination of this Agreement by covered entity, if covered entity determines business associate has violated a material term of the Agreement and business associate has not cured the breach or ended the violation within 14 business days. 

(c) Obligations of Business Associate Upon Termination.

Upon termination of this Agreement for any reason, business associate shall return to covered entity or, if agreed to by covered entity, destroy all protected health information received from covered entity, or created, maintained, or received by business associate on behalf of covered entity, that the business associate still maintains in any raw form.  Business associate shall retain no copies of the protected health information; This excludes the usage or disclosure of protected health information (i) for business associate’s own management and administration or to carry out its legal responsibilities (ii) protected health information that was received directly by business associate with the end user’s consent for a specific purpose;  and the business associate needs to retain protected health information for such purposes after termination of the agreement.  

Upon termination of this Agreement for any reason, business associate, with respect to protected health information received from covered entity, or created, maintained, or received by business associate on behalf of covered entity, shall: (i) Retain only that protected health information which is necessary for business associate to continue its proper management and administration or to carry out its legal responsibilities; (ii) Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as business associate retains the protected health information; (iii) Not use or disclose the protected health information retained by business associate other than for the purposes for which such protected health information was retained and subject to the same conditions set out at “Permitted Uses and Disclosures By Business Associate” which applied prior to termination; and (iv) Return to covered entity or, if agreed to by covered entity, destroy, the protected health information retained by business associate when it is no longer needed by business associate for its proper management and administration or to carry out its legal responsibilities.

(d) Survival.  The obligations of business associate under this Section shall survive the termination of this Agreement.

VIII. Miscellaneous 

(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.

(b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law.

(c) Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Rules.

(d) Conflicting provisions. In case of any conflict between this BAA to the DPA, the latter shall prevail. In case of any conflict between the this BAA to a valid order form, the latter shall prevail.





THIRD-PARTY COMPONENTS  

  1. The Services may use, integrate, refer to or include third-party software, files and components that are subject to open source and/or third-party\license terms (“Third Party Components”). Your right to use such Third Party Components as part of, or in connection with, the Services is subject to any applicable acknowledgments and license terms accompanying such Third Party Components, contained therein or related thereto. If there is a conflict between the licensing terms of such Third Party Components and these Terms, the licensing terms of the Third Party Components shall prevail only in connection with the related Third Party Components. These Terms do not apply to any Third Party Components accompanying or contained in the Services and Kahun disclaims all liability related thereto. You acknowledge that Kahun is not the author, owner or licensor of any Third Party Components and that Kahun makes no warranties or representations, express or implied, as to the quality, capabilities, operations, performance or suitability of Third Party Components. Under no circumstances shall the Services or any portion thereof (except for the Third Party Components contained therein) be deemed to be “open source” or “publicly available” software. 
  2. We may, from time to time, incorporate, test or utilize new technologies into the Services or only certain functions of the Services, for purposes of testing, enriching or enhancing the Services. For example, AI-Language Models (AILM) technologies, such as those developed by OpenAI. When doing so, we make sure to use such technologies for internal use so we can monitor the input and output they generate and test it in light of our technology and Services’ capabilities. If we present to you an output that was generated directly by such AILMs, we will indicate so in proximity to the output to allow you to use your best judgments when using the Services that incorporate such functionality. When such notification is provided, the following disclaimers shall be taken into consideration:
  • Not a substitute for professional judgment. Such output should not be considered a substitute for your, or HCP’s (if you are not one), personal or professional judgment.
  • Accuracy and reliability. While such tools strive to generate accurate and helpful output, they may occasionally produce incorrect or unreliable information. Any output should be evaluated critically, and you should independently verify any important or critical information from trusted sources (such as Kahun’s engine).
  • Responsibility. You must exercise your own responsibility when acting based on the output generated by these tools.

LINKS 

The Services may contain links to third-party sites or resources. We do not endorse and are  not responsible or liable for any content, advertising, products or other materials on or  available from external sites or resources linked to the Services. 

AVAILABILITY OF AND CHANGES TO THE SERVICES 

  1. The Services’ availability and functionality depend on various factors, such as communication networks, software, hardware, Kahun’s Service providers and contractors. Kahun will use reasonable efforts to maintain the availability of the Services but does not warrant or guarantee any specific level of availability of the Service. Kahun does not warrant or guarantee that the Services will operate and/or be available at all times without disruption or interruption, or that it will be immune from unauthorized access error-free. Kahun will not be liable to you or any third party as a result of Service interruptions.  
  2. Kahun reserves the right, at its sole discretion, to modify, correct, amend, enhance, improve,  make any other changes to, or discontinue, temporarily or permanently, the Services (or any  part thereof) with or without prior notice to you, at any time, and in such event, you will not be able to access your Account or any User Content uploaded to the Services. In addition, you hereby acknowledge that the Content available through the Services may be changed, modified, edited or extended in terms of content and form or removed at any time without any notice to you. You agree that Kahun shall not be liable to you or to any third party for any modification, suspension, error, malfunction or discontinuance of the Services (or any part thereof). 

DISCLAIMERS & DISCLAIMER OF WARRANTY 

  1. YOU HEREBY ACKNOWLEDGE THAT KAHUN DOES NOT ATTEMPT TO DIAGNOSE, TREAT, CURE, OR  PREVENT ANY DISEASE NOR DOES IT SUGGEST OR REPLACE ANY PROFESSIONAL HEALTH ADVICE. THE SERVICES, INCLUDING WITHOUT LIMITATION ANY CONTENT, DATA AND INFORMATION RELATED THERETO, ARE PROVIDED ON AN “AS IS” AND “AS  AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF TITLE OR NON-INFRINGEMENT OR IMPLIED WARRANTIES OF USE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE. KAHUN DISCLAIMS RESPONSIBILITY FOR ANY AND ALL  INFORMATION UPLOADED OR COMMUNICATED THROUGH THE SERVICES BY  USERS. 
  2. KAHUN AND ITS AFFILIATES AND/OR ITS SUBSIDIARIES, INCLUDING ANY OF THEIR  RESPECTIVE OFFICERS, DIRECTORS, SHAREHOLDERS, EMPLOYEES, SUBCONTRACTORS, AGENTS, PARENT COMPANIES, SUBSIDIARIES AND OTHER  AFFILIATES (COLLECTIVELY, “KAHUN AFFILIATES”), JOINTLY AND SEVERALLY,  DISCLAIM AND MAKE NO REPRESENTATIONS OR WARRANTIES AS TO THE USABILITY, ACCURACY, QUALITY, AVAILABILITY, RELIABILITY, SUITABILITY,  COMPLETENESS, TRUTHFULNESS, USEFULNESS, OR EFFECTIVENESS OF ANY CONTENT, DATA, RESULTS, OR OTHER INFORMATION OBTAINED OR GENERATED IN CONNECTION WITH YOUR OR ANY USER’S USE OF THE SERVICES.  
  3. KAHUN DOES NOT WARRANT THAT THE OPERATION OF THE SERVICES IS OR WILL BE SECURE, ACCURATE, COMPLETE, UNINTERRUPTED, WITHOUT ERROR, OR FREE  OF VIRUSES, WORMS, OTHER HARMFUL COMPONENTS, OR OTHER PROGRAM  LIMITATIONS. KAHUN MAY, AT ITS SOLE DISCRETION AND WITHOUT AN OBLIGATION  TO DO SO, CORRECT, MODIFY, AMEND, ENHANCE, IMPROVE AND MAKE ANY OTHER CHANGES TO THE SERVICES AT ANY TIME, OR DISCONTINUE DISPLAYING OR PROVIDING ANY CONTENT OR FEATURES WITHOUT ANY NOTICE TO YOU. 

LIMITATION OF LIABILITY 

  1. Kahun assumes no responsibility for any error, omission, interruption, deletion, defect, delay in operation or transmission, communications line failure, theft or destruction or unauthorized access to, or alteration of, any Content or the Service. Kahun is not responsible for any problems or technical malfunction of any network or lines, computer online systems, servers or providers, computer equipment, software, failure of any email due to technical problems or traffic congestion on the internet, on the Services, including any injury or damage to Users or to any person’s personal device related to or resulting from participation or downloading materials in connection with the Service. Under no circumstances shall Kahun be responsible for any loss or damage, including personal injury or death, resulting from the use of the Service, from any content posted on or through the Service, or from the conduct or misconduct of any users of the Service, whether online or offline. 
  2. IN NO EVENT SHALL KAHUN OR ANY OF ITS OFFICERS, DIRECTORS, EMPLOYEES,  AFFILIATES OR AGENTS BE LIABLE TO YOU FOR ANY DAMAGE OR DAMAGES WHATSOEVER,  INCLUDING WITHOUT LIMITATION, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR  CONSEQUENTIAL DAMAGES, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICES OR CONTENT THEREIN, WHETHER THE DAMAGES ARE  FORESEEABLE AND WHETHER OR NOT KAHUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SUCH LIMITATIONS, EXCLUSIONS AND  DISCLAIMERS SHALL APPLY TO ALL CLAIMS FOR DAMAGES, WHETHER BASED ON AN ACTION OF CONTRACT, WARRANTY, STRICT LIABILITY, NEGLIGENCE, TORT, OR  OTHERWISE. 
  3. YOU HEREBY ACKNOWLEDGE AND AGREE THAT THESE LIMITATIONS  OF LIABILITY ARE AGREED ALLOCATIONS OF RISK CONSTITUTING IN PART THE  CONSIDERATION FOR KAHUN’S SERVICES TO YOU, AND SUCH LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED  REMEDY, AND EVEN IF KAHUN AND/OR ANY KAHUN AFFILIATES HAS BEEN ADVISED  OF THE POSSIBILITY OF SUCH LIABILITIES AND/OR DAMAGES. THE FOREGOING  LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION AND IN NO EVENT SHALL KAHUN ‘S  CUMULATIVE LIABILITY TO YOU EXCEED THE AMOUNTS PAID TO KAHUN FOR THE USE OF THE  SERVICE. IF YOU HAVE NOT MADE ANY PAYMENTS TO KAHUN FOR THE USE OF THE  SERVICE, THEN KAHUN SHALL HAVE NO LIABILITY WHATSOEVER TOWARDS YOU.

INDEMNIFICATION 

You agree to indemnify, defend, and hold harmless Kahun and its respective employees,  directors, officers, subsidiaries, Kahun Affiliates, partners, subcontractors and agents of each, against any and all fines, claims, damages, or costs or expenses (including reasonable attorneys’  fees) that arise directly or indirectly from: (a) your use of the Services (or any part thereof); (b) breach of these Terms by you or anyone using your computer, mobile device or password; (c) any claim, loss or damage experienced from your use or attempted use of (or inability to use) the Service; (d) your violation of any law or regulation; (e) your infringement of any right of any  third party; (f) information you provide to or use in connection with the Services violating third  party intellectual property, privacy or other rights and (g) any other matter for which you are responsible hereunder or under law. You agree that your use of the Services shall be in compliance with all applicable laws, regulations and guidelines. 

NOTIFICATION OF INFRINGEMENT 

Notifications regarding any alleged data privacy or intellectual property infringement should be directed to the Kahun Legal Department by email addressed to legal@kahun.com. 

NO WAIVER  

The failure of Kahun to exercise or enforce any right conferred upon it hereunder shall not be  deemed to be a waiver of any such right nor shall it operate to bar the exercise or performance thereof at any time or times thereafter. A waiver of any right hereunder at any given time shall not be deemed a waiver thereof for any other time. 

SEVERABILITY  

If any provision of these Terms is held to be illegal, invalid, or unenforceable by a court of  competent jurisdiction, you and Kahun shall, if possible, agree on a legal, valid and  enforceable substitute provision that is as similar in effect to the deleted provision as  possible. The remaining portion of these Terms not declared illegal, invalid or unenforceable  shall, in any event, remain valid and effective for the term remaining unless the provision found illegal, invalid, or unenforceable goes to the essence of these Terms. 

NOTICES 

You agree that we may send notices to you by email at the email address you provide when registering to become a registered User of the Services (or which you later update). All notices to Kahun hereunder shall be in writing, personally delivered, by certified mail, return receipt requested, or by nationally recognized overnight delivery service or email: support@kahun.com. A notice shall be effective from the date of personal delivery or upon  receipt if sent by certified mail, and upon the date of sending if sent by fax or email. 

GOVERNING LAW AND VENUE 

These Terms, and the rights and remedies provided hereunder, and any and all claims,  disputes and controversies arising hereunder or related hereto and/or to the Services, their  interpretation, or the breach, termination or validity thereof, the relationships which result from these Terms, or any related transaction shall be governed by, construed under and enforced in all respects solely and exclusively in accordance with the laws of the State of Israel without reference to its conflict-of-laws principles, and shall be brought in, and you hereby consent to exclusive jurisdiction and venue in, the competent courts in Tel Aviv, Israel. 

RELATIONSHIP OF THE PARTIES

These Terms do not, and shall not be construed to create any relationship, partnership, joint  venture, employer-employee, agency, or franchisor-franchisee relationship between Kahun  and you. 

NO ASSIGNMENT 

Kahun may assign its rights and obligations hereunder and/or transfer ownership rights and  title in the Services to a third party at any time without your consent or prior notice to you.  Kahun may assign this agreement at any time to a subsidiary or parent company or to a  successor to its business as part of a merger or sale of substantially all of its assets. You may  not assign or transfer this Agreement without our prior written consent. Any attempted or actual  assignment thereof without Kahun’s prior explicit and written consent will be null and void. 

ENTIRE AGREEMENT 

  1. Unless explicitly specified otherwise in these Terms or any direct contract with us, these Terms constitute the entire terms and conditions between you and Kahun relating to the subject matter herein and supersede any and all prior or contemporaneous agreements,  understandings, promises, conditions, negotiations, covenants or representations, whether  written or oral, between Kahun and you, including, without limitation, those made by or  between any of our respective representatives, with respect to the Services and the Content. 
  2. You agree that you will make no claim at any time or place that these Terms have been orally  altered or modified or otherwise changed by oral communication of any kind or character. You  further agree that you are not relying upon any promise, inducement, representation,  statement, disclosure or duty of disclosure of Kahun in entering into these Terms. 

CONTACT US 

For any questions or comments, or to report violations of the Terms, let  us know by contacting us at: support@kahun.com. 

Mapped medical knowledge at your fingertips
AboutTechnologySolutions
NewsRequest a DemoContact Us
© 2024 Kahun Ltd. All rights reserved.
Trust CenterPrivacy PolicyTerms of ServiceCookies Settings