Business Associate Agreement

This Business Associate Agreement ("BAA") is entered into as of the date you accept our Terms of Service between Emma ("Business Associate") and the entity you represent ("Covered Entity").

1. Definitions

Terms used, but not otherwise defined, in this BAA shall have the same meaning as those terms in the HIPAA Rules.

2. Obligations of Business Associate

Business Associate agrees to:

• Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law.
• Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement.
• Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware.

3. Permitted Uses and Disclosures by Business Associate

Business Associate may only use or disclose protected health information as necessary to perform the services set forth in the Service Agreement.

4. Term and Termination

This BAA shall terminate when all protected health information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity.