Business Associate Agreement

Last updated: January 10, 2026

Download a copy of our standard Business Associate Agreement for your records.

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement ("Agreement") is entered into by and between the healthcare provider or entity identified in the subscription agreement ("Covered Entity") and Ascerta Inc. ("Business Associate").

RECITALS

WHEREAS, Covered Entity and Business Associate have entered into an agreement pursuant to which Business Associate provides billing audit and revenue recovery services to Covered Entity (the "Services Agreement"); and

WHEREAS, in connection with the Services Agreement, Business Associate may receive, create, maintain, or transmit Protected Health Information ("PHI") on behalf of Covered Entity; and

WHEREAS, the parties wish to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act");

NOW, THEREFORE, in consideration of the mutual promises and covenants contained herein, the parties agree as follows:

1. DEFINITIONS

Terms used but not otherwise defined in this Agreement shall have the same meaning as those terms in the HIPAA Rules, including:

  • "Breach" means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI.
  • "Protected Health Information" or "PHI" means individually identifiable health information transmitted or maintained in any form or medium.
  • "Security Incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

2. OBLIGATIONS OF BUSINESS ASSOCIATE

2.1 Permitted Uses and Disclosures

Business Associate agrees to use or disclose PHI only as permitted or required by this Agreement or as Required by Law.

2.2 Safeguards

Business Associate agrees to implement appropriate administrative, physical, and technical safeguards to prevent unauthorized use or disclosure of PHI, including:

  • Encryption of PHI at rest and in transit
  • Access controls and authentication mechanisms
  • Audit logging and monitoring
  • Regular security assessments
  • Employee training on HIPAA requirements

2.3 Reporting

Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement, any Security Incident, or any Breach of Unsecured PHI within twenty-four (24) hours of discovery.

2.4 Subcontractors

Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions and conditions that apply to Business Associate.

2.5 Access to PHI

Business Associate agrees to make PHI available to Covered Entity or individuals as required to satisfy Covered Entity's obligations under the HIPAA Rules.

2.6 Amendment of PHI

Business Associate agrees to make amendments to PHI as directed by Covered Entity or as required by the HIPAA Rules.

2.7 Accounting of Disclosures

Business Associate agrees to maintain and make available information required for Covered Entity to provide an accounting of disclosures.

3. OBLIGATIONS OF COVERED ENTITY

Covered Entity agrees to:

  • Notify Business Associate of any limitations in its notice of privacy practices
  • Notify Business Associate of any changes in, or revocation of, authorization by individuals
  • Notify Business Associate of any restrictions on the use or disclosure of PHI
  • Not request Business Associate to use or disclose PHI in any manner that would violate the HIPAA Rules

4. TERM AND TERMINATION

4.1 Term

This Agreement shall be effective as of the date of the Services Agreement and shall terminate when all PHI provided by Covered Entity to Business Associate is destroyed or returned.

4.2 Termination for Cause

Either party may terminate this Agreement if the other party materially breaches any provision of this Agreement and fails to cure such breach within thirty (30) days of notice.

4.3 Effect of Termination

Upon termination, Business Associate shall return or destroy all PHI received from Covered Entity. If return or destruction is not feasible, Business Associate shall extend the protections of this Agreement to such PHI.

5. MISCELLANEOUS

5.1 Regulatory References

A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.

5.2 Amendment

The parties agree to take such action as is necessary to amend this Agreement to comply with the requirements of the HIPAA Rules.

5.3 Survival

The respective rights and obligations of Business Associate under Section 4.3 shall survive the termination of this Agreement.

5.4 Interpretation

Any ambiguity in this Agreement shall be resolved to permit Covered Entity and Business Associate to comply with the HIPAA Rules.

Ready to Execute a BAA?

Contact our team to receive a customized Business Associate Agreement for your organization.