Nesoi, LLC (“Company” “we,” or “us”) owns and operates the NoteMasterMD web application (the “Application”). Your access and use of the Application, any part thereof, or anything associated therewith, including its content (“Content”), any affiliated website, and any affiliated software owned or operated by Company (collectively, including the Content, the “Service”) are governed by these Terms and Conditions (“Terms and Conditions” or “Agreement”). These Terms and Conditions set forth the important terms you will need to know about the Service. In this Agreement, the terms “you” and “yours” refer to the person using the Service. These Terms and Conditions are subject to change as described herein. If you do not agree with these Terms and Conditions, do not use the Application.
Your access to and use of the Service is subject to these Terms and Conditions, as well as all applicable laws and regulations. By accessing, visiting, downloading, registering for, or using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and Conditions, as well as our Privacy Policy and any additional policies referenced herein. If you do not accept and agree to be bound by this Agreement in its entirety, you are strictly prohibited from visiting, accessing, registering with and/or using the Service or any information or Content provided through the Service, except as necessary to review this Agreement. The Service is continually under development, and we reserve the right to revise or remove any part of this Agreement or the Service in our sole discretion at any time and without prior notice to you. Any changes to this Agreement are effective upon posting to the Application. Unless otherwise indicated, any new Content added to the Service is also subject to this Agreement upon posting to the Application. If you disagree with this Agreement or any terms or conditions herein, your sole remedy is to discontinue your use of the Service. Your continued use after a change to this Agreement has been posted constitutes your acceptance of this Agreement, including any updates or modifications that may be made from time to time.
The Service and Content made available through the Service are protected by U.S. and foreign intellectual property laws, including copyright, trademarks, service marks, patents or other proprietary rights and laws. You agree that Company owns all rights, title and interest in the Service, including, without limitation, software, images, text, graphics, logos, patents, trademarks, service marks, copyrights, photographs, audio, videos and any and all related intellectual property rights and any suggestions, ideas, or other feedback provided by you are the sole and exclusive property of Company.
Subject to the limited rights expressly granted herein, Company grants you a limited, non-transferable, non-exclusive, revocable license to access and use the Service for your personal use. Unless otherwise specified by Company in a separate license, your right to use any of the Service or the Content is subject to this Agreement and all rights in the Service and Content are reserved by Company. No rights are granted to you hereunder other than expressly set forth herein.Certain Content available through the Application, including Current Procedural Terminology (CPT) codes and related materials, is licensed from the American Medical Association (“AMA”).
Such content is the proprietary property of the AMA and is protected by applicable intellectual property laws. You acknowledge that AMA holds all copyright, trademark and other rights in CPT. Your access to and use of AMA-licensed content is subject to the terms of the AMA’s license and is limited to your personal, non-commercial use solely in connection with the Application. You may not reproduce, distribute, transfer, modify, or create derivative works of any AMA-licensed content without the prior written consent of the AMA. No ownership rights in AMA-licensed content and related derivative products are transferred to you by virtue of your use of the Application.
Certain features, functionalities, or Content available through the Service may require a paid subscription. By purchasing a subscription, you obtain the right to access and use the Service during the active subscription period, subject to these Terms and Conditions. The license granted under these Terms remains valid only during the period in which your subscription is active. If your subscription expires, is canceled, or is terminated, your rights to access and use the applicable subscription features will immediately cease unless otherwise stated.
By enrolling in a subscription plan, you agree to pay all applicable fees associated with the selected plan. Your subscription begins on the date the initial payment is successfully processed and continues for the duration of the selected billing cycle. Unless otherwise specified at the time of purchase, subscriptions automatically renew at the end of each billing cycle for an additional term equal in length to the original subscription period. You may cancel your subscription at any time. Cancellation will take effect at the end of the current billing cycle unless otherwise required by applicable law. You will continue to have access to the Services until the end of the paid subscription period.
Except as required by applicable law, subscription fees are non-refundable. Company does not provide refunds or credits for partially used subscription periods. Company reserves the right to modify subscription pricing, features, or plans at any time. Continued use of the Services after the effective date of the price change constitutes your agreement to pay the updated fees.
You agree to use the Services only for lawful purposes and in accordance with these Terms and Conditions. You are prohibited from using or attempting to use the Service (i) for any unlawful, unauthorized, fraudulent or malicious purpose, (ii) in any manner that could damage, disable, overburden, or impair any server, or the network(s) connected to any server, (iii)in any manner that could interfere with any other party’s use and enjoyment of the Service, (iv) to gain unauthorized access to any other accounts, computer systems, or networks connected to any server or systems through hacking, password mining or any other means, (v) to access systems, data, or information not intended by Company to be made accessible to a user, (vi) to obtain any materials, or information through any means not intentionally made available by Company, (vii) to reverse engineer, disassemble or decompile any section or technology on the Service, (viii) to interfere with or disrupt the integrity or performance of the Services or any data contained therein, (ix) in any manner that could disable, overburden, damage, or impair the functionality, performance, or availability of the Services or (x) for any use other than the business purpose for which it was intended.
Company reserves the right to take whatever lawful actions it may deem appropriate in response to actual or suspected violations of the foregoing, including, without limitation, the suspension or termination of your access to the Service. Company may cooperate with legal authorities and/or third parties in the investigation of any suspected or alleged crime or civil wrong.
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL Company, ITS AFFILIATES AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR PARTNERS BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY AND CONSEQUENTIAL DAMAGES, PERSONAL OR BODILY INJURY, EMOTIONAL DISTRESS, OR WRONGFUL DEATH, LOSS OF DATA, LOST PROFITS OR REVENUES, BUSINESS INTERRUPTIONS, OR DAMAGES RESULTING FROM THE USE OF OR INABILITY TO USE THE SERVICE, INCLUDING ANY INFORMATION AND CONTENT MADE AVAILABLE THROUGH THE SERVICE OR ANY SERVICES PERFORMED OR PRODUCTS OFFERED BY THIRD-PARTIES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT Company HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Company SHALL BE LIABLE ONLY TO THE EXTENT OF ACTUAL DAMAGES INCURRED BY YOU, NOT TO EXCEED U.S. $1,000.00.
THE EXCLUSIONS IN THIS SECTION WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW. ANY CLAIMS ARISING IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE SERVICE OR CONTENT MUST BE BROUGHT WITHIN ONE (1) YEAR OF THE DATE OF THE EVENT GIVING RISE TO SUCH ACTION OCCURRED.
You acknowledge that certain information you enter into the Application in connection with your use of the Service, including patient data, clinical notes, diagnostic information, and other health-related records, may constitute Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). To the extent that the Company creates, receives, maintains, or transmits PHI on your behalf in connection with the Service, the Company acts as a “Business Associate” as that term is defined under HIPAA. The Company is committed to maintaining compliance with all applicable HIPAA requirements in its capacity as a Business Associate, including implementing appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.
The collection, use, storage, and disclosure of PHI through the Application is governed by the Business Associate Agreement (“BAA”) attached hereto as Exhibit A and incorporated herein by reference. By accessing or using the Service in any capacity that involves the entry or processing of PHI, you agree to be bound by the terms of the BAA. In the event of any conflict between these Terms and Conditions and the BAA with respect to the handling of PHI, the terms of the BAA shall control.For the avoidance of doubt, this Section and the BAA govern the handling of PHI entered into the Application. The collection and use of personal information provided in connection with account registration and subscription management is governed separately by the Company’s Privacy Policy.
THE SERVICE AND THE CONTENT IS PROVIDED ON AN “AS IS” OR “AS AVAILABLE” BASIS. ANY ACCESS TO OR USE OF THE SERVICE IS VOLUNTARY AND AT THE SOLE RISK OF THE USER. Company, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, FITNESS FOR PARTICULAR PURPOSE, AND ANY OTHER WARRANTY, WHETHER ORAL OR WRITTEN, WITH REGARD TO THE SERVICE, THE CONTENT, OR ANY OTHER INFORMATION OR MATERIAL PROVIDED ON OR THROUGH THE SERVICE. Company AND ITS AFFILIATES AND THEIR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND PARTNERS SHALL NOT BE HELD RESPONSIBLE FOR ANY ACTION TAKEN BY YOU OR OTHERS THAT IS BASED ON THE CONTENT PRESENTED THROUGH THE SERVICE AND MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE SERVICE WILL FUNCTION WITHOUT DELAYS, DISRUPTIONS, INTERFERENCES, IMPERFECTIONS, CORRUPTION, CYBER ATTACK, VIRUSES, MALWARE, OR ANY ADVERSE INCIDENT. Company DOES NOT WARRANT OR GUARANTEE THE ACCURACY, COMPLETENESS, RELIABILITY, TIMELINESS OR USEFULNESS OF THE SERVICE OR THE CONTENT.
Content and other information contained on the Service is provided by Company as a convenience. The Services, including the Content, any information, recommendations, insights, or materials are intended for informational purposes only. The Services are not intended to provide medical advice, diagnosis, or treatment, and are not a substitute for professional medical advice, diagnosis, or treatment from a qualified healthcare provider. Reliance on any information or Content provided through the Service is solely at your own risk. The Company does not guarantee the accuracy, completeness, reliability, or suitability of any health-related information provided through the Service.
You agree to defend, indemnify, and hold Company and its affiliates and their respective officers, directors, employees, agents, and partners, harmless from and against any and all suits, actions, claims, proceedings, damages, settlements, judgments, injuries, liabilities, obligations, losses, risks, costs, and expenses (including, without limitation, attorneys’ fees and litigation expenses) relating to or arising from (i) your use of the Service, (ii) your violation of this Agreement, (iii) your use of the Service in an unauthorized manner, or (iv) your violation of any rights of any other person or entity.
We reserve the right to control the defense of any claim by a third-party for which we are entitled to indemnification, and you agree to provide us with such cooperation as is reasonably requested by us.
These Terms and Conditions, the Company Privacy Policy and any other agreements incorporated by reference herein constitute the entire agreement between you and Company with respect to the use of the Services. These Terms and Conditions and your use of the Service are governed by the laws of the State of New Mexico, without respect to its conflict of law principles. You expressly agree that exclusive jurisdiction for any dispute with Company or in any way relating to your use of the Service, resides in the courts of the State of New Mexico and you further agree and expressly consent to the exercise of personal jurisdiction in the courts of the State of New Mexico in connection with any such dispute.
If any provision of these Terms and Conditions is found to be invalid or unenforceable by any court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms and Conditions, which shall remain in full force and effect. No waiver of any of these Terms and Conditions shall be deemed a further or continuing waiver of such term or condition or any other term or condition.
Upon termination of these Terms of Use, any provision that by its nature or express terms should survive, will survive such termination. You may not assign or transfer your rights or obligations under these Terms and Conditions without our prior written consent, and any assignment or transfer in violation of these provisions shall be null and void. Subject to the foregoing, these Terms and Conditions will bind and insure to the benefit of the parties, their successors and permitted assignments.If you have any questions or concerns about this Agreement, please contact us by email at support@notemastermd.com Effective Date: 4/8/2026
This BUSINESS ASSOCIATE AGREEMENT (the “BAA”) is made and entered into as of ______________ by and between, ______________, a ______________ organized under the laws of the ______________ (“Covered Entity”) and, Nesoi, LLC, a Limited Liability Company organized under the laws of New Mexico (“Business Associate”), in accordance with the meaning given to those terms at 45 CFR §164.501). In this BAA, Covered Entity and Business Associate are each a “Party” and, collectively, are the “Parties”.
- Covered Entity is either a “covered entity” or “business associate” of a covered entity as each are defined under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended by the HITECH Act (as defined below) and the related regulations promulgated by HHS (as defined below) (collectively, “HIPAA”) and, as such, is required to comply with HIPAA’s provisions regarding the confidentiality and privacy of Protected Health Information (as defined below);
- The Parties have entered into or will enter into one or more agreements under which Business Associate provides or will provide certain specified services to Covered Entity (collectively, the “Agreement”);
- In providing services pursuant to the Agreement, Business Associate will have access to Protected Health Information;By providing the services pursuant to the Agreement, Business Associate will become a “business associate” of the Covered Entity as such term is defined under HIPAA;
- Both Parties are committed to complying with all federal and state laws governing the confidentiality and privacy of health information, including, but not limited to, the Standards for Privacy of Individually Identifiable Health Information found at 45 CFR Part 160 and Part 164, Subparts A and E (collectively, the “Privacy Rule”); and
- Both Parties intend to protect the privacy and provide for the security of Protected Health Information disclosed to Business Associate pursuant to the terms of this Agreement, HIPAA and other applicable laws.
NOW, THEREFORE, in consideration of the mutual covenants and conditions contained herein and the continued provision of PHI by Covered Entity to Business Associate under the Agreement in reliance on this BAA, the Parties agree as follows:
• Definitions. For purposes of this BAA, the Parties give the following meaning to each of the terms in this Section 1 below. Any capitalized term used in this BAA, but not otherwise defined, has the meaning given to that term in the Privacy Rule or pertinent law.
- “Affiliate” means a subsidiary or affiliate of Covered Entity that is, or has been, considered a covered entity, as defined by HIPAA.
- “Breach” means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI, as defined in 45 CFR §164.402.
- “Breach Notification Rule” means the portion of HIPAA set forth in Subpart D of 45 CFR Part 164.
- “Data Aggregation” means, with respect to PHI created or received by Business Associate in its capacity as the “business associate” under HIPAA of Covered Entity, the combining of such PHI by Business Associate with the PHI received by Business Associate in its capacity as a business associate of one or more other “covered entity” under HIPAA, to permit data analyses that relate to the Health Care Operations (defined below) of the respective covered entities. The meaning of “data aggregation” in this BAA shall be consistent with the meaning given to that term in the Privacy Rule.
- “Designated Record Set” has the meaning given to such term under the Privacy Rule, including 45 CFR §164.501.B.
- “De-Identify” means to alter the PHI such that the resulting information meets the requirements described in 45 CFR §§164.514(a) and (b).
- “Electronic PHI” means any PHI maintained in or transmitted by electronic media as defined in 45 CFR §160.103.
- “Health Care Operations” has the meaning given to that term in 45 CFR §164.501.
- “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, Public Law 111-005.
- “Individual” has the same meaning given to that term i in 45 CFR §§164.501 and 160.130 and includes a person who qualifies as a personal representative in accordance with 45 CFR§164.502(g).
- “Privacy Rule” means that portion of HIPAA set forth in 45 CFR Part 160 and Part 164, Subparts A and E.
- “Protected Health Information” or “PHI” has the meaning given to the term “protected health information” in 45 CFR §§164.501 and 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
- “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
- “Security Rule” means the Security Standards for the Protection of Electronic Health Information provided in 45 CFR Part 160 & Part 164, Subparts A and C.
- “Unsecured Protected Health Information” or “Unsecured PHI” means any “protected health information” as defined in 45 CFR §§164.501 and 160.103 that is not rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the HHS Secretary in the guidance issued pursuant to the HITECH Act and codified at 42 USC §17932(h).
- Except as otherwise provided in this BAA, Business Associate may use or disclose PHI as reasonably necessary to provide the services described in the Agreement to Covered Entity, and to undertake other activities of Business Associate permitted or required of Business Associate by this BAA or as required by law.
- Except as otherwise limited by this BAA or federal or state law, Covered Entity authorizes Business Associate to use the PHI in its possession for the proper management and administration of Business Associate’s business and to carry out its legal responsibilities. Business Associate may disclose PHI for its proper management and administration, provided that (i) the disclosures are required by law; or (ii) Business Associate obtains, in writing, prior to making any disclosure to a third party (a) reasonable assurances from this third party that the PHI will be held confidential as provided under this BAA and used or further disclosed only as required by law or for the purpose for which it was disclosed to this third party and (b) an agreement from this third party to notify Business Associate immediately of any breaches of the confidentiality of the PHI, to the extent it has knowledge of the breach.
- Business Associate will not use or disclose PHI in a manner other than as provided in this BAA, as permitted under the Privacy Rule, or as required by law. Business Associate will use or disclose PHI, to the extent practicable, as a limited data set or limited to the minimum necessary amount of PHI to carry out the intended purpose of the use or disclosure, in accordance with Section 13405(b) of the HITECH Act (codified at 42 USC §17935(b)) and any of the act’s implementing regulations adopted by HHS, for each use or disclosure of PHI.
- Upon request, Business Associate will make available to Covered Entity any of Covered Entity’s PHI that Business Associate or any of its agents or subcontractors have in their possession.
- Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).
Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as provided by the Agreement or this BAA and Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate agrees to take reasonable steps, including providing adequate training to its employees to ensure compliance with this BAA and to ensure that the actions or omissions of its employees or agents do not cause Business Associate to breach the terms of this BAA.
Business Associate will report to Covered Entity in writing any use or disclosure of PHI not provided for by this BAA of which it becomes aware and Business Associate agrees to report to Covered Entity any Security Incident affecting Electronic PHI of Covered Entity of which it becomes aware. Business Associate agrees to report any such event within five business days of becoming aware of the event.
Business Associate will notify Covered Entity in writing promptly upon the discovery of any Breach of Unsecured PHI in accordance with the requirements set forth in 45 CFR §164.410, but in no case later than 30 calendar days after discovery of a Breach. Business Associate will reimburse Covered Entity for any costs incurred by it in complying with the requirements of Subpart D of 45 CFR §164 that are imposed on Covered Entity as a result of a Breach committed by Business Associate.
Business Associate will take reasonable measures to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of any use or disclosure of PHI by Business Associate or its agents or subcontractors in violation of the requirements of this BAA.
Business Associate will ensure that any of its agents or subcontractors that have access to, or to which Business Associate provides, PHI agree in writing to the restrictions and conditions concerning uses and disclosures of PHI contained in this BAA and agree to implement reasonable and appropriate safeguards to protect any Electronic PHI that it creates, receives, maintains or transmits on behalf of Business Associate or, through the Business Associate, Covered Entity.
Business Associate shall notify Covered Entity, or upstream Business Associate, of all subcontracts and agreements relating to the Agreement, where the subcontractor or agent receives PHI as described in section 1.M. of this BAA. Such notification shall occur within 30 (thirty) calendar days of the execution of the subcontract by placement of such notice on the Business Associate’s primary website. Business Associate shall ensure that all subcontracts and agreements provide the same level of privacy and security as this BAA.
Upon request, Business Associate will provide Covered Entity, or upstream Business Associate, with a copy of its most recent independent HIPAA compliance report (AT-C 315), HITRUST certification or other mutually agreed upon independent standards based third party audit report. Covered entity agrees not to re-disclose Business Associate’s audit report.
- Upon request, Business Associate agrees to furnish Covered Entity with copies of the PHI maintained by Business Associate in a Designated Record Set in the manner designated by Covered Entity and upon a mutually agreeable time to enable Covered entity to respond to an Individual’s request for access to PHI under 45 CFR §164.524.
- In the event any Individual or personal representative requests access to the Individual’s PHI directly from Business Associate, Business Associate within ten business days, will forward that request to Covered Entity. Any disclosure of, or decision not to disclose, the PHI requested by an Individual or a personal representative and compliance with the requirements applicable to an Individual’s right to obtain access to PHI shall be the sole responsibility of Covered Entity.
- Upon request and instruction from Covered Entity, Business Associate will amend PHI or a record about an Individual in a Designated Record Set that is maintained by, or otherwise within the possession of, Business Associate as directed by Covered Entity in accordance with procedures established by 45 CFR §164.526. Any request by Covered Entity to amend such information will be completed by Business Associate within 15 business days of Covered Entity’s request.
- In the event that any Individual requests that Business Associate amend such Individual’s PHI or record in a Designated Record Set, Business Associate within ten business days will forward this request to Covered Entity. Any amendment of, or decision not to amend, the PHI or record as requested by an Individual and compliance with the requirements applicable to an Individual’s right to request an amendment of PHI will be the sole responsibility of Covered Entity.
- Business Associate will document any disclosures of PHI made by it to account for such disclosures as required by 45 CFR §164.528(a). Business Associate also will make available information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosures in accordance with 45 CFR §164.528. At a minimum, Business Associate will furnish Covered Entity the following with respect to any covered disclosures by Business Associate: (i) the date of disclosure of PHI; (ii) the name of the entity or person who received PHI, and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure which includes the basis for such disclosure.
- Business Associate will furnish to Covered Entity information collected in accordance with this Section 10, within ten business days after written request by Covered Entity, to permit Covered Entity to make an accounting of disclosures as required by 45 CFR §164.528, or in the event that Covered Entity elects to provide an Individual with a list of its business associates, Business Associate will provide an accounting of its disclosures of PHI upon request of the Individual, if and to the extent that such accounting is required under the HITECH Act or under HHS regulations adopted in connection with the HITECH Act.
- In the event an Individual delivers the initial request for an accounting directly to Business Associate, Business Associate will within ten business days forward such request to Covered Entity.
Business Associate will make available its internal practices, books, agreements, records, and policies and procedures relating to the use and disclosure of PHI, upon request, to the Secretary of HHS for purposes of determining Covered Entity’s and Business Associate’s compliance with HIPAA, and this BAA.
With regard to the use and/or disclosure of Protected Health Information by Business Associate, Covered Entity agrees to:
- Notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
- Notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.
- Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
- Except for data aggregation or management and administrative activities of Business Associate, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA if done by Covered Entity.
Business Associate’s data stewardship does not confer data ownership rights on Business Associate with respect to any data shared with it under the Agreement, including any and all forms thereof.
- This BAA will become effective on the date first written above, and will continue in effect until all obligations of the Parties have been met under the Agreement and under this BAA.
- Covered Entity may terminate immediately this BAA, the Agreement, and any other related agreements if Covered Entity makes a determination that Business Associate has breached a material term of this BAA and Business Associate has failed to cure that material breach, to Covered Entity’s reasonable satisfaction, within 30 days after written notice from Covered Entity. Covered Entity may report the problem to the Secretary of HHS if termination is not feasible.
- If Business Associate determines that Covered Entity has breached a material term of this BAA, then Business Associate will provide Covered Entity with written notice of the existence of the breach and shall provide Covered Entity with 30 days to cure the breach. Covered Entity’s failure to cure the breach within the 30-day period will be grounds for immediate termination of the Agreement and this BAA by Business Associate. Business Associate may report the breach to HHS.
- Upon termination of the Agreement or this BAA for any reason, all PHI maintained by Business Associate will be returned to Covered Entity or destroyed by Business Associate. Business Associate will not retain any copies of such information. This provision will apply to PHI in the possession of Business Associate’s agents and subcontractors. If return or destruction of the PHI is not feasible, in Business Associate’s reasonable judgment, Business Associate will furnish Covered Entity with notification, in writing, of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of the PHI is infeasible, Business Associate will extend the protections of this BAA to such information for as long as Business Associate retains such information and will limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible. The Parties understand that this Section 14.D. will survive any termination of this BAA.
- This BAA is a part of and subject to the terms of the Agreement, except that to the extent any terms of this BAA conflict with any term of the Agreement, the terms of this BAA will govern.
- Except as expressly stated in this BAA or as provided by law, this BAA will not create any rights in favor of any third party.
A reference in this BAA to a section in HIPAA means the section as in effect or as amended at the time.
All notices, requests and demands or other communications to be given under this BAA to a Party will be made via either first class mail, registered or certified or express courier, or electronic mail to the Party’s address given below:
- If to Covered Entity, to:
Attn:
T:
E:
- If to Business Associate, to:
Attn:
Giorgio Vidali
T: 917-209-1074
E: support@notemastermd.com
This BAA may not be modified, nor will any provision be waived or amended, except in writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.
The Parties acknowledge that the HITECH Act includes significant changes to the Privacy Rule and the Security Rule. The privacy subtitle of the HITECH Act sets forth provisions that significantly change the requirements for business associates and the agreements between business associates and covered entities under HIPAA and these changes may be further clarified in forthcoming regulations and guidance. Each Party agrees to comply with the applicable provisions of the HITECH Act and any HHS regulations issued with respect to the HITECH Act. The Parties also agree to negotiate in good faith to modify this BAA as reasonably necessary to comply with the HITECH Act and its regulations as they become effective but, in the event that the Parties are unable to reach agreement on such a modification, either Party will have the right to terminate this BAA upon 30-days’ prior written notice to the other Party.
[The remainder of this page intentionally left blank; signatures on the following page]In light of the mutual agreement and understanding described above, the Parties execute this BAA as of the date first written above.
By: _____________________________
Covered Entity
Name:
Title: