1. Purpose

This Business Associate Agreement ("Agreement") is entered into to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and their implementing regulations regarding the handling of Protected Health Information ("PHI").

2. Permitted Uses and Disclosures

Business Associate may use and disclose PHI solely to:

• Provide dental CAD design and digital workflow services to Covered Entity
• Perform proper management and administration of Business Associate
• Carry out legal responsibilities of Business Associate

Business Associate shall not use or disclose PHI in any manner that would violate the HIPAA Privacy Rule if done by Covered Entity.

3. Safeguards

Business Associate shall implement administrative, physical, and technical safeguards to protect PHI, including:

Administrative Safeguards

• Designated security official responsible for security policies
• Workforce training on PHI handling
• Access management procedures
• Regular risk assessments

Physical Safeguards

• Facility access controls
• Workstation security
• Device and media controls

Technical Safeguards

• Access controls including unique user identification
• Audit controls and activity logs
• Integrity controls for ePHI
• Transmission security including encryption

4. Breach Notification

Business Associate shall notify Covered Entity within seventy-two (72) hours of discovering any Breach of unsecured PHI. Such notification shall include:

• Identification of individuals affected
• Description of the PHI involved
• Date of the Breach and date of discovery
• Steps taken to mitigate harm
• Contact information for further inquiries

5. Subcontractors

Business Associate shall ensure that any subcontractor that creates, receives, maintains, or transmits PHI on behalf of Business Associate agrees to the same restrictions and conditions that apply to Business Associate under this Agreement.

6. Termination

Upon termination of this Agreement, Business Associate shall:

• Return or destroy all PHI received from Covered Entity
• Retain no copies of PHI except as required by law
• Certify destruction or return of PHI in writing

If return or destruction is not feasible, Business Associate shall extend the protections of this Agreement to retained PHI.

7. Governing Law

This Agreement shall be governed by the laws of the Province of Ontario, Canada, and applicable United States federal law including HIPAA and HITECH.

Contact Information