Welcome to www.portals.care (the “Website”). This HIPAA Business Associate Agreement (“BAA”) is entered into by and between AppGen Studio Inc. (“Business Associate, “CarePortals ”, “we”, “us”, or “our”) and you (“Covered Entity”), and is made effective as of the date of electronic acceptance. This BAA sets forth each party’s respective obligations regarding the Services and represents the entire agreement between you and CarePortals concerning the subject matter hereof.
The terms “you” or “your” shall refer to any individual or entity who accepts this BAA. Nothing in this BAA shall be deemed to confer any third-party rights or benefits.
We may, in our sole and absolute discretion, change or modify this BAA, any policies or agreements which are incorporated herein, and any limits or restrictions on the Services at any time, and such changes or modifications shall be effective immediately upon posting to the Website. Your use of the Website or the Services after such changes or modifications shall constitute your acceptance of this BAA and Service limitations as last revised. If you do not agree to be bound by this BAA and the Services limitations as last revised, do not continue to use this Website or the Services.
We may occasionally notify you of changes or modifications to this BAA by email. It is, therefore, very important that you keep your contact information current. We assume no liability or responsibility for your failure to receive an email notification if such failure results from an inaccurate email address.
The parties agree as follows:
For purposes of this BAA, any capitalized terms not otherwise defined herein will have the meaning given to them in the BAA and under HIPAA.
CarePortals and you will use appropriate safeguards designed to prevent against unauthorized use or disclosure of PHI, consistent with this BAA, and as otherwise required under the Security Rule, with respect to the Services.
CarePortals will promptly notify you following the discovery of a breach resulting in the unauthorized use or disclosure of PHI in violation of this BAA in the most expedient time possible under the circumstances, consistent with the legitimate needs of applicable law enforcement and applicable laws, and after taking any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the Services system by using commercially reasonable efforts to mitigate any further harmful effects to the extent practicable. You hereby agree that any such report, notification or other notice made pursuant to this BAA may be provided electronically. For clarity, you and not CarePortals are responsible for managing whether your end users are authorized to create, receive, maintain or transmit PHI within the Services, and CarePortals will have no obligations relating thereto. This Section will be deemed as notice to you that CarePortals periodically receives unsuccessful attempts for unauthorized access, use, disclosure, modification or destruction of information or interference with the general operation of CarePortals ’s information systems and the Services and even if such events are defined as a Security Incident under HIPAA, CarePortals will not provide any further notice regarding such unsuccessful attempts.
CarePortals will take appropriate measures to ensure that any agents and subcontractors used by CarePortals to perform its obligations under the BAA that require access to PHI on behalf of CarePortals are bound by written obligations that provide the same material level of protection for PHI as this BAA. To the extent CarePortals uses agents and subcontractors in its performance of obligations hereunder, CarePortals will remain responsible for their performance as if performed by CarePortals itself under this BAA.
CarePortals will make available to you the PHI via the Services so you may fulfill your obligation to give individuals their rights of access, amendment, and accounting in accordance with the requirements under HIPAA. You are responsible for managing your use of the Services to appropriately respond to such individual requests.
To the extent required by law, and subject to applicable attorney client privileges, CarePortals will make its internal practices, books, and records concerning the use and disclosure of PHI received from you, or created or received by CarePortals on behalf of you,, available to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) for the purpose of the Secretary determining compliance with this BAA.
We may share your Information with third parties so we can provide our services to you. If we need to share your Information with third parties, we will limit the Information to the minimum amount necessary to ensure the provision and quality of the Services we offer you. We share your Information with third parties as follows:
This BAA will expire upon the earlier of: (i) the termination or expiration of the Services to which this BAA applies; or (ii) your acceptance of an updated HIPAA business associate agreement that supersedes this BAA.
It is the parties’ intent that any ambiguity under this BAA be interpreted consistently with the intent to comply with applicable laws.