Sign Your BAA Online: HIPAA Compliance with SPARK Services

Business Associate Agreement

(HIPAA)

This Privacy Agreement ("Agreement"), is effective upon signing this Agreement and is entered into by and between ("Covered Entity") and SPARK I/T Services, LLC. (the "Business Associate").

I.Term. This Agreement shall remain in effect for the duration of this Agreement and shall apply to all of the Services and/or Supplies delivered by the Business Associate pursuant to this Agreement.

II.HIPAA Assurances. In the event Business Associate creates, receives, maintains, or otherwise is exposed to personally identifiable or aggregate patient or other medical information defined as Protected Health Information ("PHI") in the Health insurance portability and Accountability Act of 1996 or its relevant regulations ("HIPAA") and otherwise meets the definition of Business Associate as defined in the HIPAA PrivacyStandards (45 CFR Parts 160 and 164), Business Associate shall:

(a)Recognize that HITECH (the Health Information Technology for Economic and Clinical Health Act of 2009) and the regulations thereunder (including 45C.F.R. Sections 164.308, 164.310, 164.312, and 164.316), apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity;

(b)Not use or further disclose the PHI, except as permitted by law;

(c)Not use or further disclose the PHI in a manner that had the Covered Entitydone so, would violate the requirements of HIPAA;

(d)Use appropriate safeguards (including implementing administrative, physical, and technical safeguards for electronic PHI) to protect the confidentiality, integrity, and availability of and to prevent the use or disclosure of the PHI other than as provided for by this Agreement;

(e)Comply with each applicable requirements of 45 C.F.R. Part 162 if the Business Associate conducts Standard Transactions for or on behalf of the covered entity;

(f)Report promptly to the Covered Entity any security incident or other use or disclosure of PHI not provided for by this Agreement of which BusinessAssociate becomes aware;

(g)Ensure that any subcontractors or agents who receive or are exposed to PHI(whether in electronic or another format) are explained the Business Associate obligations under this paragraph and agree to the same restrictions and conditions;

(h)Make available PHI in accordance with the individual’s rights as required under the HIPAA regulations;

(i)Account for PHI disclosures for up to the past six (6) years as requested by Covered Entity, which shall include: (i) dates of disclosure, (ii) names of page 2 of 3

entities or persons who received the PHI, (iii) a brief description of the PHI disclosed, and (iv) a brief statement of the purpose and basis of such disclosure;

(j)Make its internal practices, books, and records that relate to the use and disclosure of PHI available to the U.S. Secretary of Health and Human Services for purposes of determining Customer’s compliance with HIPAA; and

(k)Incorporate any amendments or corrections to PHI when notified by Customer or enter into a Business Associate Agreement or other necessary Agreements to comply with HIPAA.

III.Termination Upon Breach of Provisions. Notwithstanding any other provision of this Agreement, Covered Entity may immediately terminate this Agreement if it determines that Business Associate breaches any term in this Agreement. Alternatively, the Covered Entity may give written notice to Business Associate in the event of a breach and give Business Associate five (5) business days to cure such breach. Covered Entity shall also have the option to immediately stop all further disclosures of PHI to BusinessAssociate if Covered Entity reasonably determines that Business Associate has breached its obligations under this Agreement. In the event that termination of this agreement and the Agreement is not feasible, the Business Associate hereby acknowledges that the Covered Entity shall be required to report the breach to the secretary of the U.S. Department of Health and Human Services, notwithstanding any other provision of this Agreement or Agreement to the contrary.

IV.Return or Destruction of Protected Health Information upon Termination. Upon the termination of this Agreement, unless otherwise directed by Covered Entity, Business Associate shall either return or destroy all PHI received from the covered entity or created or received by Business Associate on behalf of the Covered Entity in which Business Associate maintains in any form. Business Associate shall not retain any copies of such PHI. Notwithstanding the foregoing, in the event that BusinessAssociate determines that returning or destroying the Protected Health Information is infeasible upon termination of this Agreement, Business Associate shall provide to Covered Entity notification of the condition that makes return or destruction infeasible. To the extent that it is not feasible for Business Associate to return or destroy such PHI, the terms and provisions of this Agreement shall survive such termination or expiration and such PHI shall be used or disclosed solely as permitted by law for so long as

Business Associate maintains such Protected Health Information.

V.No Third-Party Beneficiaries. The parties agree that the terms of this Agreement shall apply only to themselves and are not for the benefit of any third-party beneficiaries.

VI.De-Identified Data. Notwithstanding the provisions of this Agreement, BusinessAssociate and its subcontractors may disclose non-personally identifiable information provided that the disclosed information does not include a key or other mechanism that would enable the information to be identified.

VII.Amendment. Business Associate and Covered Entity agree to amend thisAgreement to the extent necessary to allow either party to comply with the PrivacyPage 3 of 3

Standards, the Standards for Electronic Transactions, the Security Standards, or other relevant state or federal laws or regulations created or amended to protect the privacy of patient information. All such amendments shall be made in a writing signed by both parties.

VIII.Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the then most current version of HIPAA and the HIPAA privacy regulations.

IX.Definitions. Capitalized terms used in this Agreement shall have the meanings assigned to them as outlined in HIPAA and its related regulations.

X.Survival. The obligations imposed by this Agreement shall survive any expiration or

termination of this Agreement.

Leave this empty:

Your legal name

Your email address

Signed by Robert Allen
Signed On: August 9, 2021

Timestamp

Audit

April 29, 2021 10:31 pm CDT

Business Associate Agreement Uploaded by Robert Allen - notifications@sparkservices.net IP 64.207.237.91

Understanding the Business Associate Agreement (BAA)

The Business Associate Agreement (BAA) is a crucial document that outlines the responsibilities of a business associate regarding the handling of Protected Health Information (PHI). It serves to ensure that business associates comply with HIPAA regulations, safeguarding patient data while allowing healthcare providers to outsource certain services.

Under HIPAA, a business associate is any entity that performs functions on behalf of a covered entity that involves the use or disclosure of PHI. Examples include billing companies, IT service providers, and cloud storage services. The BAA establishes the terms of compliance, including how PHI is to be managed, the security measures in place, and the consequences of non-compliance.

Benefits of Using eSignature for BAAs

Utilizing an electronic signature for Business Associate Agreements streamlines the signing process, making it more efficient and secure. eSignatures eliminate the need for physical paperwork, allowing parties to sign documents from anywhere, which is especially beneficial in a fast-paced healthcare environment.

Moreover, eSignature solutions often include built-in security features such as encryption and authentication, ensuring that the signed documents are protected against unauthorized access. This not only enhances compliance with HIPAA standards but also provides a clear audit trail, demonstrating accountability and integrity in the handling of PHI.

How to Complete Your BAA eSignature

Completing your BAA eSignature is a straightforward process designed to ensure that you can sign the document securely and efficiently. Users simply need to fill out the required fields, review the terms, and click on the "Agree & Sign" button to finalize the agreement.

During the signing process, users are prompted to provide identification details and select their preferred signature method. This may include typing their name, drawing their signature, or uploading an image. Once submitted, users receive a confirmation email, along with a copy of the signed agreement for their records.

Ensuring Compliance with HIPAA Standards

Compliance with HIPAA standards is paramount for any entity handling PHI. The BAA outlines specific obligations that both the covered entity and the business associate must adhere to in order to protect patient information effectively. This includes implementing administrative, physical, and technical safeguards.

Regular audits and training are essential components of maintaining compliance. Organizations must ensure that all employees are aware of HIPAA regulations and the importance of safeguarding PHI. Failure to comply can result in significant penalties, making it crucial for businesses to understand their responsibilities as outlined in the BAA.