Business Associate Addendum

At Assistant Doctor, we believe that clinician and patient trust is foundational. Our relentless dedication to data privacy and protection exemplifies our adherence to HIPAA regulations.
V 1.0 - Nov 7th 2023

Doutore LLC BUSINESS ASSOCIATE ADDENDUM

THIS Doutore LLC BUSINESS ASSOCIATE ADDENDUM (this "Addendum") is an agreement between Doutore LLC ("Assistant Doctor") and you or the entity you represent ("you" or "your"), and is an addendum to the Doutore LLC Customer Agreement located at http://assistantdoctor.com/baa and any successor locations designated by Assistant Doctor) by and between you and Assistant Doctor, or other agreement between you and Assistant Doctor governing your use of the Services (the "Agreement"). This Addendum takes effect with respect to the HIPAA Account (as defined below) on the date when you click an "Accept Assistant Doctor Business Associate Addendum for this account" button (or other electronic means made available by Assistant Doctor for such purpose) presented with this Addendum (the "Addendum Effective Date). You represent to Assistant Doctor that you are lawfully able to enter into contracts (e.g., you are not a minor). If you are entering into this Addendum for an entity, such as the company you work for, you represent to Assistant Doctor that you have legal authority to bind that entity.

The parties hereby agree as follows:

1. Applicability and Definitions. This Addendum applies only to the HIPAA Account. The "HIPAA Account" means the account under the Agreement: (a) that you used to log in to Assistant Doctor to accept this Addendum and that you identified as described in Section 4.1, (b) that uses only the HIPAA Eligible Services (alone or in combination) to store or transmit any "protected health information" as defined in 45 C.F.R § 160.103, and (c) to which you have applied the required security configurations specified in the list of HIPAA Eligible Services (defined below), if any, and in Section 4.3 of this Addendum. You acknowledge that this Addendum does not apply to any other accounts you may have now or in the future, and that any of your accounts that do not satisfy all of the HIPAA Account requirements are not subject to this Addendum. Unless otherwise expressly defined in this Addendum, all capitalized terms in this Addendum will have the meanings set forth in the Agreement or in HIPAA. "HIPAA" means the Administrative Simplification Subtitle of the Health Insurance Portability and Accountability Act of 1996, as amended by Subtitle D of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, and their implementing regulations. "HIPAA Eligible Services" means only the Services listed at item “3.4 Subcontractors” (and any successor or related locations designated by Assistant Doctor), subject to any required security configurations applicable to such Services or functionality of such Services described at such location, as may be updated by Assistant Doctor from time to time. Assistant Doctor will provide at least 30 days' prior notice to you before removing an existing Service or existing functionality of a Service from the HIPAA Eligible Services. Assistant Doctor will not be obligated to provide such notice under the prior sentence if the removal is necessary to (a) address an emergency, or risk of harm to the Services or Assistant Doctor, (b) respond to claims, litigation, or loss of license rights related to third party intellectual property rights, or (c) comply with law, but should any of the preceding occur, Assistant Doctor will provide as much prior notice as is reasonably practicable under the circumstances. Subject to the obligations in this Section 1, Assistant Doctor can, in its sole discretion, add or remove Services or functionality of any of the Services to or from the HIPAA Eligible Services. "PHI" means "protected health information" as defined in 45 C.F.R. § 160.103 that is received by Assistant Doctor from or on behalf of you and that is in a HIPAA Account.

2. Permitted and Required Uses and Disclosures.

2.1. Services. Assistant Doctor may Use or Disclose PHI for or on behalf of you as specified in the Agreement.

2.2. Administration and Management of Assistant Doctor. Assistant Doctor may use and disclose PHI as necessary for providing Assistant Doctor services and management of the platform. Any Disclosures under this section will be made only if Assistant Doctor obtains reasonable assurances from the recipient of the PHI that (a) the recipient will hold the PHI confidentially and will Use or Disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient, and(b) the recipient will notify Assistant Doctor of any instances of which it is aware in which the confidentiality of the information has been breached.

3. Obligations of Assistant Doctor.

3.1. Limit on Uses and Disclosures. Assistant Doctor will use or disclose PHI only as permitted by this Addendum or as required by law, provided that any such use or disclosure would not violate HIPAA if done by a Covered Entity, unless permitted under HIPAA for a Business Associate.

3.2. Safeguards. Assistant Doctor will use reasonable and appropriate safeguards to prevent Use or Disclosure of the PHI other than as provided for by this Addendum, consistent with the requirements of Subpart C of 45 C.F.R. Part 164 (with respect to Electronic PHI) as determined by Assistant Doctor and as reflected in the Agreement.

3.3. Reporting. Assistant Doctor will report to you any Use or Disclosure of PHI not permitted or required by this Addendum of which Assistant Doctor becomes aware.

3.3.2. Reporting of Security Incidents. Assistant Doctor will report to you on no less than a quarterly basis any Security Incidents involving PHI of which Assistant Doctor becomes aware in which there is a successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an Information System in a manner that risks the confidentiality, integrity, or availability of such information. Notice is hereby deemed provided, and no further notice will be provided, for unsuccessful attempts at such unauthorized access, use, disclosure, modification, or destruction, such as pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information where the key is not compromised, or any combination of the above.

3.3.3. Reporting of Breaches. Assistant Doctor will report to you any Breach of your Unsecured PHI that Assistant Doctor may discover to the extent required by 45 C.F.R. § 164.410. Assistant Doctor will make such report without unreasonable delay, and in no case later than 60 calendar days after discovery of such Breach.

3.4. Subcontractors. Assistant Doctor will ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Assistant Doctor agree to restrictions and conditions at least as stringent as those found in this Addendum, and agree to implement reasonable and appropriate safeguards to protect PHI. Specifically, Assistant Doctor currently engages the following subcontractors under these terms:

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • HoneyBadger.io

Assistant Doctor will update this list with any changes to the subcontractors engaged in the handling of PHI and ensure that any new subcontractors agree to the same conditions as stated above prior to accessing PHI.

3.5. Access to PHI. Assistant Doctor will make PHI in a Designated Record Set available to you so that you can comply with 45 C.F.R. § 164.524.

3.6. Amendment to PHI. Assistant Doctor will make PHI in a Designated Record Set available to you for amendment and incorporate any amendments to the PHI, as may reasonably be requested by you in accordance with 45 C.F.R. § 164.526

3.7. Accounting of Disclosures. Assistant Doctor will make available to you the information required to provide an accounting of Disclosures in accordance with 45 C.F.R. § 164.528 of which Assistant Doctor is aware, if requested by you. Because Assistant Doctor cannot readily identify which Individuals are identified or what types of PHl are included in Content you or any End User (a) run on the Services, (b) cause to interface with the Services, or (c) upload to the Services under your account or otherwise transfer, process, use or store in connection with your account ("Customer Content'), you will be solely responsible for identifying which Individuals, if any, may have been included in Customer Content that Assistant Doctor has disclosed and for providing a brief description of the PHI disclosed.

3.8. Internal Records. Assistant Doctor will make its internal practices, books, and records relating to the Use and Disclosure of PHI available to the Secretary of the U.S. Department of Health and Human Services ("HHS") for purposes of determining your compliance with HIPAA. Nothing in this section will waive any applicable privilege or protection, including with respect to trade secrets and confidential commercial information.

4. Your Obligations.

4.1. Acceptance of BAA: By creating an account with Assistant Doctor, you are accepting this BAA and acknowledging that all accounts created will be in compliance with HIPAA. You understand that there is no option to have an account that is not HIPAA compliant.

4.2. Use of Assistant Doctor: You are responsible for the appropriate use of Assistant Doctor. This includes ensuring that all recordings and transcriptions are conducted in a manner that is compliant with HIPAA and other applicable laws. You understand that Assistant Doctor is a tool to assist healthcare professionals and is not a substitute for professional medical advice, diagnosis, or treatment.

4.3. Patient Consent: As a healthcare professional, it is your responsibility to obtain all necessary consents, authorizations, and permissions from patients prior to recording or transcribing any health information using Assistant Doctor. You warrant that you have obtained all necessary consents and permissions that may be required under applicable law prior to using Assistant Doctor.

4.4. Compliance with HIPAA: You will not request or cause Assistant Doctor to use or disclose PHI in a manner that does not comply with HIPAA or this BAA. You are responsible for implementing appropriate privacy and security safeguards to protect PHI in compliance with HIPAA and this BAA.

4.5. Restrictions on Disclosures: You will not agree to any restriction requests or place any restrictions in any notice of privacy practices that would cause Assistant Doctor to violate this BAA or any applicable law.

4.6. Reporting: You are responsible for reporting any breaches or potential breaches of PHI to Assistant Doctor as soon as they are discovered. This includes any unauthorized access, use, disclosure, modification, or destruction of PHI.

4.7. Training: You are responsible for ensuring that all individuals who will be using Assistant Doctor on your behalf are appropriately trained on the use of the service and the requirements of HIPAA and this BAA.

5. Term and Termination

5.1. Term. The term of this Addendum will commence on the Addendum Effective Date and will remain in effect with respect to the HIPAA Account until the earlier of (a) the termination of the Agreement, or (b) the termination of this Addendum by either party as set forth in Section 5.2 below

.5.2. Termination. You have the right to terminate this Addendum for any reason by deleting your account. This can be done by logging into your Assistant Doctor account, navigating to settings, and selecting "Delete My Account". Assistant Doctor reserves the right to terminate this Addendum for any reason upon providing 90 days' prior written notice to you. A material breach of this Addendum will be treated as a material breach of the Agreement.

5.3. Effect of Termination. At termination of this Addendum, Assistant Doctor, if feasible, will return or destroy all PHI that Assistant Doctor still maintains in any form and retain no copies of such information or, if such return or destruction is not feasible, extend the protections of this Addendum to the information and limit further Uses and Disclosures to those purposes that make the return or destruction of the information infeasible. The parties acknowledge that it is not feasible for Assistant Doctor to destroy or return PHI upon termination of this Addendum. Termination of this Addendum will not terminate any other Assistant Doctor Business Associate Addendum(s) then in place between you and Assistant Doctor with respect to any account other than the HIPAA Account, and such other Assistant Doctor Business Associate Addendums) will remain in effect until terminated in accordance with their respective terms.

6. No Agency Relationship. As set forth in the Agreement, nothing in this Addendum is intended to make either party an agent of the other. Nothing in this Addendum is intended to confer upon you the right or authority to control Assistant Doctor's conduct in the course of Assistant Doctor complying with the Agreement and Addendum.

7. Nondisclosure. You agree that the terms of this Addendum are not publicly known and constitute Assistant Doctor Confidential Information under the Agreement.

8. Entire Agreement; Conflict. Except as amended by this Addendum, the Agreement will remain in full force and effect. This Addendum, together with the Agreement as amended by this Addendum: (a) is intended by the parties as a final, complete and exclusive expression of the terms of their agreement; and (b) supersedes all prior agreements and understandings (whether oral or written) between the parties with respect to the subject matter hereof. If there is a conflict between the Agreement, this Addendum, or any other amendment or addendum to the Agreement or this Addendum, the document later in time will prevail. Assistant Doctor will not be bound by, and specifically objects to, any term, condition or other provision which is different from or in addition to the provisions of this Addendum whether or not it would materially alter this Addendum) and which is submitted by you in any order, receipt, acceptance, confirmation, correspondence or other document.

9. Modification. From time to time, Assistant Doctor may modify the terms of the Business Associate Addendum that it offers to its customers, but no modification or amendment of any portion of this Addendum will be effective unless in writing and accepted by you and by Assistant Doctor, which acceptance may be made electronically through Assistant Doctor or through other electronic means made available by Assistant Doctor for such purpose.

Cookies? We use them to provide a better experience.
Privacy Policy
Accept
Decline
Num mundo onde cada segundo conta, nossas soluções com IA garantem precisão nos registros, liberando os profissionais de saúde para o essencial: o cuidado verdadeiro com o paciente. Abraçamos um futuro onde a tecnologia realça a humanidade na medicina.
HomeExperimente gratuitamenteLog inEntre em contato conoscoEntre em contato conosco
App para AndroidApp para iPhoneDoutoreSantoDoc
Política de privacidadeTermos de serviçoConformidade com a LGPD
© Copyright desenvolvido por Dr. Assistente