Business Associate Agreement (BAA)

This document outlines the HIPAA compliance responsibilities between your organization and SolloAI.

This Business Associate Agreement ("Agreement") is entered into by and between the healthcare provider accepting this Agreement ("Covered Entity") and Sollo AI, LLC, an Ohio limited liability company ("Business Associate"). This Agreement is effective as of the date the Covered Entity accepts the Terms of Service.

1. Definitions

All capitalized terms used but not defined in this Agreement have the same meanings as in the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations.

  • Protected Health Information (PHI): Information defined in 45 CFR §160.103 that is received, maintained, or transmitted by Business Associate on behalf of the Covered Entity.
  • Required by Law: Mandated disclosures under applicable legal authority.
  • Security Incident: The attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI.

2. Permitted Uses and Disclosures

  • Business Associate may use and disclose PHI only as necessary to provide transcription, summarization, and related services as described in the Terms of Service.
  • Business Associate may use PHI for internal management, administration, or legal obligations permitted by HIPAA.

3. Responsibilities of Business Associate

Business Associate shall:

  1. Safeguards: Implement administrative, physical, and technical safeguards as required by 45 CFR §§164.308, 164.310, and 164.312.
  2. Minimum Necessary: Use or disclose only the minimum necessary PHI.
  3. Breach Notification: Notify Covered Entity within 5 business days of discovering any breach of unsecured PHI, as defined in 45 CFR §164.402.
  4. Subcontractors: Ensure any subcontractors that access PHI agree in writing to the same restrictions.
  5. Access to PHI: Make PHI available as required by 45 CFR §164.524.
  6. Amendment Requests: Allow Covered Entity to amend PHI as required under 45 CFR §164.526.
  7. Audit Records: Make internal records relating to PHI available to the Secretary of HHS upon lawful request.

4. Responsibilities of Covered Entity

Covered Entity agrees to:

  1. Not request Business Associate to use or disclose PHI in a manner that violates HIPAA.
  2. Obtain patient consents or authorizations if required for PHI processing.

5. Term and Termination

  • Term: This Agreement is effective upon acceptance and continues until terminated.
  • Termination for Cause: Covered Entity may terminate this Agreement if Business Associate violates a material term.
  • Effect of Termination: Upon termination, Business Associate shall return or destroy all PHI unless retention is required by law. If return/destruction is not feasible, protections shall remain in place.

6. Limitation of Liability

To the maximum extent permitted by law, Business Associate's total liability under this Agreement shall be limited as described in the Terms of Service.

7. Miscellaneous

  • This Agreement is governed by the laws of the State of Ohio.
  • Any conflicts between this Agreement and other contracts shall be resolved in favor of this Agreement with respect to PHI.

IN WITNESS WHEREOF

Covered Entity agrees to this BAA by accepting the platform's Terms of Service and Privacy Policy, which incorporate this Agreement by reference.