BUSINESS ASSOCIATE AGREEMENTThis BUSINESS ASSOCIATE AGREEMENT governs the provision of Protected Health Information (“PHI”) (as defined in 45 C.F.R. §164.501) by Provider, which is also sometimes referred to hereinafter as the Covered Entity (as hereinafter defined) to Noble, for the purposes of Provider providing mental health services to third parties remotely/via telemedicine (the “Services”) utilizing Noble’s online platform known as the Noble app (available at noble.health). Noble and Provider are sometimes referred to hereinafter each as a “Party” and collectively as the “Parties”.
Provider is a “Covered Entity” as that term is defined in 45 C.F.R. Part 160 and Part 164, Subparts A, C and E, the Security Standards for the Protection of Electronic Protected Health Information and Standards for Privacy of Individually Identifiable Health Information (“Security and Privacy Rule”), which are a part of the implementing regulations for HIPAA.
In connection with the provision of the Services, Provider has regular occasion to disclose to Noble certain PHI that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Subtitle D of Title XIII of the American Recovery and Reinvestment Act of 2009 (“HITECH Act”).
Noble, as a recipient of PHI from Covered Entity, is a “Business Associate” of Covered Entity as that term is defined in the 45 C.F.R. § 160.103.
The Parties acknowledge that, pursuant to HIPAA and the HITECH Act, all Business Associates of Covered Entities must agree in writing to comply with the Security Rule and certain mandatory provisions regarding the use and disclosure of PHI under the Privacy Rule.
The purpose of this Agreement is to comply with the requirements of the Privacy and Security Rules, including, but not limited to, the Business Associate contract requirements at 45 C.F.R. §§164.502(e), 164.504(e), and as may be amended.
NOW, THEREFORE, in consideration of the mutual promises and covenants contained herein, the Parties agree as follows: