Back to home

Business Associate Agreement

HIPAA BAA template offered to Covered Entity customers.

Effective June 7, 2026 · Amino Stack IQ · 915 Cimarron Circle, Bradenton, FL 34209, USA

Template document. This is a tailored draft prepared for Amino Stack IQ. Review with qualified counsel before relying on it for any production use.

This Business Associate Agreement ("BAA") is entered into between the Covered Entity identified in the applicable order form ("CE") and Amino Stack IQ ("Business Associate" or "BA") and is incorporated into the Terms of Service and Clinic Portal Terms.

1. Definitions

Capitalized terms not defined here have the meanings in 45 C.F.R. §§ 160.103 and 164.501, including "Breach," "PHI," "ePHI," "Required by Law," and "Security Incident."

2. Permitted uses and disclosures

BA may use and disclose PHI only as necessary to perform the Services, as Required by Law, and for BA's proper management and administration. BA will not use or disclose PHI in a manner that would violate HIPAA if done by the CE.

3. Safeguards

BA will implement administrative, physical, and technical safeguards required by the Security Rule (45 C.F.R. §§ 164.308, 164.310, 164.312) to protect the confidentiality, integrity, and availability of ePHI.

4. Subcontractors

BA will require each subcontractor that creates, receives, maintains, or transmits PHI on behalf of BA to agree in writing to restrictions and conditions at least as protective as those in this BAA.

5. Reporting

  • BA will report any Use or Disclosure of PHI not permitted by this BAA without unreasonable delay.
  • BA will report any Security Incident of which it becomes aware, with reports aggregated for unsuccessful incidents.
  • BA will notify CE of any Breach of Unsecured PHI without unreasonable delay and in any event within sixty (60) days of discovery.

6. Individual rights

BA will, within commercially reasonable timeframes, make PHI available to CE to respond to Individual requests for access, amendment, and accounting of disclosures, and otherwise cooperate with CE in fulfilling its obligations under 45 C.F.R. § 164.524–528.

7. Audits

BA will make its internal practices, books, and records relating to the Use and Disclosure of PHI available to the Secretary of HHS for purposes of determining CE's compliance with HIPAA.

8. Term & termination

This BAA is effective on the effective date of the underlying agreement and terminates when all PHI is returned or destroyed. If return or destruction is infeasible, BA will extend the protections of this BAA to such PHI for as long as it is retained.

9. Survival

Sections relating to safeguards, reporting, individual rights, audits, and return or destruction of PHI survive termination.

10. Miscellaneous

References to HIPAA include amendments and implementing regulations. The Parties agree to amend this BAA to comply with future requirements. In case of conflict, the terms of this BAA control over the underlying agreement with respect to PHI.

11. Execution

A countersigned BAA is available on request from support@aminostackiq.com.