This Business Associate Agreement (“Agreement”) is entered into by and between(Business Associate) and the following entity/entities:Ai Health Highway India Pvt. Ltd., including its subsidiaries and affiliates. These entities shall be collectively referred to as “Ai Health Highway.”
In the event of a conflict or inconsistency between the terms of any other agreement between the parties and this Agreement, this Agreement shall prevail.
This Agreement is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), found in Title XIII of the American Recovery and Reinvestment Act of 2009, along with their associated regulations.
The parties acknowledge and agree that, as of the effective dates under HIPAA and HITECH, the Business Associate will comply with its obligations under this Agreement and with all requirements applicable to a business associate under HIPAA, HITECH, and any related regulations. Compliance shall be maintained as per the regulations in effect at the time this Agreement is executed and as they are amended over time.
All capitalized terms used in this Agreement shall have the same definitions as provided by HIPAA and HITECH.
The Business Associate is directly subject to and must independently comply with the business associate provisions of HIPAA and HITECH, regardless of the provisions contained in this Agreement.
This Agreement applies to all services and relationships between Ai Health Highway and the Business Associate.
Any Protected Health Information ("PHI") as defined by HIPAA that is collected, created, or received from or on behalf of Ai Health Highway is considered PHI. For the purposes of these obligations, PHI includes:
- All PHI in Business Associate's possession or under its control (including that of its agents). - All PHI collected, created, or received by Business Associate or its agents on or after the effective date of this Agreement.
1. Acts / Omissions. Business Associate is responsible for all actions and/or omissions by its employees, subcontractors, and agents. It is liable to third parties and Ai Health Highway for any violation of patients' privacy or security by any individual granted access or receiving data through Business Associate.
2. Employees. Business Associate agrees to instruct its employees and temporary agency employees on the confidentiality, privacy, and security of PHI. It shall not disclose PHI to employees or permit access, viewing, copying, or use of PHI that is not necessary for their services to Ai Health Highway. Business Associate will maintain strict performance standards, including disciplinary actions, for wrongful access, misuse, or disclosure of PHI.
3. Agents and Subcontractors. If applicable, Business Associate shall ensure that any of its agents and subcontractors (if permitted) who create, receive, maintain, or transmit PHI agree in writing to the same restrictions, conditions, and requirements as those applying to Business Associate. This must align with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2). A list of such agents and subcontractors must be available to Ai Health Highway upon request.
4. Administrative and Disciplinary Action. Business Associate will take appropriate administrative and disciplinary action against employees, subcontractors, or agents if a privacy or security violation is substantiated.
5. Notification of Changes. Business Associate must promptly notify the Ai Health Highway Security Officer or other designated department if any of its employees or agents with access to Ai Health Highway Information Systems, network connections, or applications no longer need or are no longer eligible for access due to termination, job duty changes, or other reasons.
6. Monitoring. Business Associate will monitor the appropriateness of its employees' and agents' activities within Ai Health Highway Information Systems and/or network. This includes using any reports or tools provided by Ai Health Highway.
1. Using and Disclosing PHI. Business Associate may use or disclose PHI only as permitted by this Agreement or as required by law. Business Associate may use PHI solely to perform services pursuant to any underlying agreement(s) for products or services with Ai Health Highway.
2. Business Associate's Internal Management Uses of PHI. Business Associate may use PHI for internal management and administration but only in connection with directly performing services for Ai Health Highway under this Agreement.
3. Minimum Necessary. Business Associate is permitted to access and use only the minimum necessary PHI required to perform its duties under this Agreement. Business Associate agrees not to use or store PHI or identifying information (e.g., name, date of birth, etc.) if such information can be removed and is not essential to the services provided.
4. Handling PHI. Business Associate agrees to return or destroy any PHI that is erroneously shared or delivered to it.
5. Data Aggregation. Business Associate may use PHI for data aggregation related to the health care operations of Ai Health Highway, but only upon a written request from Ai Health Highway.
6. De-Identified Data – Business Associate Use for Own Purposes. Business Associate agrees not to use data that identifies Ai Health Highway or PHI for its own purposes or for the benefit of its other customers, including de-identified PHI (as defined by HIPAA), without Ai Health Highway’s prior written consent.
1. Designated Record Set. The Business Associate shall provide Ai Health Highway access to PHI in a designated record set within five (5) calendar days of any request, as necessary to fulfill Ai Health Highway’s obligations under 45 CFR 164.524.
2. Safeguards. The Business Associate agrees to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all PHI. Additionally, Business Associate will enforce appropriate electronic security measures for PHI that is transmitted, stored, received, or used electronically, in compliance with Subpart C of 45 CFR Part 164, to prevent unauthorized use or disclosure.
3. Reporting of Unauthorized Use or Disclosure. Business Associate shall notify Ai Health Highway within twenty-four (24) hours upon becoming aware of any unauthorized use or disclosure of PHI, including breaches of unsecured PHI and any security incidents. Reports must comply with 45 CFR 164.410(c).
4. Notice of Legal Contact. Business Associate shall notify Ai Health Highway in writing within five (5) calendar days of any disclosure request and shall only disclose PHI with Ai Health Highway’s express written consent unless required by law.
5. Pattern of Activity. If Business Associate identifies a pattern of activity or practice by Ai Health Highway that constitutes a material breach or violation of this Agreement, it shall notify Ai Health Highway immediately.
6. Accounting of Disclosures. Business Associate shall maintain and provide information required for an Accounting of Disclosures to Ai Health Highway within five (5) calendar days of any request, ensuring compliance with 45 CFR 164.528.
7. Notice of Patient Contact. Business Associate shall notify the Ai Health Highway privacy officer within five (5) calendar days if an individual contacts the Business Associate regarding their PHI.
8. Assistance. Throughout the duration of this Agreement, Business Associate shall make PHI in its possession or under its control available to Ai Health Highway within five (5) calendar days of a request.
9. Electronic Health Records (EHR) Related to Treatment, Payment, or Operations. If an individual directly requests an accounting of disclosures related to treatment, payment, or healthcare operations through electronic health records, Business Associate shall provide the requested information in accordance with the effective date of Section 13405(c) of HITECH. Business Associate shall document all such disclosures and notify Ai Health Highway accordingly.
10. Amendments. Business Associate shall make PHI available for amendment and incorporate any necessary changes as required by 45 CFR 164.526.
11. Compliance with Subpart E. If Business Associate is responsible for fulfilling any of Ai Health Highway’s obligations under Subpart E of 45 CFR Part 164, it shall comply with the applicable requirements in performing those obligations.
1. Upon receiving a report of an actual or suspected breach or security incident from the Business Associate, Ai Health Highway will determine whether a Risk Assessment is necessary. If required, Ai Health Highway will decide whether it or the Business Associate should conduct the assessment. The Business Associate must comply with all requests and directives issued by Ai Health Highway in this regard.
2. If a Risk Assessment confirms that a breach has occurred, Ai Health Highway will determine the appropriate entity responsible for notifying affected individuals, the Department of Health and Human Services, and, if necessary, the media. If the Business Associate is deemed responsible for issuing the notification, they must do so at their sole cost and within the timeframe mandated by HIPAA.
The Business Associate must provide Ai Health Highway with a draft of the Breach Notification letter at least 10 days before the deadline for review and approval. No notification letter may be issued without Ai Health Highway’s written approval. If Ai Health Highway has reasonable grounds to believe that the Business Associate is not adequately fulfilling its obligations under this section, Ai Health Highway reserves the right to assume responsibility for these obligations and charge the Business Associate for any associated costs.
1. Suspension and Termination. Business Associate shall immediately suspend or terminate an employee’s, agent’s, or subcontractor’s access to Ai Health Highway’s information systems and network connections in the event of a suspected or actual violation. Reinstatement of access or connection privileges shall only occur upon Ai Health Highway’s written approval.
2. Immediate Termination of Access/Network Connection. Ai Health Highway reserves the sole discretion to immediately revoke any Business Associate employee’s, agent’s, or subcontractor’s access to its information systems or network connection. This includes, but is not limited to, cases involving improper use of Ai Health Highway’s systems, failure to maintain confidentiality, privacy breaches, or inadequate security safeguards regarding patient or business information.
All notices and reports required under this Agreement shall be provided in writing, and Business Associate shall retain proof of transmission, to the following persons on behalf of Ai Health Highway:
Ai Health Highway Security & Privacy Officer: Ashwin Chandrasekaran ([email protected])
All notices and reports required under this Agreement shall be provided in writing, and Business Associate shall retain proof of transmission, to the following persons on behalf of Ai Health Highway:
Ai Health Highway Security & Privacy Officer: Ashwin Chandrasekaran ([email protected])
Business Associate shall make its internal practices, books, and records relating to the use and disclosure of any PHI available to Ai Health Highway, the Secretary of the Department of Health and Human Services, and to other authorized government investigators for purposes of determining Business Associate's and Ai Health Highway's compliance with HIPAA.
Business Associate agrees that Ai Health Highway has the right to audit, investigate, monitor, access, review, and report on Business Associate's use of any Ai Health Highway PHI, with or without advance notice or knowledge from Ai Health Highway.
No party may assign or transfer any or all of its rights and/or obligations under this Agreement or any part of it, nor any benefit or interest in or under it, to any third party without the prior written consent of the other party, which shall not be unreasonably withheld. Business Associate may not assign any rights, nor may it delegate its duties, under this Agreement without the express written consent of Ai Health Highway.
Business Associate also will comply with all federal and state security and privacy laws applicable to Business Associate and more protective of individual privacy than are the HIPAA and/or HITECH.
Business Associate acknowledges and stipulates that its, including its agents and/or subcontractors, unauthorized use or disclosure of PHI while performing services pursuant to this Agreement may cause irreparable harm to Ai Health Highway, and in such event, Ai Health Highway will be entitled, if it so elects, to institute any type of proceeding in any court of competent jurisdiction in equity, to seek injunctive relief.
1. Immediate Termination and Cure. Ai Health Highway may immediately terminate its relationship with Business Associate upon written notice to Business Associate without damages or liability to Business Associate if Ai Health Highway determines that Business Associate has violated a material requirement related to HIPAA and/or HITECH. Ai Health Highway, at its option and within its sole discretion, has the right to take reasonable steps to cure the breach and/or may (a) allow Business Associate to take steps to cure the breach, and (b) in the event of such a cure, elect to keep the relationship in force.
2. PHI Obligations upon Termination or Expiration. Unless Business Associate is required by law to maintain PHI, Business Associate shall return (and not retain any copies of) all PHI in its possession or under its control within 30 days after the termination/expiration of this Agreement. If Business Associate is unable to return PHI, then Business Associate shall notify Ai Health Highway of the reasons for being unable to return PHI in writing and must, at a minimum, maintain PHI as required by this Agreement and HIPAA and/or HITECH for so long as the Ai Health Highway PHI exists. Business Associate shall not transfer possession of Ai Health Highway PHI without prior written approval of Ai Health Highway. If at any time Business Associate determines it is unable to protect Ai Health Highway PHI, Business Associate shall destroy all Ai Health Highway PHI and all copies and maintain proof of such destruction. Business Associate’s obligations under this paragraph shall survive the termination of this Agreement.
3. Criminal or Civil Proceedings. Ai Health Highway may terminate this Agreement effective immediately, if (i) Business Associate is named as a defendant in a criminal proceeding for a violation of HIPAA, HITECH, or other security or privacy laws or (ii) there is a finding or stipulation that Business Associate has violated any standard or requirement of HIPAA, HITECH, or other security or privacy laws in any administrative or civil proceeding in which Business Associate is involved.
4. Termination of Other Agreements. If this Agreement is terminated for any reason, Ai Health Highway or Business Associate also may terminate any or all other agreements between the parties. This provision shall supersede any termination provision to the contrary which may be set forth in any other agreement.
Corporate Address: Ai Health Highway India Pvt Ltd, 4th Floor, #85, 5-1, Subedhar chatram Road, opp. DCP Traffic Police Station, Subedarpalya, Yeswanthpur, Bengaluru, Karnataka 560022
Registered Address:DSI Innovation campus, Block A, 2nd Floor, Gharebhavipalya, Hongasandra village, Hosur Road, Bangalore 560068, Karnataka, India
© 2025 Ai Health Highway India Pvt Ltd. All Rights Reserved.
Made with passion in "Namma Bengaluru" by
