Business Associate Agreement
This Business Associate Agreement ("Agreement") is entered into by and between Tarionix LLC ("Business Associate") and the customer identified in the applicable Master Services Agreement ("Covered Entity"). This Agreement governs the creation, receipt, maintenance, use, disclosure, and transmission of Protected Health Information (PHI) by Business Associate while providing services to Covered Entity and is intended to satisfy the requirements of HIPAA, the HITECH Act, and related regulations.
1. Purpose
The purpose of this Agreement is to define the responsibilities of the Parties with respect to PHI and ePHI processed by Business Associate while delivering services under the applicable Master Services Agreement.
2. Definitions
Capitalized terms not defined herein have the meanings assigned under HIPAA. Definitions include Business Associate, Covered Entity, PHI, ePHI, Breach, Security Incident, Subcontractor, Required by Law, and Unsecured PHI.
3. Services
Business Associate provides managed IT services, managed security services, cloud management, Microsoft 365 and Azure services, backup and disaster recovery, identity and access management, AI governance consulting, cybersecurity, network operations, infrastructure management, and related professional services.
4. Business Associate Responsibilities
Business Associate shall implement appropriate administrative, physical, and technical safeguards; comply with HIPAA; use PHI only as permitted; report reportable breaches and security incidents without unreasonable delay; train personnel; require subcontractors to agree to equivalent obligations; and mitigate known harmful effects of improper disclosures.
5. Permitted Uses and Disclosures
Business Associate may use PHI only to provide contracted services, for internal administration where permitted by law, to satisfy legal obligations, and as otherwise permitted by HIPAA or authorized in writing by Covered Entity.
6. Covered Entity Responsibilities
Covered Entity shall provide PHI only where legally authorized, communicate applicable privacy restrictions, and not require Business Associate to perform actions that violate HIPAA.
7. Individual Rights
Business Associate will reasonably assist Covered Entity with HIPAA requests involving access, amendment, accounting of disclosures, and other applicable individual rights.
8. Security Safeguards
Business Associate will maintain a commercially reasonable information security program including access controls, logging, encryption where appropriate, vulnerability management, incident response, backup, disaster recovery, and workforce security.
9. Breach Notification
Business Associate shall notify Covered Entity of reportable breaches of unsecured PHI without unreasonable delay and cooperate with legally required investigations and notifications.
10. Subcontractors
Business Associate shall require subcontractors handling PHI to execute written agreements imposing substantially equivalent HIPAA obligations.
11. Records and Cooperation
Business Associate shall cooperate with lawful regulatory requests relating to HIPAA compliance and make records available where required by law.
12. Return or Destruction of PHI
Upon termination, Business Associate shall return or securely destroy PHI where feasible. If infeasible, Business Associate shall continue protecting retained PHI until destruction becomes feasible.
13. Term and Termination
This Agreement remains effective while Business Associate maintains PHI. Either Party may terminate for material breach following a reasonable cure period unless immediate termination is legally required.
14. Indemnification
Each Party shall be responsible for its own acts and omissions and indemnify the other Party for losses arising from its material breach, subject to the MSA.
15. Limitation of Liability
Liability shall be governed by the limitation of liability provisions contained in the applicable MSA unless prohibited by law.
16. Notices
Notices shall be provided in accordance with the MSA.
17. Governing Law
This Agreement shall be governed by the governing law specified in the applicable MSA except where federal law preempts.
18. Miscellaneous
This Agreement constitutes the entire HIPAA agreement between the Parties, may be amended only in writing, and survives as necessary to protect retained PHI.
Tarionix
Tarionix is your trusted technology partner, delivering secure, scalable IT solutions that simplify operations, strengthen security, and empower business growth.
Sitemap
Home
Services
Procurement
About
Contact
Business Enquiry
Email Address: info@tarionix.com
Phone Number: +1 (737) 273-1731
© 2025-2026 Tarionix. All rights reserved. | 5900 Balcones Drive, Suite 18024, Austin, TX 78731
Legal | CCPA Compliance
MANAGED. MODERN. SECURE
