Laserfiche WebLink
4) Term and Termination. <br />a) Term. This BAA shall be effective as of the effective date of the underlying Service Agreement <br />and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or <br />created or received by Business Associate on behalf of Covered Entity, is destroyed or returned <br />to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to <br />such information, in accordance with the termination provision in this section. <br />b) Material Breach. A breach by Business Associate of any provision of this BAA, as determined <br />by Covered Entity, shall constitute a material breach of the Service Agreement and shall <br />provide grounds for immediate termination of the Service Agreement by Covered Entity <br />pursuant to the Service Agreement. <br />c) Reasonable Steps to Cure Breach. If Covered Entity knows of a pattern of activity or practice <br />of Business Associate that constitutes a material breach or violation of Business Associate's <br />obligations under the provisions of this BAA or another arrangement and does not terminate <br />the Service Agreement pursuant to Section 4 (b), then Covered Entity shall take reasonable <br />steps to cure such breach or end such violation, as applicable. If Covered Entity's efforts to <br />cure such breach or end such violation are unsuccessful, Covered Entity shall either (i) <br />terminate the Service Agreement, if feasible, or (ii) if termination of the Service Agreement is <br />not feasible, Covered Entity shall report Business Associate's breach or violation to the <br />Secretary of the Department of Health and Human Services. <br />d) Judicial or Administrative Proceedings. Either party may terminate the Service Agreement, <br />effective immediately, if (i) the other party is named as a defendant in a criminal proceeding <br />for a violation of HIPAA, HITECH or other security or privacy laws or (ii) a finding or <br />stipulation that the other party has violated any requirement of HIPAA, HITECH or other <br />security or privacy laws is made in any administrative or civil proceeding in which the party <br />has been joined. <br />5) Disclaimer. Covered Entity makes no warranty or representation that compliance by Business <br />Associate with this BAA, HIPAA or HITECH will be adequate or satisfactory for Business <br />Associate's own purposes. Business Associate is solely responsible for all decisions made by <br />Business Associate regarding the safeguarding of PHI. <br />6) Certifications. To the extent Covered Entity determines that such examination is necessary to <br />comply with Covered Entity's legal obligations pursuant to HIPAA and HITECH relating to <br />certification of its security practices, Covered Entity or its authorized agents or contractors, may, <br />at Covered Entity's expense, examine Business Associate's facilities, systems, procedures and <br />records as may be necessary for such agents or contractors to certify to Covered Entity the extent <br />to which Business Associate's security safeguards comply with HIPAA, HITECH or this BAA. <br />7) Amendment to Comply with Law. The Parties acknowledge that state and federal laws relating to <br />data security and privacy are rapidly evolving and that amendment of this BAA may be required <br />to provide for procedures to ensure compliance with such developments. The Parties specifically <br />agree to take such action as is necessary to implement the amendments and requirements of HIPAA <br />(including without limitation the Privacy Rule), HITECH and other applicable laws relating to the <br />security or confidentiality of PHI. The Parties understand and agree that Covered Entity must <br />