HIPAA BAA

Protected health information obligations where applicable.

Version: 1.0 · Effective Date: April 18, 2026

This BAA is between Covered Entity and Evident Technologies LLC (Business Associate) and supplements the governing service agreement.

For enterprise engagements, the governing service agreement is the executed MSA and Order Form. For self-serve memberships, the governing service agreement is the applicable Membership Agreement and accepted plan terms.

1. Applicability

This BAA applies only where Covered Entity uploads or processes PHI through services expressly authorized for PHI handling.

2. Permitted uses and disclosures

Business Associate may use and disclose PHI only as necessary to perform contracted services and as permitted by HIPAA and this BAA.

3. Safeguards

Business Associate will implement administrative, physical, and technical safeguards reasonably designed to protect PHI from unauthorized use or disclosure.

4. Workforce and subcontractors

  1. Workforce access to PHI must be role-restricted and confidentiality-bound.
  2. Subcontractors receiving PHI must be bound by written obligations no less protective than this BAA.

5. Incident and breach reporting

Business Associate will report PHI incidents and breaches to Covered Entity without unreasonable delay and provide available information needed for HIPAA notification duties.

6. Access, amendment, accounting support

To the extent required and feasible, Business Associate will support Covered Entity requests for access, amendment, and accounting of disclosures.

7. Return or destruction

Upon termination, Business Associate will return or destroy PHI when feasible, or continue required protections for retained PHI if destruction is infeasible.

8. Restrictions and minimum necessary

Business Associate will apply minimum-necessary principles and honor documented restrictions to the extent required by law.

9. No legal services

Business Associate provides technical processing services only and does not provide legal counsel, medical advice, or regulatory legal interpretation.

10. Liability and precedence

Liability framework follows the governing service agreement unless prohibited by applicable law. If conflict exists on PHI-handling obligations, this order controls: (1) this BAA, (2) governing service agreement, (3) applicable schedules under documentation .

11. Termination for material BAA breach

Covered Entity may terminate if Business Associate materially breaches this BAA and fails to cure within the required period.