Business Associate Agreement

This Business Associate Agreement (“BAA”) is entered into between COMING HOME CARE SERVICES LLC d/b/a Coming Homecare (“Business Associate”) and the User (“Covered Entity”) accessing the Platform.

This Agreement governs the use and disclosure of Protected Health Information (“PHI”) in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, as amended from time to time.

The Business Associate may use PHI solely to:

• Provide billing and administrative services on behalf of the Covered Entity;
• Perform functions expressly authorized by the Covered Entity.

Any use or disclosure of PHI not described herein requires prior written authorization from the Covered Entity.

The Business Associate agrees to:

• Implement reasonable administrative, technical, and physical safeguards to protect PHI;
• Limit use of PHI to the minimum necessary to accomplish the intended purpose;
• Report any known breach or unauthorized disclosure of PHI to the Covered Entity;
• Ensure any subcontractors or agents who receive PHI agree to the same restrictions and conditions.

The User (Covered Entity) agrees to:

• Provide accurate and lawfully obtained PHI to the Business Associate;
• Obtain all necessary patient authorizations prior to disclosing PHI to the Platform;
• Use the Platform in full compliance with HIPAA and all applicable laws.

The Business Associate will notify the Covered Entity of any breach of unsecured PHI as required by the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414) without unreasonable delay and in no event later than sixty (60) calendar days after discovery of the breach.

This BAA may be terminated by either party if the other party materially violates its terms and fails to cure such violation within a reasonable time after written notice. Termination of this BAA shall not affect any obligations already accrued prior to termination.

Upon termination of this Agreement, the Business Associate shall, where feasible, return or securely destroy all PHI received from or created on behalf of the Covered Entity. Where return or destruction is not feasible, the protections of this BAA shall survive termination and remain in effect for as long as the Business Associate retains such PHI.

This Agreement shall be governed by applicable federal law, including HIPAA and its implementing regulations, and the laws of the State of New York to the extent not preempted by federal law.