Covered Entity: A HIPAA-covered health care provider or clinic delivering health services and transmitting PHI.

Business Associate: BookaTherapy Inc., which performs services for the Covered Entity that involve the use or disclosure of PHI.

PHI: Protected Health Information under 45 CFR §160.103.

Breach, Security Incident, Unsecured PHI, and Minimum Necessary have the meanings given in HIPAA Rules.

The Business Associate may use and disclose PHI only as necessary to perform services described in the partnership agreement and as permitted by HIPAA.

The Business Associate shall not use PHI for marketing or other purposes not authorized by the Covered Entity.

Safeguards: Implement appropriate administrative, physical, and technical safeguards to prevent PHI misuse, consistent with 45 CFR §§164.308, 164.310, 164.312.

Breach Notification: Report any unauthorized access, use, or disclosure of PHI to the Covered Entity within 24 hours.

Mitigation: Assist in breach investigation and mitigation.

Subcontractors: Ensure any subcontractor that handles PHI also enters into a HIPAA-compliant agreement and abides by these terms.

Training: Ensure workforce is trained on HIPAA obligations.

Access & Amendment: Provide PHI in a timely manner when required to enable the Covered Entity to comply with individuals' rights under 45 CFR §164.524 and §164.526.

Accounting of Disclosures: Maintain and provide information about disclosures of PHI as required under 45 CFR §164.528.

Compliance: Ensure all disclosures of PHI to the Business Associate are permitted under HIPAA.

Notice of Restrictions: Inform the Business Associate of any PHI use restrictions agreed upon with the individual that may affect the Business Associate's use or disclosure of PHI.

Termination for Cause: The Covered Entity may terminate this agreement if it determines the Business Associate has materially breached this agreement and cure is not possible within 30 days.

Return or Destruction of PHI: Upon termination, the Business Associate must return or destroy all PHI. If infeasible, extend protections and limit further use per HIPAA.

Access by HHS: The Business Associate agrees to make its internal practices available to the Secretary of HHS for compliance review.

Amendment: This agreement may be amended to reflect changes in law.

No Third-Party Beneficiaries: No third party shall be considered a beneficiary to this agreement.

Governing Law: Governed by the laws of the United States and applicable state law.