Business Associate Agreement

Our standard BAA is included with every ClearPath subscription at no additional cost.

Download Our Standard BAA

Review our Business Associate Agreement template. This agreement is automatically executed when you subscribe to ClearPath.

Business Associate Agreement Summary

This summary highlights key provisions of our Business Associate Agreement. Please refer to the full document for complete terms.

1. Definitions

Our BAA incorporates the definitions set forth in HIPAA, including Protected Health Information (PHI), Covered Entity, Business Associate, and related terms.

2. Permitted Uses and Disclosures

ClearPath may use or disclose PHI only to:

  • Perform services under our Service Agreement
  • Manage and administer our business
  • Provide data aggregation services
  • Report violations of law to appropriate authorities
  • Comply with legal requirements

3. Obligations of ClearPath

As your Business Associate, ClearPath agrees to:

  • Not use or disclose PHI other than as permitted or required
  • Implement appropriate safeguards to protect PHI
  • Report any Security Incidents or Breaches
  • Ensure subcontractors agree to the same restrictions
  • Make PHI available for access by individuals
  • Make PHI available for amendment
  • Provide accounting of disclosures
  • Make internal practices available to HHS for compliance review
  • Return or destroy PHI upon termination

4. Obligations of Covered Entity

As a Covered Entity using ClearPath, you agree to:

  • Notify ClearPath of any limitations on PHI use or disclosure
  • Notify ClearPath of any changes to individual authorizations
  • Notify ClearPath of any restrictions on PHI use or disclosure
  • Not request ClearPath to use or disclose PHI in any unlawful manner

5. Term and Termination

The BAA is effective for the term of your ClearPath subscription. Either party may terminate upon material breach that is not cured within 30 days of notice. Upon termination, ClearPath will return or destroy all PHI, except as required by law.

6. Breach Notification

ClearPath will notify you of any Breach of Unsecured PHI without unreasonable delay, and no later than 60 days after discovery. Notification will include all information required by HIPAA for you to fulfill your notification obligations.

7. Subcontractors

ClearPath will ensure that any subcontractor that creates, receives, maintains, or transmits PHI on our behalf agrees to the same restrictions and conditions that apply to ClearPath under this Agreement.

8. Amendments

The parties agree to amend this Agreement as necessary to comply with changes in HIPAA requirements.

Need a Custom BAA?

Enterprise customers may request modifications to our standard BAA. Contact our legal team to discuss your requirements.

Contact Legal TeamLearn About HIPAA Compliance