Business Associate Agreement

This Business Associate Agreement ("Agreement") is entered into between Labs and Health of Miami LLC ("Business Associate") and the organization identified below ("Covered Entity") as of the date of last signature.

1. Purpose

Covered Entity has engaged Business Associate to provide mobile phlebotomy and specimen collection services. In connection with these services, Business Associate may create, receive, maintain, or transmit Protected Health Information ("PHI") on behalf of Covered Entity. This Agreement governs the parties' obligations under the Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act and implementing regulations (collectively, "HIPAA").

2. Permitted Uses and Disclosures of PHI

• Business Associate may use or disclose PHI only as necessary to perform the services described above.
• Business Associate may use PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities.
• Business Associate will not use or disclose PHI in a manner that would violate HIPAA if done by Covered Entity.

3. Safeguards

Business Associate will implement administrative, physical, and technical safeguards that reasonably protect the confidentiality, integrity, and availability of PHI, including:

• Encryption of PHI in transit (TLS 1.2+) and at rest where feasible.
• Access controls limiting PHI access to authorized personnel on a need-to-know basis.
• Audit logging of PHI access, modification, and transmission.
• Workforce training on HIPAA privacy and security requirements.
• Session timeout and password protection on all systems containing PHI.

4. Subcontractors

Business Associate will ensure that any subcontractor that creates, receives, maintains, or transmits PHI on its behalf agrees in writing to the same restrictions and conditions that apply to Business Associate under this Agreement.

5. Reporting Breaches

Business Associate will report any use or disclosure of PHI not permitted by this Agreement, including any breach of unsecured PHI, to Covered Entity without unreasonable delay and in no case later than sixty (60) days after discovery.

6. Individual Rights

At Covered Entity's request, Business Associate will make available PHI for access, amendment, and accounting of disclosures as required under HIPAA.

7. Term and Termination

This Agreement is effective on the date of last signature and remains in effect until terminated. Either party may terminate this Agreement for material breach that is not cured within thirty (30) days of written notice. Upon termination, Business Associate will return or destroy all PHI received from Covered Entity, if feasible. If return or destruction is not feasible, the protections of this Agreement will extend to retained PHI.

8. Miscellaneous

• Amendment: the parties agree to amend this Agreement as necessary to comply with any changes in HIPAA.
• Interpretation: any ambiguity will be resolved in favor of a meaning that permits compliance with HIPAA.
• Governing law: this Agreement is governed by the laws of the State of Florida, without regard to conflict-of-laws principles.

This template is provided for convenience. It does not constitute legal advice. Covered Entities should review with their own counsel before signing.