← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.

HIPAA Business Associate Agreement Template

Customization required. This template is provided for policy operations and counsel review. Replace every NEXQ-reviewed value, verify every factual statement, and confirm applicability before publication. The template is not legal advice and does not create an attorney-client relationship.

Effective date: September 18, 2024
Last updated: September 18, 2024
Owner: NEXQ privacy, security, and legal operations
Applies to: NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services

This BAA template is for situations where NEXQ creates, receives, maintains, or transmits PHI for a HIPAA covered entity or another business associate.

1. Parties

Covered Entity / Customer: Applicable covered entity or customer identified in the signed agreement
Business Associate: NEXQ
Effective date: September 18, 2024

2. Permitted uses and disclosures

Business Associate may use or disclose PHI only to perform services for Covered Entity, as required by law, for management/administration and legal responsibilities where permitted, for de-identified data if allowed, and as otherwise authorized in writing.

3. Safeguards

Business Associate will use appropriate administrative, physical, and technical safeguards to protect ePHI and prevent unauthorized uses or disclosures of PHI.

4. Reporting

Business Associate will report to Covered Entity any use or disclosure not provided for by this BAA, security incident, or breach of unsecured PHI as required by HIPAA and the agreement.

5. Subcontractors

Business Associate will ensure subcontractors that create, receive, maintain, or transmit PHI agree to the same restrictions and conditions that apply to Business Associate.

6. Access, amendment, and accounting

Business Associate will assist Covered Entity with individual rights to access, amendment, and accounting of disclosures as required by HIPAA.

7. Books and records

Business Associate will make internal practices, books, and records relating to PHI available to the Secretary of HHS as required by HIPAA.

8. Return or destruction

Upon termination, Business Associate will return or destroy PHI if feasible. If infeasible, protections continue and further uses/disclosures are limited to purposes that make return or destruction infeasible.

9. Termination

Covered Entity may terminate for material breach if Business Associate fails to cure within the agreed period, subject to the agreement.

10. Minimum necessary

Business Associate will request, use, and disclose only the minimum necessary PHI for the permitted purpose, except as otherwise permitted by HIPAA.

11. No sale or marketing

Business Associate will not sell PHI or use/disclose PHI for marketing without required authorization and agreement terms.

12. Regulatory updates

The parties will amend this BAA as needed to comply with changes in HIPAA or related regulations.