Appendix A: In-House Health Platform Business Associate Agreement (“BAA”)


Last updated: May 1, 2025

This Business Associate Agreement (“BAA”) is entered into as of the date of last signature to the MSA (“Effective Date”) between Customer (for the BAA, referred to as “Covered Entity”) and In-House (for the BAA, referred to as “Business Associate”).

1. Definitions

1.1. Business Associate
Shall have the same meaning as the term “business associate” in 45 CFR 160.103, and in reference to the party to this agreement, shall mean In-House Health.

1.2. Covered Entity
Shall have the same meaning as the term “covered entity” in 45 CFR 160.103, and in reference to the party to this agreement, shall mean Customer.

1.3. HIPAA Rules
Shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.

1.4. Protected Health Information (PHI)
Shall have the same meaning as the term “protected health information” in 45 CFR 160.103, limited to the information received from, or created or received by Business Associate on behalf of Covered Entity.

2. Obligations and Activities of Business Associate

2.1. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Agreement or as required by law.

2.2. Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by this Agreement.

2.3. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which it becomes aware.

3. Permitted Uses and Disclosures by Business Associate

3.1. Business Associate may use or disclose PHI as necessary to perform its obligations under the Agreement, provided that such use or disclosure would not violate the HIPAA Rules if done by Covered Entity.

3.2. Business Associate may use PHI to provide data aggregation services relating to the health care operations of Covered Entity.

4. Obligations of Covered Entity

4.1. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.

5. Term and Termination

5.1. This Agreement shall be effective as of the Effective Date and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions in this Agreement.

6. Miscellaneous

6.1. Interpretation
Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the HIPAA Rules.

6.2. Amendment
This Agreement may be amended by the parties in writing.

Download PDF

AI-driven Scheduling and Management Platform for Modern Nursing Teams

2025 In-House Health, Inc. All rights reserved.
Privacy PolicyTerms and Conditions