Find The Best Therapists & Psychiatrists Near You — Zencare

Zencare Group Inc.
Business Associate Agreement

Last modified: September 21st, 2022
Effective date: September 21st, 2022

1. Introduction

Welcome to https://zencare.co/ (the “Website”). This HIPAA Business Associate Agreement (“BAA”) is entered into by and between Zencare Group, Inc. (“Zencare”, “we”, “us” or “our”) and you, and is made effective as of the date of electronic acceptance. This BAA sets forth each party’s respective obligations regarding the Services, and represents the entire agreement between you and Zencare concerning the subject matter hereof.

Your electronic acceptance of this BAA signifies that you have read, understand, acknowledge and agree to be bound by this BAA, along with our Terms of Use and our Privacy Policy, which are incorporated herein by this reference. Terms capitalized but not defined in this BAA have the meanings set out in the Terms of Use and Privacy Policy, respectively.

The terms “you” or “your” shall refer to any individual or entity who accepts this BAA. Nothing in this BAA shall be deemed to confer any third-party rights or benefits.

We may, in our sole and absolute discretion, change or modify this BAA, any policies or agreements which are incorporated herein, and any limits or restrictions on the Services, at any time, and such changes or modifications shall be effective immediately upon posting to the Website. Your use of the Website or the Services after such changes or modifications shall constitute your acceptance of this BAA and Service limitations as last revised. If you do not agree to be bound by this BAA and the Services limitations as last revised, do not continue to use this Website or the Services.

We may occasionally notify you of changes or modifications to this BAA by email. It is therefore very important that you keep your contact information current. We assume no liability or responsibility for your failure to receive an email notification if such failure results from an inaccurate email address.

The parties agree as follows:

2. Definitions

For purposes of this BAA, any capitalized terms not otherwise defined herein will have the meaning given to them in the BAA and under HIPAA.

a. “Business Associate” has the same meaning as the term “business associate” in 45 C.F.R. § 160.103 of HIPAA.

b. “Covered Entity” has the same meaning as the term “covered entity” in 45 C.F.R. § 160.103 of HIPAA.

c. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the rules and the regulations thereunder, as amended (including with respect to the HITECH Act).

d. “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act enacted in the United States Congress, which is Title XIII of the American Recovery & Reinvestment Act, and the regulations thereunder, as amended.

e. “Privacy Rule” means 45 C.F.R., Part 164, Subpart E, under HIPAA.

f. “Protected Health Information” or “PHI” will have the meaning given to it under HIPAA if provided to Zencare in connection with your permitted use of the Services.

g. "Unsuccessful Security Incidents" includes, but is not limited to, pings and other broadcast attacks on Zencare's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.

h. “Security Rule” means 45 C.F.R., Part 164, Subpart C, under HIPAA.

3. Applicability

a. Parties. This BAA applies only to the extent you are acting as a Covered Entity or Business Associate to create, receive, maintain or transmit PHI via the Services and where Zencare, as a result, is deemed under HIPAA to be acting as your Business Associate.

b. Services Scope. As of the effective date of this BAA, this BAA is applicable only to the described Services. Zencare may expand the scope of the described Services to include other Zencare products or services. If Zencare expands the scope of the Services, this BAA will automatically apply to the additional products and services as of the date they are included, or the date Zencare has otherwise provided written communication regarding an update to the scope of the included Services (whichever date is earlier).

4. Permitted Use and Disclosure

a. By Zencare. Zencare may use and disclose PHI only as permitted under HIPAA for those purposes necessary to perform the Services, as specified in the Terms of Use and under this BAA. Zencare may also use and disclose PHI for the proper management and administration of Zencare’s business and to carry out the legal responsibilities of Zencare, provided that any disclosure of PHI for such purpose may only occur if (1) required by applicable law; or (2) Zencare obtains written reasonable assurances from the person to whom PHI will be disclosed that it will be held in confidence, used or disclosed only as required by law or for the purpose for which it was disclosed, and that Zencare will be notified of any breach. To the extent Zencare is to carry out your obligations as a Covered Entity, as applicable, under the Privacy Rule, Zencare will comply with the requirements of the Privacy Rule that apply to your compliance with such obligations.

b. By You. You will not request Zencare or the Services to use or disclose PHI in any manner that would not be permissible under HIPAA if done by a Covered Entity itself (unless otherwise expressly permitted under HIPAA for a Business Associate). In connection with your management and administration of the Services for end users, you are responsible for using the available controls within the Services to support your HIPAA compliance requirements, including enforcing appropriate controls to support your HIPAA compliance. You will not use the Services to create, receive, maintain or transmit PHI to other Zencare services outside of the included Services, except where Zencare has expressly entered into a separate HIPAA business associate agreement for use of such Zencare services. If you use the Services in connection with PHI, you will use controls available within the Services to ensure (1) all other Zencare products not part of the Services are disabled for all end users who use the included Services in connection with PHI (except those services where the end user and Zencare already have an appropriate HIPAA business associate agreement in place); and (2) you take appropriate measures to limit your use of PHI in the Services to the minimum extent necessary for you to carry out your authorized use of such PHI. You agree that Zencare has no obligation to protect PHI under this BAA to the extent you create, receive, maintain or transmit such PHI outside of the Services.

5. Appropriate Safeguards

Zencare and you will use appropriate safeguards designed to prevent against unauthorized use or disclosure of PHI, consistent with this BAA, and as otherwise required under the Security Rule, with respect to the Services.

6. Reporting

Zencare will promptly notify you following the discovery of a breach or security incident resulting in the unauthorized use or disclosure of PHI in violation of this BAA in the most expedient time possible under the circumstances, consistent with the legitimate needs of applicable law enforcement and applicable laws, and after taking any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the Services system by using commercially reasonable efforts to mitigate any further harmful effects to the extent practicable. You hereby agree that any such report, notification or other notice made pursuant to this BAA may be provided electronically. For clarity, you and not Zencare are responsible for managing whether your end users are authorized to create, receive, maintain or transmit PHI within the Services and Zencare will have no obligations relating thereto. This Section will be deemed as notice to you of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents and even if such events are defined as a Security Incident under HIPAA, Zencare will not provide any further notice regarding such unsuccessful attempts.

7. Agents and Subcontractors

Zencare will take appropriate measures to ensure that any agents and subcontractors used by Zencare to perform its obligations under the BAA that require access to PHI on behalf of Zencare are bound by written obligations that provide the same material level of protection for PHI as this BAA. To the extent Zencare uses agents and subcontractors in its performance of obligations hereunder, Zencare will remain responsible for their performance as if performed by Zencare itself under this BAA.

8. Access to Records; Amendment of Records; and Accounting of Disclosures.

Zencare will make available to you the PHI via the Services so you may fulfill your obligation to preserve individuals’ right of access to records, right to amend records, and right to receive an accounting of disclosures in accordance with the requirements under HIPAA. You are responsible for managing your use of the Services to appropriately respond to such individual requests.

9. Access to Records

To the extent required by law, and subject to applicable attorney client privileges, Zencare will make its internal practices, books and records concerning the use and disclosure of PHI received from you, or created or received by Zencare on behalf of you, available to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) for the purpose of the Secretary determining compliance with this BAA.

10. Term

This BAA will expire upon the earlier of: (i) the termination or expiration of the Services to which this BAA applies; or (ii) your acceptance of an updated HIPAA business associate agreement that supersedes this BAA.

11. Termination.

a. Termination for Cause. Zencare authorizes termination of this BAA by you, to the extent you are acting as a Covered Entity, if you determine Zencare has violated a material term of the BAA. You will provide Zencare with written notice of the breach of this BAA and give Zencare the opportunity to cure the breach within 30 days.

b. Return and Destruction of PHI. Zencare agrees that upon termination of the BAA, Zencare will return or destroy all PHI received from you, or created or received by Zencare on behalf of you, which Zencare still maintains as provided in the Terms of Use; provided, however, that if such return or destruction is not feasible, Zencare will extend the protections of this BAA to the PHI not returned or destroyed and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible. In the event this BAA is terminated earlier than the underlying Terms of Use, you may continue to use the Services in accordance with the Terms of Use, but must delete any PHI you maintain in the Services and cease to create, receive, maintain or transmit such PHI to Zencare or within the Services.

12. Interpretation

It is the parties’ intent that any ambiguity under this BAA be interpreted consistently with the intent to comply with applicable laws.

13. Effect of Agreement

This BAA supersedes in its entirety any pre-existing HIPAA business associate agreement executed by Zencare and you covering the same Services. Each covenant and agreement in this BAA shall be construed for all purposes to be a separate and independent covenant or agreement. If a court of competent jurisdiction holds any provision (or portion of a provision) of this BAA to be illegal, invalid or otherwise unenforceable, the remaining provisions (or portions of provisions) of this BAA shall not be affected thereby and shall be found to be valid and enforceable to the fullest extent permitted by law. In the event there is a conflict between the provisions of this BAA and either the provisions of the Terms of Use or the Privacy Policy, the provisions of this BAA shall control.

14. Construction of Terms; Interpretation

The terms of this BAA will be construed in light of any applicable interpretation or guidance on the HIPAA Rules issued by the Secretary. Any ambiguity in this BAA shall be interpreted to permit compliance with the HIPAA Rules.

15. Conflicts

If there is any direct conflict between an underlying agreement and this BAA with respect to PHI, the terms and conditions of this BAA shall control.

16. Independent Contractor

Zencare will be considered an independent contractor, and Zencare will not, directly or indirectly, act as your agent or employee or make any commitments or incur any liabilities on behalf of you without your written consent. Nothing in this BAA shall be deemed to create an employment, principal-agent, or partner relationship between the parties. Zencare shall retain sole discretion in the manner and means of carrying out its activities and responsibilities under this BAA.