HIPAA Business Associate Agreement

This Business Associate Agreement applies when a covered entity or business associate uses Notat services to process protected health information under HIPAA.

This page is provided in English because the HIPAA BAA applies to United States customers.

Notat may use and disclose protected health information only as necessary to provide the services, support the customer, comply with law, and perform obligations described in the applicable service agreement.

Notat will not use protected health information for advertising, resale, or unrelated product purposes.

Notat will use appropriate administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of protected health information.

Notat will require subcontractors that create, receive, maintain, or transmit protected health information on Notat's behalf to agree to substantially similar restrictions and safeguards.

Notat will report security incidents and breaches of unsecured protected health information as required by HIPAA and the applicable service agreement.

Customers should direct HIPAA and security inquiries to [email protected].

Notat will reasonably assist customers with HIPAA access, amendment, restriction, and accounting obligations where those obligations apply to protected health information maintained in the services.

Upon termination, Notat will return or destroy protected health information where feasible and legally permitted. If return or destruction is infeasible, protections will continue for retained protected health information.

If this BAA conflicts with the Terms of Service or another agreement between the parties, this BAA controls only with respect to protected health information and HIPAA obligations.