Legal
Last updated: March 01, 2026
This Business Associate Agreement ("BAA") supplements and is made a part of the Terms of Service ("Agreement") between QuickGuard360, LLC ("Business Associate") and the customer ("Covered Entity") using QuickGuard360's platform and services.
This BAA is required under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and their implementing regulations at 45 CFR Parts 160 and 164 (collectively, "HIPAA Rules").
Capitalized terms not otherwise defined herein shall have the meanings set forth in the HIPAA Rules. "Protected Health Information" or "PHI" means any information, including electronic PHI (ePHI), that is created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity and that relates to: the past, present, or future physical or mental health condition of an individual; the provision of health care to an individual; or the past, present, or future payment for health care provided to an individual, and that identifies the individual or could reasonably be used to identify the individual.
Business Associate agrees to:
Not use or disclose PHI other than as permitted or required by this BAA or as required by law. Use appropriate administrative, physical, and technical safeguards to prevent unauthorized use or disclosure of PHI, in compliance with the HIPAA Security Rule. Report to Covered Entity any use or disclosure of PHI not provided for by this BAA of which it becomes aware, including any Security Incident or Breach of Unsecured PHI. In the event of a Breach of Unsecured PHI, Business Associate shall notify Covered Entity without unreasonable delay and in no case later than thirty (30) calendar days after discovery of the Breach.
Ensure that any subcontractors who create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions and conditions that apply to Business Associate under this BAA. Make available to Covered Entity the information required to provide an accounting of disclosures in accordance with 45 CFR § 164.528. Make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining compliance with the HIPAA Rules.
Business Associate may use or disclose PHI only as necessary to perform services on behalf of Covered Entity as specified in the Agreement, provided that such use or disclosure would not violate the HIPAA Rules if done by Covered Entity. Business Associate may use PHI for the proper management and administration of Business Associate, provided that any disclosures are required by law or Business Associate obtains reasonable assurance that the PHI will be held confidentially.
Covered Entity agrees to: notify Business Associate of any limitations on its use or disclosure of PHI; notify Business Associate of any changes in or revocation of permission to use or disclose PHI; not request Business Associate to use or disclose PHI in any manner that would violate the HIPAA Rules.
Business Associate shall implement and maintain safeguards including but not limited to: encryption of ePHI in transit and at rest; access controls limiting PHI access to authorized personnel; regular security assessments and vulnerability scanning; secure backup and disaster recovery procedures; workforce training on HIPAA security requirements; incident response procedures for security events.
In the event of a Breach of Unsecured PHI, Business Associate shall: notify Covered Entity within thirty (30) calendar days of discovering the Breach; provide Covered Entity with the identification of each individual affected; provide a description of the types of PHI involved; provide a description of the Breach, including the date of the Breach and date of discovery; provide any other details required under 45 CFR § 164.410. Business Associate shall cooperate with Covered Entity in meeting its obligations under the Breach Notification Rule.
This BAA shall remain in effect for the duration of the Agreement. Upon termination of the Agreement, Business Associate shall, at the direction of Covered Entity, return or destroy all PHI received from Covered Entity or created or received on behalf of Covered Entity. If return or destruction is not feasible, Business Associate shall extend the protections of this BAA to the PHI and limit further uses and disclosures to those purposes that make return or destruction infeasible.
This BAA may be amended only by written agreement of both parties. The parties agree to negotiate in good faith any amendments to this BAA necessary to comply with changes in HIPAA Rules or other applicable law.
This BAA shall be governed by federal law, including the HIPAA Rules, and to the extent not preempted by federal law, the laws of the State of Texas.
All QuickGuard360 customers on paid plans are covered by this BAA upon acceptance of the Terms of Service. A countersigned copy of this BAA is available upon request.
For questions regarding this BAA or to request a countersigned copy:
QuickGuard360, LLC
HIPAA Privacy Officer
Email: compliance@quickguard360.com
Web: quickguard360.com/contact