Business Associate Agreement
The terms a covered entity accepts to have Nextvisit process protected health information on its behalf. Current version: v3.2.
Last updated: July 7, 2026
Parties and purpose
This Business Associate Agreement ("Agreement") is entered into between Nextvisit AI Inc. ("Business Associate") and the licensed clinical practice that accepts these terms ("Covered Entity"). It governs the handling of Protected Health Information ("PHI") that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity in connection with the Nextvisit GO service.
1. Permitted Uses and Disclosures
Business Associate may use or disclose PHI only as necessary to perform the services provided to Covered Entity, as required by law, or as otherwise permitted by this Agreement. Business Associate will not use or disclose PHI in a manner that would violate the HIPAA Privacy Rule if done by Covered Entity.
2. Safeguards
Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, as required by 45 CFR §§ 164.308, 164.310, and 164.312, and shall comply with the applicable requirements of the HIPAA Security Rule.
3. Reporting
Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement of which it becomes aware, and shall report any Breach of Unsecured PHI without unreasonable delay and in no case later than 60 days after discovery.
4. Subcontractors
Business Associate shall ensure that any subcontractor that creates, receives, maintains, or transmits PHI on its behalf agrees in writing to restrictions and conditions at least as protective as those that apply to Business Associate under this Agreement.
5. Access, Amendment, and Accounting
Business Associate shall make PHI available to Covered Entity as necessary to satisfy Covered Entity's obligations to provide individuals access to, and amendment of, their PHI, and to provide an accounting of disclosures, under 45 CFR §§ 164.524, 164.526, and 164.528.
6. Term and Termination
This Agreement is effective on acceptance and continues until terminated. On termination, Business Associate shall, if feasible, return or destroy all PHI received from or created on behalf of Covered Entity; where return or destruction is not feasible, the protections of this Agreement continue for as long as the PHI is retained.
Acceptance
A workspace owner accepts this Agreement on behalf of their practice by signing it during setup. Acceptance is recorded with the signer's name, the version accepted, and a timestamp. A signed copy is available to the practice, and the terms remain in effect for as long as Nextvisit processes protected health information on its behalf.
This page is a plain-language summary, not legal advice. A production deployment handling protected health information must have these terms reviewed by counsel and backed by signed agreements (including BAAs with any subprocessors).