Get Started Free

Terms of Service Agreement

Last updated: January 8, 2026 

This Agreement describes the terms and conditions applicable to the use of the ChartAI App, software, content and online services made available through the General Technologies website, ChartAI website, and through the ChartAI App (collectively, the “Service”) by authorized users.

This is a binding agreement between General Technologies. (“us”, “we”) and You (“you”, “your”) for the Service. Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.

This agreement (“Agreement”) is incorporated and made part of the Subscription Form (“Subscription”, the “Purchase”) between you and/or your company (collectively the “Customer” or “You”, as defined in the Purchase), and us, pursuant to which you purchased access to the Service.

We may change this Agreement at any time without prior written notice to you. If you use the Service after such change you hereby agree to such change. It is your responsibility to read the Agreement carefully each time you access the Service. We will provide notice that a change has been made to the Agreement.

To the extent of any direct conflicts, this Agreement shall take precedence over the Subscription Form.

ACCOUNTS AND REGISTRATION

To access the Service, you must register for and hold an account. By creating an account, you confirm that you possess the legal right and ability to enter into a legally binding agreement with us and agree to use the Service only in accordance with these Terms. As part of the registration process, you will identify an administrative user name and password for your Company account. You are responsible for keeping this username and password secure and are responsible for all use and activity carried out under your account. We reserve the right to refuse registration of, or cancel passwords we deem inappropriate.

PRIVACY AND COOKIES POLICY

In the performance of these Terms, each party must comply with applicable privacy laws in respect of any personal information, including without limitation PIPEDA, applicable provincial private-sector privacy laws (including British Columbia’s PIPA, Alberta’s PIPA, and Québec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), the  General Data Protection Regulation (GDPR) in the European Union, and the California Consumer Privacy Act (CCPA) in the United States.

You agree that our Privacy Policy which includes our Cookies Policy are made part of the terms of the Purchase for the Services and acknowledge having reviewed them prior to using the Services.

BUSINESS ASSOCIATE AGREEMENT (HIPAA)

If Customer is a ‘Covered Entity’ or ‘Business Associate’ under HIPAA and Customer’s use of the Service involves Protected Health Information (‘PHI’), then prior to using the Service to create, receive, maintain, or transmit PHI, Customer and General Technologies must enter into General Technologies’ Business Associate Agreement (‘BAA’), Schedule A attached to and forming part of this agreement between us.  The BAA is incorporated by reference and forms part of these Terms when executed by the parties. In the event of any conflict between the BAA and these Terms (or the Privacy Policy), the BAA will control with respect to PHI and HIPAA-related obligations.

PERSONAL INFORMATION NOTICE

We collect, store, use, and disclose personal information about you and your patients in order to provide you with the Service and for other purposes set out in our Privacy Policy.

Our Privacy Policy explains:

  • How we store and use your personal information, and how you may access and correct it.
  • How you can lodge a complaint regarding the handling of your personal information.
  • How we will handle any complaint.

For further information about our privacy practices, you can view our Privacy Policy or contact us at privacy@generaltech.io.

By providing your personal information to us, you consent to the collection, use, storage, and disclosure of that information as described in these Terms and our Privacy Policy. We may disclose personal information only (a) to service providers acting on our behalf under written agreements requiring confidentiality, appropriate safeguards, and use solely to provide services to us, (b) to parties you authorize (including via integrations), and/or (c) as required by law.  If you do not provide this information, we will not be able to provide the Service to you.

USE OF DEIDENTIFIED INFORMATION

We may de-identify personal information, including personal health information, in accordance with applicable law. For U.S. HIPAA-regulated information, de-identification will be performed in accordance with 45 C.F.R. § 164.514. For GDPR-regulated information, information will be treated as anonymized only where it is rendered non-identifiable consistent with Recital 26.

We may use and disclose information only in de-identified/anonymized form to make relevant functionality available to you and as otherwise described in our Privacy Policy, including disclosure to contracted service providers operating the Service on our behalf. We will take reasonable steps to prevent de-identified/anonymized information from being re-identified.

SAAS SERVICES AND SUPPORT

Subject to the terms of this Agreement, we will use commercially reasonable efforts to provide you the Services and reasonable technical support services related to the Services.

RESTRICTIONS AND RESPONSIBILITIES

You will only access the Services in compliance with the terms of this Agreement. You will use the Services only in compliance with our Policies then in effect and all applicable laws and regulations.

You must:

  • Receive consent from your patient to share personal and sensitive information with us if mandatory in your jurisdiction.
  • Represent and warrant that you have secured all necessary authorizations and current consents from your patients to disclose their personal information (including sensitive information) to us. This consent is required so that we may collect, use, store, and disclose this information for the purpose of operating the Service as described in our Privacy Policy, ensuring that such action does not infringe on any law or the rights of any individual.
  • Notify us immediately if you become aware of any problem or incident associated with the Service that has caused, or could cause, harm to patients or others.
  • Notify us immediately if you become aware of any actual or potential defect in the Service or any complaint reported by any person in connection with the Service.

Except as otherwise permitted under these Terms, you will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by us or authorized within the Services); use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels.

You shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, mobile devices, modems, hardware, servers, software, operating systems, networking, web servers and the like. You shall also be responsible for maintaining the security of the Equipment, your account, passwords and files, and for all uses of your account or the Equipment with or without your knowledge or consent.

THIRD-PARTY FUNCTIONALITY

The Service’s functionality may involve the use of software, data, applications, services, or content that is provided to us by third parties (“Third-Party Functionality”). You agree to comply with any reasonable additional terms notified to you by us in respect of the use of Third-Party Functionality. If you do not agree to comply with those terms, we may need to terminate your account.

CONFIDENTIALITY; PROPRIETARY RIGHTS

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information”). Our Proprietary Information includes non-public information regarding features, functionality, and performance of the Service. Your Proprietary Information includes non-public data provided by you to us to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use or divulge to any third person any such Proprietary Information, except in performance of the Services.

You shall own all right, title, and interest in and to the Customer Data. You grant to us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free licence to use de-identified/anonymized material you provide or otherwise make available to us for the purpose of making Service functionality available to you, and as otherwise permitted by these Terms; any sublicensing is limited to our service providers/subcontractors operating the Service on our behalf under written confidentiality and security obligations

Notwithstanding anything to the contrary, we shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and we will be free (during and after the Term) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business.

To enable us to use your feedback for our business purposes and to improve the Service, you agree to grant us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, sublicensable license to use feedback you provide to us. This allows us to make improvements to the Service from your suggestions, enhancement requests, and recommendations without restriction or payment.

We shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with the implementation services or support, and (c) all intellectual property rights related to any of the foregoing.

PAYMENT OF FEES

Fees
You agree to pay all fees specified in your Order Form. Unless otherwise stated in this Agreement or your Order Form:

  • fees are based on the subscription plan purchased,
  • all payments are non-cancellable and non-refundable, and
  • you may not reduce the quantity of services during the current subscription term.

Invoicing and Payment

You must provide a valid, up-to-date credit card, purchase order, or another acceptable payment method. By submitting your credit card information, you authorise General Technologies to charge it for the full amount of your subscription—both for the initial term and any renewal periods. Charges will be processed in advance, either annually or according to the billing frequency listed in your Order Form.
If you’re paying by invoice rather than credit card, we will bill you in advance as outlined in the Order Form. Invoiced fees are due upon purchase unless otherwise stated. You are responsible for keeping your billing and contact information accurate and up to date.

Late Payments
If payment isn’t received by the due date, General Technologies may:

  • charge late fees at 1.5% per month on the outstanding balance (or the highest rate allowed by law, if lower), and/or
  • require prepayment or shorter payment terms for future subscriptions or renewals.

Service Suspension and Accelerated PaymentsIf any unpaid amount remains overdue for 30 days—or 10 days in cases of failed credit card charges—General Technologies may:

  • suspend your access to the services, and/or
  • accelerate the full balance of all fees due, making them immediately payable.
    We’ll provide at least 10 days’ notice before suspending services, except in cases of declined credit card or direct debit transactions.

Payment Disputes
We won’t enforce late charges or suspend services if you’re disputing a charge in good faith and working promptly with us to resolve the issue.

Taxes
 All fees are exclusive of taxes, levies, duties, or similar government charges (collectively, “Taxes”). You’re responsible for paying all applicable Taxes related to your purchase. If General Technologies is required to collect Taxes on your behalf, we’ll include them on your invoice unless you provide a valid tax exemption certificate. We remain responsible only for taxes assessed on our own income, property, or employees.

Changes to Fees
We may revise our pricing or introduce new charges with 30 days’ notice (which may be sent by email). Continued use of the services after the notice period constitutes your agreement to the updated pricing.

Billing Issues
If you believe you were billed incorrectly, notify us within 45 days of the invoice date by contacting us at accounting@generaltech.io. We will investigate the issue in good faith.

Subscription Renewals
Your subscription will automatically renew at the end of each term unless you cancel before the renewal date. Cancellations take effect after the current subscription period ends. We do not offer refunds or credits for partial periods, unless explicitly stated otherwise in these Terms.

FREE TRIAL TERMS

If you register on General Technologies’ website for a free trial, we will provide access to the applicable service(s) at no charge until the earlier of:
(a) the end of the designated trial period,
(b) the start date of any paid subscription for the service(s), or
(c) termination of the trial at our sole discretion.

Additional terms may be specified on the trial registration page. These are incorporated into this agreement by reference and are legally binding.

Important Notice About Trial Use:

  • Some features or functionalities available in the paid version may be limited or inaccessible during the trial.
  • Data entered and customisations made during the trial may not carry over unless you upgrade to a paid subscription.
  • If you switch to a different service tier after the trial, feature availability and data access may vary depending on the selected plan.

Disclaimer of Warranties & Limitation of Liability During Trial:
During the trial, services are provided strictly “as-is” and without warranty. General Technologies assumes no liability or indemnification obligations for the trial period, except where such exclusions are not enforceable under applicable law. In such cases, liability is limited to a maximum of $100.00.

General Technologies makes no guarantees that:
(a) the services will meet your requirements,
(b) the services will be uninterrupted, secure, or error-free, or
(c) any usage data provided will be accurate.

Despite any other terms in this agreement, you remain fully liable for:

  • any damages resulting from your use of the services during the trial,
  • any breach of this agreement, and
  • your indemnification obligations.

You are encouraged to review the service documentation during the trial to understand its features and functions before committing to a purchase.

TERM AND TERMINATION

We may suspend your access or use of the Service and terminate this Agreement for your failure to make payment, for any violation of this Agreement, submission of false information, or for offensive or defamatory language submitted to the Service. We may also terminate these Terms if we withdraw the Service from the market, provided you will be entitled to a pro-rata refund of fees paid.

You may terminate your use of the Service at any time through your account settings or by emailing us. Such termination will take effect the day after the last day of your current subscription period, and we will not refund any fees that you have already paid.

Upon termination, we will retain, return, or delete Customer Data in accordance with our Privacy Policy and applicable law, subject to legally required retention. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.

FAIR USE POLICY

Storage:

The services provided under this Agreement allow you to store customer data. To make sure that there is enough storage for all customers, we have expectations for the amount of customer data for each customer, based on Service Capacity. We have made sure that all customers will have plenty of storage space when the services are used normally. If we detect that you save excessive customer data, then we will contact you to find a solution.

Network Traffic and Bandwidth:

To prevent a negative effect of excessive network traffic on your user experience or that of others, we may monitor your network traffic and bandwidth use and compare it to the average use for our customers based on Service Capacity. If we detect a situation that could lead to a decrease in service for customers, we will contact you to discuss the situation.

Urgent and Extreme Cases:

In an urgent or extreme case, for example where services (for you or other customers) are likely to be significantly impacted, or where we believe your system or our system is under attack (a DDOS – denial of service attack, for instance) or where we believe your system or ours has been compromised (for example a hacker or potential a security breach) we may stop the services, or temporarily block your access to them. We will use reasonable efforts to provide notice prior to doing so. In some cases, even without an attack or breach, if your use of the services continues to impact other customers, is expected to do so, or is generating costs that are not normal when compared to other customers, we may isolate your services and pass the costs on to you. We will use reasonable efforts to provide you notice prior to doing so.

You shall implement current industry standard physical, administrative, and technical measures to (a) restrict access and use of the services under this Agreement, (b) maintain the security and integrity of the services accessible on or through your network, and (c) ensure that all users are notified of and comply with the usage restrictions set forth in this Agreement. Each of your users shall utilize the services only for the purposes of catering to your patients/customers and for no other commercial or research purpose. In the event the usage of the services for any given individual login of yours exceeds 50 patients per week, the Company may charge additional fees under the terms of the Agreement.

WARRANTY AND DISCLAIMER

No Professional Medical or Healthcare Advice:

You agree that your use of the Service is solely for the purposes of supporting your administrative processes. You must exercise all necessary, and final, professional and medical decisions in relation to a patient’s diagnosis, advice, or treatment. You further agree and acknowledge that the Service does not: (a) constitute or make out to be a medical device; (b) constitute professional medical or healthcare advice, diagnosis or recommendation of treatment, or replace professional medical advice; or (c) directly diagnose or treat a patient’s illness or disability. You agree that you must not frame or suggest that the Service constitutes professional medical or healthcare advice or that it can be relied upon without independent consideration and confirmation by a qualified medical practitioner.

Disclaimer:

We shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by us or by third-party providers, or because of other force majeure events beyond our reasonable control. 

HOWEVER, WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DO WE MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES57. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

OUR (AND OUR LICENSORS AND SUPPLIERS) TOTAL CUMULATIVE LIABILITY TO YOU FOR ANY AND ALL CLAIMS ARISING FROM OR IN CONNECTION WITH THIS AGREEMENT (UNDER ANY LEGAL THEORY INCLUDING CLAIMS IN CONTRACT OR TORT), THE SERVICE AND THIS AGREEMENT, WILL NOT EXCEED THE AMOUNTS ACTUALLY PAID TO US BY YOU IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING YOUR FORMAL WRITTEN NOTICE OF THE CLAIM FOR LIABILITY HEREUNDER. ALL CLAIMS THAT YOU MAY HAVE AGAINST US WILL BE AGGREGATED TO SATISFY THIS LIMIT AND MULTIPLE CLAIMS WILL NOT ENLARGE THIS LIMIT. IN NO EVENT WILL WE OR OUR LICENSORS OR SUPPLIERS BE LIABLE FOR SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT (UNDER ANY LEGAL THEORY INCLUDING CLAIMS IN CONTRACT OR TORT), INCLUDING, BUT NOT LIMITED TO, INTERRUPTED COMMUNICATIONS, LOST DATA OR LOST PROFITS, AND DAMAGES THAT RESULT FROM INCONVENIENCE, DELAY OR LOSS OF USE OF ANY INFORMATION OR DATA OR OF THE SERVICE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY PROVIDED HEREIN.

NO CLASS ACTION OR JURY TRIAL

You agree that, with respect to any dispute with us (and our licensors and suppliers) arising out of or relating to your use of the Service or this Agreement: YOU HEREBY GIVE UP YOUR RIGHT TO HAVE A TRIAL BY JURY; and YOU HEREBY GIVE UP YOUR RIGHT TO SERVE AS A REPRESENTATIVE, AS A PRIVATE ATTORNEY GENERAL, OR IN ANY OTHER REPRESENTATIVE CAPACITY, OR TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS, IN ANY LAWSUIT INCLUDING BUT NOT LIMITED TO CLASS ACTION LAWSUITS INVOLVING ANY SUCH DISPUTE.

RELEASE AND INDEMNITY. ANY DISPUTE IS YOUR OWN

By using this Service, you agree to accept such risks and acknowledge that we are not responsible for the acts or omissions of our users. You hereby release us from all claims, demands, and damages of every kind, nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with any such dispute now or in the future. You will defend, indemnify and hold us harmless from any claims, actions, amounts, fees, damages or costs attributable to any of the following: (a) your use or access to the Service (including claims by any user or patient of any user); or (b) allegations that your User Generated Content infringes, violates or misappropriates any intellectual property or any other right of a third party or otherwise causes harm to a third party.

NO AGENCY OR PARTNERSHIP

The parties to this Agreement are independent contractors. WE ARE NOT AN AGENT, PROMOTER, RESELLER, AFFILIATE, PARTNER OR JOINT VENTURER WITH YOU OR ANY OTHER CUSTOMER.ASSIGNMENT

We may assign any or all of its rights hereunder to any party without your consent. You will not assign this Agreement or any of your rights or obligations without our prior written consent, and any such attempted assignment will be void and unenforceable. This Agreement will be binding upon the parties’ respective successors in interest and permitted assigns.

ENTIRE AGREEMENT

This Agreement, together with the Privacy Policy of the Service, constitutes the entire agreement between us and you regarding the subject matter of this Agreement, and supersedes and replaces all prior or contemporaneous communications whether electronic, oral or written between the Service and you with respect to such subject matter.

GOVERNING LAW

The laws of the province of British Columbia and the laws of Canada will govern this Agreement and the use of the Service. The parties hereby agree to irrevocably attorn to the exclusive jurisdiction of the Province of British Columbia for any claim, action or proceeding arising out of or related to this Agreement, except that we may bring any action, claim or proceeding for injunctive relief in any jurisdiction.

MISCELLANEOUS

If any portion of this Agreement is deemed unlawful, void or unenforceable by any arbitrator or court of competent jurisdiction, this Agreement as a whole shall not be deemed unlawful, void or unenforceable, but only that portion of this Agreement that is unlawful, void or unenforceable shall be stricken from this Agreement. If we do not exercise or enforce any legal right or remedy which is contained in the Agreement (or which we have the benefit of under any applicable law), this is not a formal waiver of our rights, and those rights or remedies will still be available to us. All covenants, agreements, indemnities, representations and warranties made by you in this Agreement shall survive your acceptance of this Agreement and the termination of this Agreement.

SCHEDULE A

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“BAA”) is by and between General Technologies Inc., together with its subsidiaries and affiliates, including without limitation those providing the ChartAI product and related services (collectively, “Business Associate”), and Customer (“Covered Entity”), and is effective as of the Effective Date.

RECITALS

WHEREAS, pursuant to the applicable agreement between the parties (including any terms of use, subscription agreement, services agreement, order form, statement of work, or similar written or electronic agreement governing the services) (the “Services Agreement”), Business Associate will provide certain services to, for, or on behalf of Covered Entity involving the use or disclosure of Protected Health Information (“PHI”), and pursuant to such Services Agreement, Business Associate may be considered a “business associate” of Covered Entity; and

WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the Services Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR Parts 160 and 164 (the “HIPAA Rules”), and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”), in each case as amended from time to time; and

WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the HIPAA Rules and the HITECH Act, as the same may be amended from time to time.

NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this BAA, the parties agree as follows:

DEFINITIONS

Capitalised terms used but not otherwise defined in this BAA shall have the same meaning as set forth in 45 CFR Parts 160, 162 and 164, and the HITECH Act.

OBLIGATIONS OF BUSINESS ASSOCIATE

Permitted Uses and Disclosures:

Business Associate agrees to only use or disclose PHI as necessary to perform the services set forth in the Services Agreement, as permitted under this BAA, or as Required by Law.

Business Associate shall have the right to de-identify PHI, provided that Business Associate implements a de-identification process that conforms to the requirements of 45 C.F.R. § 164.514(a)–(c) (“De-identified Data”). Business Associate may use De-identified Data to provide, maintain, protect, and improve the Services (including analytics, benchmarking, and quality assurance). Business Associate may disclose De-identified Data only (i) to its subcontractors and service providers that are performing functions on Business Associate’s behalf under written agreements requiring confidentiality and appropriate safeguards, and/or (ii) in aggregated form that does not identify any Individual. Business Associate will not attempt to re-identify De-identified Data except as necessary to validate de-identification controls.

Covered Entity retains all right, title, and interest in PHI. Business Associate retains all right, title, and interest in its de-identification methods and in De-identified Data to the extent created or derived by Business Associate through the Services, excluding any rights in Covered Entity’s underlying PHI.

Nondisclosure:

Business Associate shall not use or further disclose PHI other than as permitted or required by this BAA.

Safeguards:

Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this BAA. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities.

Reporting of Disclosures; Mitigation:

Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for by this BAA, including breaches of unsecured PHI as required by Section 2(k), and shall mitigate, to the extent practicable, any harmful effect known to Business Associate of a use or disclosure of PHI in violation of this BAA.

Business Associate’s Agents and Subcontractors:

Business Associate shall ensure that any subcontractors, agents, or other third parties to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree in writing to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such PHI, including compliance with the Security Rule where applicable.

Availability of Information to Covered Entity:

Business Associate shall make available to Covered Entity (or, as directed by Covered Entity, to an Individual) such information as Covered Entity may reasonably request, and in the time and manner designated by Covered Entity, to enable Covered Entity to fulfil its obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the HIPAA Rules, including, without limitation, 45 CFR §§ 164.524 and 164.528.

Amendment of PHI:

Business Associate shall make any amendments to PHI in a Designated Record Set that Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity, to enable Covered Entity to fulfil its obligations (if any) to amend PHI pursuant to HIPAA and the HIPAA Rules, including, without limitation, 45 CFR § 164.526.

Internal Practices:

Business Associate shall make its internal practices, books, and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary of the U.S. Department of Health and Human Services (“Secretary”), in a time and manner designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA and the HIPAA Rules.

Documentation of Disclosures for Accounting:

Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

Access to Documentation for Accounting:

Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner designated by Covered Entity, information documented in accordance with Section 2(i) of this BAA to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

Notification of Breach:

During the Term of this BAA, Business Associate shall notify Covered Entity within ten (10) days of Discovery of any Breach of Unsecured PHI. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information reasonably necessary for Covered Entity to meet applicable breach notification requirements, in the manner and format specified by Covered Entity.

Minimum Necessary:

When using, disclosing, or requesting PHI from the Covered Entity (or otherwise pursuant to this BAA), Business Associate shall limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request, in accordance with HIPAA and the HIPAA Rules.

OBLIGATIONS OF COVERED ENTITY

Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy, and security of PHI transmitted to Business Associate pursuant to this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA Rules, until such PHI is received by Business Associate.

Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice.

Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures.

Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction affects Business Associate’s permitted or required uses or disclosures.

TERM AND TERMINATION

Term

The term of this BAA shall become effective as of the Effective Date and shall terminate when all PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with Section 5(b). The provisions of this BAA shall survive termination to the extent necessary for compliance with HIPAA and the HIPAA Rules.

Material Breach

A material breach by either party of any provision of this BAA shall constitute a material breach of this BAA if such breach is not cured by the breaching party within thirty (30) days after notice from the non-breaching party.

Reasonable Steps to Cure Breach

If either party learns of an activity or practice of the other party that constitutes a material breach or violation of this BAA, then the non-breaching party shall notify the breaching party of the breach and the breaching party shall take reasonable steps to cure such breach or violation within a period of time which shall in no event exceed thirty (30) days. If the breaching party’s efforts to cure are unsuccessful, the non-breaching party shall either terminate this BAA, if feasible, or if termination is not feasible and the breaching party has violated the HIPAA Rules, the non-breaching party may report the breach or violation to the Secretary.

Judicial or Administrative Proceedings

Either party may terminate this BAA, effective immediately, if the other party is named as a defendant in a criminal proceeding for an alleged violation of HIPAA, or a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other applicable security or privacy laws is made in any administrative or civil proceeding in which the party has been joined.

EFFECT OF TERMINATION

Except as required by law or regulation to be maintained by Business Associate, upon termination of this BAA for any reason, Business Associate shall, at Covered Entity’s expense, return to Covered Entity or destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI in the possession of Business Associate’s subcontractors or agents.

In the event Business Associate determines that returning or destroying PHI is infeasible, Business Associate shall provide Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. The obligations of Business Associate under this Section shall survive the termination of this BAA.

AMENDMENT TO COMPLY WITH LAW

The parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of this BAA may be required to provide for procedures to ensure compliance with such developments. The parties agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws relating to the security or confidentiality of PHI. Upon request of either party, the parties shall promptly enter into negotiations concerning an amendment to this BAA embodying written assurances consistent with such standards and requirements. Either party may terminate this BAA upon thirty (30) days’ written notice if the other party does not promptly enter into negotiations to amend this BAA when requested, or does not enter into an amendment providing assurances that satisfy applicable standards and requirements.

NO THIRD PARTY BENEFICIARIES

Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate, and their respective successors and assigns, any rights, remedies, obligations, or liabilities whatsoever, and no other person or entity shall be a third party beneficiary of this BAA.

EFFECT ON SERVICES AGREEMENT

Except as specifically required to implement the purposes of this BAA, all other terms of the Services Agreement remain in full force and effect. In the event of any conflict between this BAA and the Services Agreement (including any Terms of Service or Privacy Policy incorporated into the Services Agreement), this BAA will control with respect to PHI and HIPAA-related obligations.

INTERPRETATION

This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Rules, and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favour of a meaning that permits Covered Entity to comply with the HIPAA Rules.

REGULATORY REFERENCES

A reference in this BAA to a section in the HIPAA Rules or the HITECH Act means the section as in effect or as amended, and for which compliance is required.

Get Started Free
Book a Demo

Available for download

ChartAI is PIPEDA and PHIPA compliant

Powered by:

Contact us at hello@chartai.ai

© 2025 General Technologies Inc. All Rights Reserved.

Get Started Free