GMB Billing Firm

Business Associate Agreement

Template for review by legal counsel. Do not rely on this as legal advice.

This Business Associate Agreement (“Agreement”) is entered into by and between the covered entity identified below (“Covered Entity”) and GMB Billing Firm (“Business Associate”).

1. Parties

Covered Entity: ________________________________

Business Associate: GMB Billing Firm

Effective Date: ________________________________

2. Purpose

Business Associate may create, receive, maintain, or transmit Protected Health Information (“PHI”) on behalf of Covered Entity solely to provide medical billing, coding, claim review, denial management, reporting, and related administrative services.

3. Permitted Uses and Disclosures

To perform services for Covered Entity under a written services agreement.
To support claim preparation, coding review, denial review, appeals, and revenue cycle management.
As required by law.

4. Prohibited Uses

Business Associate shall not sell PHI.
Business Associate shall not use PHI for unrelated marketing.
Business Associate shall not disclose PHI except as permitted by this Agreement or required by law.

5. Safeguards

Business Associate shall use reasonable administrative, physical, and technical safeguards to protect PHI and shall comply with applicable requirements of the HIPAA Security Rule.

6. Reporting

Business Associate shall report to Covered Entity any unauthorized use or disclosure of PHI, security incident, or breach of unsecured PHI without unreasonable delay and in accordance with applicable law.

7. Subcontractors

Business Associate shall ensure that subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to substantially similar restrictions and safeguards.

8. Access, Amendment, and Accounting

Business Associate shall reasonably assist Covered Entity in responding to individual requests for access, amendment, and accounting of disclosures as required by HIPAA.

9. Minimum Necessary

Business Associate shall request, use, and disclose only the minimum necessary PHI needed to perform services.

10. AI and Third-Party Technology

Business Associate shall not submit PHI to third-party AI systems unless the applicable third party is approved for PHI processing and appropriate contractual safeguards, including a Business Associate Agreement where required, are in place.

11. Termination

Upon termination, Business Associate shall return or securely destroy PHI where feasible, or continue to protect PHI if return or destruction is infeasible.

12. Signatures

Covered Entity: ________________________________ Date: ____________

GMB Billing Firm: ________________________________ Date: ____________

For BAA requests, call 305-482-1491 or use the contact form.