Mpilo

Delivering Exceptional Care You talk, mpilo listens and scribes. Your most Secured and Compliant AI Assistant for Effortless, Accurate Medical Notes Get Started How does it work? mpilo, your secure AI medical assistant, listens to your consultations and auto-generates accurate SOAP notes, knowing security and compliance are never compromised. 1 Listen and Learn By simply clicking on "Start Consultation" mpilo listens to your patient-doctor interactions in real-time. No more scribbling notes—just focus on the conversation. 2 Customize Your Notes At the end of the consultation, we provide custom templates ranging from SOAP, General Medicine, Cardiology to Psychiatry and Diet. 3 Seamless Integration Review and edit your notes, then transfer to your favorite EHR. No more copy-pasting. Unburdened from administrative hassles, you can concentrate on delivering exceptional care Your Charting AI Assistant Empower AI to Handle the Heavy Lifting Fortify Your Operations We prioritize your patients' privacy. mpilo adheres to strict HIPAA regulations and employs robust security measures to safeguard sensitive medical data. Efficiency Unleashed mpilo takes over the exhaustive task of note-taking by intelligently transcribing and summarizing your consultations, reducing the burnouts popularly experienced by clinicians. Seamless Compliance Eliminate the burden of manual documentation. mpilo generates SOAP notes compliant with industry standards and regulations, giving you peace of mind. Clinical Precision Eliminate errors and inconsistencies in medical records by allowing mpilo to auto-generate accurate and detailed medical records, ensuring more quality patient interaction Adaptability Whether you’re an Orthopedic Surgeon, a Pediatrician, or a Cardilogist, mpilo tailors its notes to your specialty. It mimics your writing style, integrates your knowledge base, and even handles multi-speaker scenarios seamlessly. Your Style, Your Way Add sample notes to mimic your writing style. It’s like having a personal scribe who knows your preferences inside out. The right plan can change your work life Ready to experience the difference? 🚀 Free Best for enthusiasts $ 0 /month 15 Consultations No credit card required Get Started Most Popular ⚡️ Premium Best for maximum productivity $ 99 /month Everything from Free Unlimited Consultations Priority Support Get Started 👓 Enterprise Best for independent professionals $ Custom /month 1 Domain License Dedicated 24/7 Support Custom Domain Contact Us We don’t bill you automatically until your confirmation. We don’t store or sell your data to anyone. Frequently Asked Questions How is patient data protected in the app? Patient data is protected through a robust in-browser processing mechanism. Since all transcriptions and note generation occur directly within the user's browser, no patient data is transmitted to or stored on any external servers. This method ensures that sensitive information remains under the user's control at all times, significantly reducing the risk of data breaches. Is the data encrypted during transmission and storage? Since we do not transmit or store any patient data outside the user's device, all communications with our servers are encrypted by default. However, we recommend users ensure their browser and operating system are kept up to date with the latest security features to enhance protection during their use of the app. Who has access to the transcribed notes and the generated notes? Access to the transcribed and generated notes is exclusively controlled by the user. The app operates entirely within the user's browser, meaning that only the user, or those whom they choose to share their device with, can access the information. Our app does not have the capability to access or view any of the data processed by it. What steps are taken to ensure compliance with HIPAA (Health Insurance Portability and Accountability Act) or GDPR (General Data Protection Regulation) where applicable? Compliance with HIPAA, GDPR, and other relevant privacy regulations is achieved primarily by our data processing approach. By not storing or transmitting any patient data, we inherently reduce the scope of compliance requirements. Users are responsible for ensuring that their use of the app, including how they manage access to and sharing of their device, complies with applicable laws and regulations. We encourage users to maintain strong security practices, such as using secure browsers and regularly updating their devices, to further enhance privacy and compliance. Studies have shown that administrative tasks significantly contribute to healthcare professional burnouts. mpilo, by automating documentation, can help alleviate some of this administrative burden and potentially contribute to a reduction in burnout, allowing you to focus on your patients and practice medicine with renewed energy and focus. Ready to experience the difference? Don't wait to prioritize your patients and safeguard their data. Start your free trial today! Get started now --- We at Mpilo OÜ. (“Mpilo,” “we,” “us,” or “our”) have created this privacy policy (this “Privacy Policy”) because we know that you care about how information you provide to us is used and shared. This Privacy Policy relates to the information collection and use practices of Mpilo in connection with our website located at https://mpilo.ai (the “Website”), our proprietary Client Story Workflow platform (“Platform”) that is provided to you through the Website, and when you otherwise interact with us in any way. Description of Users and Acceptance of Terms This Privacy Policy applies to visitors to the Website, who view only publicly available content (“Visitors”), customers who have signed up to access and use the Platform (the “Customers”), and Customer’s employees and contractors authorized by Customer to access and use the Platform (“Authorized Users”). By visiting our Website, Visitors are agreeing to the terms of this Privacy Policy and the accompanying Terms of Use. By accessing and/or using the Platform, each Customer and Authorized User is agreeing to the terms of this Privacy Policy and the accompanying Master SaaS Agreement. Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use. The Information We Collect and/or Receive In the course of operating the Website and the Platform, and/or interacting with you, we will collect (and/or receive) the following types of information. You authorize us to collect and/or receive such information. Contact Information: When you contact us through the Website or schedule an appointment for a demo of our Platform, you will be asked to provide certain information, including but not limited to, your name, email address, company name, your title/role at the company, and any other information you are contacting us about (collectively, the “Contact Information”). The Contact Information is used to provide the requested service or information and to contact you for purposes of direct marketing of our current and future services. Account Information: In order to sign up to access and use our Platform, you will have to create an account on our Platform by providing a username and password (collectively, the “Account Information”). We use the Account Information to process the creation of your account, including to verify your identity, and to manage your account. Competition Entry Information: From time to time, we may conduct competitions. If you would like to reserve a spot to submit an entry in our competition, you will be asked to provide certain information, including but not limited to, your name, company name, your title/role at the company and email address (“Competition Entry Information”). Company Content: In using the Platform, you will provide us Company Content (as defined in the Master SaaS Agreement). We will use your Company Content (other than any personal information contained therein) in accordance with our Terms of Use. Any personal information contained in your Company Content will be used in accordance with this Privacy Policy. Other Information: In addition to the Contact Information, Account Information, Competition Entry Information, and Company Content, we may collect additional information (the “Other Information”). Such Other Information may include: From Your Activity: Information that we automatically collect when you visit the Website and the Platform, such as your IP addresses, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website and the Platform you visit, similar information concerning your use of the Website and the Platform. From Cookies: We collect information using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We use session cookies, which expire once you close your web browser, to help us collect Other Information and to enhance your experience using the Website and the Platform. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Website and the Platform may not function properly; please note that we do not use any third-party analytics or retargeting services. Third-Party Analytics: We may use one or more third–party analytics services (such as Google Analytics) to evaluate your use of the Website and the Platform, compile reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, data and time, amount of time spent on particular pages, what sections of the Website you visit, number of links clicked while on the Website and the Platform, search terms and other similar usage data), and analyze performance metrics. These third parties use cookies and other technologies to help analyze and provide us the data. By accessing the Website and/or the Platform, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy. For more information on these third parties, including how to opt out from certain data collection, please visit the sites below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Website and the Platform. For Google Analytics, please visit: https://www.google.com/analytics. How We Use and Share the Information You authorize us to use your Contact Information, Account Information, Competition Entry Information, Other Information, and personal information contained in your Company Content (collectively, the “Information”) to provide and improve our Website and Platform; to solicit your feedback; and to inform you about our company, products, and services. You also authorize us to use and/or share your Information as described below. Agents, Providers and Related Third Parties: We may engage other companies and individuals to perform certain business-related functions on our behalf. Examples may include providing technical assistance, order fulfillment, customer service, and marketing assistance. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law. We may also share your Information with any of our parent companies, subsidiaries, or other companies under common control with us. Aggregated Information: In an ongoing effort to better understand our users and our Website and Platform, we might analyze your Information in aggregate form in order to operate, maintain, manage, and improve the Website and Platform. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Website and Platform to current and prospective business partners and to other third parties for other lawful purposes. Business Transfers: As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, your Information may be part of the transferred assets. Legal Requirements: To the extent permitted by law, we may also disclose your Information: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such information is necessary or advisable, for example, to protect the rights, property, or safety of Mpilo or others. We will take reasonable measures to require that any party receiving any of your personal information from us undertakes to: (i) retain and use such information only for the purposes set out in this Privacy Policy; (ii) not disclose your personal information except with your consent, as permitted by law, or as permitted by this Privacy Policy; and (iii) generally protect the privacy of your personal information. Accessing and Modifying Information and Communication Preferences If you have provided us any personal information, you may access, remove, review, and/or make changes to the same by contacting us at info@mpilo.ai. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “Unsubscribe” link located on the bottom of any Mpilo marketing email. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases. How We Protect the Information We take commercially reasonable steps to protect your Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such information, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. External Sites The Website and Platform may contain links to External Sites. Mpilo has no control over the privacy practices or the content of these External Sites. As such, we are not responsible for the content or the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any External Sites. Children We do not knowingly collect personal information from children under the age of 18 through the Website and the Platform. If you are under 18, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information through the Website and The Platform without their permission. If you have reason to believe that a child under the age of 18 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases. Important Notice to Non-U.S. Residents The Website, the Platform and its servers are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us maybe transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to use our Website and/or Platform, you consent to any transfer and processing of your personal information in accordance with this Privacy Policy and you do so at your own risk. DO NOT TRACK We currently do not change our tracking practices in response to “do not track” settings in your browser. We may have our third-party partners, including web analytics companies, collect information about your online activities over time and across the Website and the Platform. These third parties may not change their tracking practices in response to DNT settings in your browser. Notice to California Residents Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact us via email at info@mpilo.ai. Nevada Privacy Rights If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties. You can exercise this right by contacting us at info@mpilo.ai with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. Changes to This Privacy Policy This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time with or without notice to you. Any such changes will be posted on the Website and the Platform. By visiting the Website, and/or accessing and/or using the Platform after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your information is governed by the Privacy Policy in effect at the time we collect the information. Please refer back to this Privacy Policy on a regular basis. Contact Us If you have any questions about this Privacy Policy or to report a privacy issue, please contact us in one of the following ways: Email: info@mpilo.ai Write to us at: Mpilo OÜ Liikuri tn 5b Tallinn, Estonia 13618 --- 1. Introduction Welcome to Mpilo OU ("Mpilo," "we," "us," or "our"). Mpilo is an Estonian company that provides an AI-powered scribing service (the "Service") using Microsoft Azure, Deepgram, and other technologies. By accessing or using our Service, you agree to be bound by these Terms of Service (the "Terms") and our Privacy Policy. If you do not agree to these Terms, please do not use our Service. 2. Service Description Mpilo's Service uses AI technology to transcribe and summarize live or recorded audio into notes. We utilize self-hosted and third-party technologies, including Microsoft Azure and Deepgram, to provide our Service. Mpilo has Business Associate Agreements (BAAs) in place with Microsoft Azure and Deepgram to ensure data privacy compliance. 3. Eligibility You must be at least 18 years old to use our Service. By agreeing to these Terms, you represent and warrant that you are at least 18 years old, have not been previously suspended or removed from our Service, and that your use of our Service complies with all applicable laws and regulations. 4. User Responsibilities As a user of our Service, you are responsible for: a. b. c. d. Ensuring the accuracy and completeness of the information you provide to us. Complying with all applicable laws, regulations, and rules related to your use of our Service and the data you submit. Obtaining all necessary consents and permissions from individuals whose data you submit to our Service. Maintaining the confidentiality of your access credentials (e.g., usernames and passwords). 5. Data Privacy and Security Mpilo is committed to protecting the privacy and security of your data. We have implemented appropriate technical and organizational measures to safeguard your data, including encryption of data at rest and in transit. Mpilo does not have access to any data submitted to or from the AI models, which is encrypted and only accessible to you. We only store encrypted keys that allow us to synchronize your notes across devices. 6. Intellectual Property All intellectual property rights in our Service and its content, features, and functionality are and shall remain the exclusive property of Mpilo and its licensors. Your use of our Service does not grant you any rights to such intellectual property, except as expressly set forth in these Terms or as otherwise granted by Mpilo in writing. 7. Limitation of Liability To the fullest extent permitted by law, Mpilo, its affiliates, and their respective officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from your access to or use of our Service or any content or data submitted to our Service. 8. Disclaimer of Warranties Mpilo provides its Service on an "as is" and "as available" basis, without any warranties or representations, express or implied. Mpilo does not warrant that its Service will be uninterrupted, error-free, or secure, or that any defects will be corrected. To the fullest extent permitted by law, Mpilo disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and noninfringement. 9. Indemnification You agree to indemnify, defend, and hold harmless Mpilo, its affiliates, and their respective officers, directors, employees, and agents from and against any claims, disputes, demands, liabilities, damages, losses, costs, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of our Service or your violation of these Terms. 10. Termination Mpilo reserves the right to suspend or terminate your access to its Service at any time, with or without cause, and with or without notice. Upon termination, your right to use our Service will immediately cease. Sections 5, 6, 7, 8, 9, 10, 12, 13, 14, and 15 shall survive termination of these Terms. 11. Modifications to the Terms Mpilo may revise these Terms from time to time. The most current version of the Terms will always be available on our website. By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised Terms. 12. Governing Law and Jurisdiction These Terms shall be governed by and construed in accordance with the laws of Estonia, without giving effect to any principles of conflicts of law. You agree that any action at law or in equity arising out of or relating to these Terms or your use of our Service shall be filed only in the state or federal courts located in Estonia, and you hereby consent and submit to the personal jurisdiction of such courts for the purposes of litigating any such action. 13. Severability If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. If any provision is deemed unlawful, void, or unenforceable, that provision shall be deemed severable from these Terms and shall not affect the validity and enforceability of any remaining provisions. 14. Entire Agreement These Terms, together with our Privacy Policy, constitute the entire agreement between you and Mpilo regarding your use of our Service and supersede all prior or contemporaneous understandings and agreements, whether written or oral, regarding such subject matter. 15. Contact Us If you have any questions about these Terms or our Service, please contact us at info@mpilo.ai. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ("BAA") is by and between Mpilo OÜ ("Business Associate"), and Customer ("Covered Entity"), and is effective as Effective Date. WHEREAS, the pursuant to these Terms of Use Business Associate will provide certain services to, for, or on behalf of Covered Entity involving the use or disclosure of Protected Health Information ("PHI"), and pursuant to such Terms of Use, Business Associate may be considered a "business associate" of Covered Entity; and WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the Provider Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ("HIPAA") and the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR § 160 and § 164 (the "HIPAA Rules"), and the Health Information Technology for Economic and Clinical Health Act of 2009 (the "HITECH Act"), in each case as amended from time to time; and WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the HIPAA Rules and the HITECH Act, as the same may be amended from time to time. NOW, THEREFORE, in consideration of the mutual agreement and covenants stated herein, the parties agree as follows: 1. Definitions. Terms used in this agreement but not otherwise defined in this BAA shall have the same meaning as set forth in privacy Standards and Security Standards 45 CFR Parts 160, 162 and 164, or the HITECH Act as the case may be. 2. Obligations of Business Associate. a. Permitted Uses and Disclosures. Business Associate agrees to use best measures to ensure that the usage or Disclosure of PHI is as necessary in order to perform the services set forth in the Substantive Agreement, as permitted under this BAA, or as Required by governing Laws. Business Associate may Use or Disclose such De-identified Data to third parties at its discretion, as such De-identified Data does not constitute PHI and is not subject to the terms of this BAA. Business Associate shall own all right, title and interest in and to such De-identified Data. b. NON-Disclosure/Confidentiality. Business Associate shall not unless as permitted under law or this BAA Disclose any PHI. c. Safeguards against misuse. Business Associate shall have the right to use all necessary measure including but not limited to technical, physical and administrative techniques to protect the PHI as well as de-identify any and all PHI, provided that Business Associate implements a de-identification process that conforms to the requirements of 45 C.F.R. 164.514(a)-(c) ("De-identified Data"). d. Reporting of Disclosures; security measures & Mitigation Business Associate shall promptly report to Covered Entity in writing any use or disclosure of PHI not provided for by this BAA of which Business Associate becomes aware. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA. This Report should be sent within 4 business days of the BAA being aware of the event. e. Business Associate’s Assigns. Business Associate shall ensure that any Assigns or subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI. It is the Responsibility of the BAA to ensure that the Assigns adhere and are bound by the terms herein. Business Associate shall notify Covered Entity, of all subcontracts and agreements relating to the Agreement, where the subcontractor or agent receives PHI as described in this BAA. Such notification shall occur within 30 (thirty) calendar days of the execution of the subcontract by placement of such notice on the Business Associate’s primary website or via email at the email of the BAA. f. Availability of Information to Covered Entity. Business Associate shall make available to Covered Entity (or, as directed by Covered Entity, to an Individual) such information as Covered Entity may request, and in the time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR §§ 164.524 and 164.528. Requests for information must be submitted at least 14 days in advance of the due date. g. Amendment of PHI. Business Associate shall make any amendments to PHI in a Designated Record Set as directed by the Covered Entity, and in the time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to amend PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR § 164.526, and Business Associate shall, as directed by Covered Entity, incorporate any amendments to PHI into copies of such PHI maintained by Business Associate. In the event that any Individual requests that Business Associate amend such Individual’s PHI or record in a Designated Record Set, Business Associate within ten business days will forward this request to Covered Entity. Any amendment of, or decision not to amend, the PHI or record as requested by an Individual and compliance with the requirements applicable to an Individual’s right to request an amendment of PHI will be the sole responsibility of Covered Entity h. Internal Practices. Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA, this BAA and the HIPAA Rules. The books and records shall be in compliance with the laid down method advanced by the covered entity and the HHS. i. Documentation of Disclosures for Accounting. Business Associate shall document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. This will also extend to if and to the extent that such accounting is required under the HITECH Act or under HHS regulations adopted in connection with the HITECH Act. Business Associate must furnish Covered Entity the following with respect to any covered disclosures by Business Associate: (i) the date of disclosure of PHI; (ii) the name of the entity or person who received PHI, and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure which includes the basis for such disclosure. j. Access to Documentation for Accounting. Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner designated by Covered Entity, information documented in accordance with Section 2(i) of this BAA in a time and manner as to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. k. Notification of Breach. During the Term of this BAA, Business Associate shall notify Covered Entity within ten (10) days of Discovery of any Breach of Unsecured PHI. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for Covered Entity to meet the requirements of said section, and in a manner and format to be specified by Covered Entity. 3. Obligations of Covered Entity. a. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the BAA and this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA Rules, until such PHI is received by Business Associate. b. Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice. c. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures. d. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction affects Business Associate’s permitted or required uses or disclosures. 4. Term and Termination. a. Term. The Term of this BAA shall become effective as of the Effective Date and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions of this Section. The provisions of this BAA shall survive termination of the BAA to the extent necessary for compliance with HIPAA and the HIPAA Rules. b. Material Breach. A material breach by either party of any provision of this BAA shall constitute a material breach of the BAA, if such breach is not cured by the breaching party within thirty (30) days of receipt of notice describing the material breach. c. Reasonable Steps to Cure Breach. If either party learns of an activity or practice of the other party that constitutes a material breach or violation of the other party’s obligations under the provisions of this BAA, then the non-breaching party shall notify the breaching party of the breach and the breaching party shall take reasonable steps to cure such breach or violation, as applicable, within a period of time which shall in no event exceed thirty (30) days. If the breaching party’s efforts to cure such breach or violation are unsuccessful, the non-breaching party shall either terminate the BAA, if feasible, or if termination of the BAA is not feasible and the breaching party has violated the HIPAA Rules, the non-breaching party may report the breaching party’s breach or violation to the Secretary. d. Judicial or Administrative Proceedings. Either party may terminate the BAA, effective immediately, if the other party is named as a defendant in a criminal proceeding for an alleged violation of HIPAA, or a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined. e. Effect of Termination. 1. Except as provided in paragraph (e)(2) of this Section or if required by law or regulation to be maintained by Business Associate, upon termination of the BAA for any reason, Business Associate shall return at Covered Entity’s expense, or destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. 2. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. The obligations of Business Associate under this Section shall survive the termination of the BAA. 3. Amendment to Comply with Law. The parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of the BAA may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the parties shall promptly enter into negotiations concerning the terms of an amendment to the BAA embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or other applicable laws relating to security and privacy of PHI. Either party may terminate the BAA upon thirty (30) days’ written notice in the event the other party does not promptly enter into negotiations to amend the BAA when requested pursuant to this Section, or does not enter into an amendment to the BAA providing assurances regarding the safeguarding of PHI that satisfy the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or any other applicable laws relating to security and privacy of PHI. 4. No Third Party Beneficiaries. Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever and no other person or entity shall be a third party beneficiary of this BAA. 5. Effect on BAA. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the BAA shall remain in full force and effect. 6. Interpretation. This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Rules and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules. 7. Regulatory References. A reference in this BAA to a section in the HIPAA Rules or the HITECH Act means the section as in effect or as amended, and for which compliance is required.