Próximamente Recibir notificaciones
Funciones Precios Referencia de API Acerca de
Iniciar sesión Próximamente

Acuerdo de socio comercial (BAA)

v1.0 — Vigente desde marzo de 2026

Morlivo, a brand of Stelica Ventures LLC, a Texas limited liability company ("Morlivo", "Business Associate"), is committed to safeguarding Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the HITECH Act. This Business Associate Agreement ("BAA") governs the relationship between Morlivo and our customers ("Covered Entity") with respect to the handling of PHI. References to "Morlivo" or "Morlivo.ai" refer to Stelica Ventures LLC doing business as Morlivo.ai.

1. Alcance y propósito

This Business Associate Agreement ("BAA") supplements and is made part of the service agreement between Covered Entity and Business Associate. It establishes the terms under which Business Associate may create, receive, maintain, or transmit Protected Health Information ("PHI") on behalf of Covered Entity in connection with the translation, transcription, and language processing services provided by Morlivo (the "Services").

The parties acknowledge that Business Associate may access, use, or disclose PHI in the course of providing the Services, and this BAA sets forth the obligations of Business Associate with respect to such PHI pursuant to the applicable provisions of HIPAA, the HITECH Act, and their implementing regulations (collectively, the "HIPAA Rules").

2. Usos y divulgaciones permitidos

El socio comercial puede usar o divulgar PHI únicamente:

  • Según sea necesario para realizar los Servicios descritos en el acuerdo de servicio subyacente.
  • Según lo exige la ley, incluidas, entre otras, las divulgaciones requeridas por el Secretario del Departamento de Salud y Servicios Humanos de EE. UU.
  • Para la gestión y administración adecuadas del Socio comercial, siempre que cualquier divulgación sea requerida por ley o el Socio comercial obtenga garantías razonables de un tercero de que la información se mantendrá confidencial.
  • Proporcionar servicios de agregación de datos relacionados con las operaciones de atención médica de la Entidad cubierta, si está expresamente autorizado en el acuerdo de servicio.

Business Associate shall not use or disclose PHI in a manner that would violate the HIPAA Rules if done by Covered Entity, except as expressly permitted in this BAA. Business Associate shall not use PHI for marketing purposes, sell PHI, or use PHI for underwriting purposes.

3. Salvaguardas

Business Associate shall implement and maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, including electronic PHI (ePHI), as required by the HIPAA Security Rule. These safeguards include but are not limited to:

  • Cifrado de ePHI en reposo mediante AES-256 y en tránsito mediante TLS 1.2 o superior.
  • Controles de acceso basados ​​en roles que limitan el acceso de PHI únicamente al personal autorizado.
  • Registro de auditoría completo de todos los accesos y modificaciones de PHI.
  • Evaluaciones periódicas de riesgos y escaneo de vulnerabilidades.
  • Capacitación de la fuerza laboral sobre los requisitos de HIPAA y concientización sobre seguridad.
  • Los procedimientos de eliminación segura de PHI ya no son necesarios para los Servicios.

Business Associate shall ensure that any agent, including subcontractors, to whom it provides PHI agrees to the same restrictions and conditions that apply to Business Associate under this BAA, in accordance with 45 CFR § 164.502(e)(1)(ii).

4. Notificación de violación

Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this BAA of which it becomes aware, including any Breach of Unsecured PHI as defined in 45 CFR § 164.402. Business Associate shall provide such notification without unreasonable delay and in no event later than thirty (30) calendar days after discovery of the Breach.

La notificación incluirá, en la medida de lo disponible:

  • Identificación de cada individuo cuyo PHI no seguro ha sido accedido, adquirido, utilizado o divulgado, o se cree razonablemente que ha sido accedido.
  • Una descripción de la naturaleza de la infracción, incluidos los tipos de PHI involucrados.
  • La fecha de la Incumplimiento y la fecha de su descubrimiento.
  • Una descripción de los pasos que el Socio Comercial está tomando para investigar y mitigar la Infracción y prevenir incidentes futuros.
  • Información de contacto de personas que pueden proporcionar detalles adicionales.

5. Vigencia y terminación

This BAA shall be effective as of the date of execution and shall remain in effect for the duration of the underlying service agreement, unless earlier terminated as provided herein.

Either party may terminate this BAA if it determines that the other party has violated a material term of this BAA. The non-breaching party shall provide the breaching party with written notice of the violation and afford thirty (30) days to cure. If cure is not feasible, the non-breaching party may immediately terminate both this BAA and the underlying service agreement.

Upon termination, Business Associate shall, at the election of Covered Entity, return or destroy all PHI received from or created on behalf of Covered Entity. If return or destruction is not feasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures to those purposes that make return or destruction infeasible.

6. Obligaciones de la entidad cubierta

  • La Entidad cubierta notificará al Socio comercial sobre cualquier limitación en su Aviso de prácticas de privacidad que pueda afectar el uso o la divulgación de PHI por parte del Socio comercial.
  • La Entidad Cubierta notificará al Socio Comercial sobre cualquier cambio o revocación de la autorización por parte de un individuo para usar o divulgar PHI, en la medida en que dichos cambios puedan afectar los usos y divulgaciones permitidos del Socio Comercial.
  • La Entidad Cubierta no solicitará al Socio Comercial que use o divulgue PHI de ninguna manera que viole las Reglas HIPAA.

7. Disposiciones varias

This BAA shall be governed by and construed in accordance with applicable federal law, including the HIPAA Rules. Any ambiguity in this BAA shall be interpreted to permit compliance with the HIPAA Rules. This BAA constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior agreements, whether written or oral, relating to the same subject matter.

Solicitar un BAA

To request a Business Associate Agreement, contact our compliance team. We will work with you to execute a BAA tailored to your organization's needs.

Contactar al equipo de cumplimiento Solicitar plantilla BAA