Business Associate Addendum

This Business Associate Addendum ("BAA") is incorporated into Aduvera's Terms of Service and applies automatically where Customer is a covered entity or business associate under HIPAA and Aduvera creates, receives, maintains, or transmits Protected Health Information ("PHI") on Customer's behalf in connection with the Services.

By agreeing to the Terms of Service, Customer agrees to this BAA where applicable. If Customer uses the Services on behalf of an organization, Customer represents that it has authority to bind that organization to the Terms and this BAA.

Aduvera's BAA is intended for covered entities, business associates, and similar healthcare organizations that require HIPAA contractual coverage for permitted use of the service. Solo clinicians and users acting for a practice, clinic, hospital, or other organization should confirm they have authority to bind that organization before using the service for PHI.

• Permitted and required uses and disclosures of PHI.
• Administrative, technical, and physical safeguards.
• Subcontractor flow-down obligations.
• Breach and security-incident notification cooperation.
• Return or destruction of PHI when the relationship ends, subject to law.
• Reasonable support for access, amendment, and accounting obligations where applicable.

A cloud-provider BAA does not, by itself, make every customer workflow HIPAA-compliant. Customers remain responsible for their own policies, workforce training, patient notices, role-based access, minimum-necessary use, and whether the workflow is appropriate for PHI under the Terms and this BAA.

Customers should also evaluate whether Aduvera's literature and evidence workflow is appropriate for identifiable data in their environment, because that workflow may retrieve information from public biomedical or regulatory sources outside Aduvera's hosted stack.

BAA and HIPAA-readiness inquiries may be sent to the contact address below.

legal [at] aduvera.ai