Last Updated: May 2026
This Business Associate Agreement (“BAA”) is entered into by and between the subscribing dental practice (“Covered Entity”) and Mathews Marketing & Creative, LLC, a Florida Limited Liability Company (“Business Associate”).
This BAA is incorporated by reference into the Master Terms of Service for the 24/7 Invisible Front Desk AI Receptionist. By utilizing the Service, the Covered Entity explicitly agrees to be bound by the terms of this BAA.

1. Purpose & Definitions

The purpose of this BAA is to satisfy the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”). Terms used but not defined in this BAA shall have the same meaning as defined in the HIPAA Rules (45 CFR Parts 160 and 164).

2. Obligations of Business Associate

Business Associate agrees to:

• Permitted Uses: Not use or disclose Protected Health Information (PHI) other than as permitted or required by this BAA, the underlying Master Terms of Service, or as required by law.
• Safeguards: Use appropriate physical, technical, and administrative safeguards to prevent the unauthorized use or disclosure of PHI.
• Reporting: Report to the Covered Entity any use or disclosure of PHI not provided for by this BAA, including breaches of unsecured PHI, within ten (10) business days of discovering the breach.
• Subcontractors: Ensure that any subcontractors or agents that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate.
• Access & Amendment: Make PHI available to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR § 164.524 and § 164.526.

3. Obligations of Covered Entity

Covered Entity agrees to:

• Notice of Restrictions: Notify Business Associate of any limitation(s) in its notice of privacy practices, changes in patient consent, or restrictions on the use/disclosure of PHI that may affect the Business Associate’s use or disclosure of PHI.
• Permissible Requests: Not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Rules if done by the Covered Entity.
• Data Minimization & “SMS Hand-off”: Covered Entity acknowledges the explicit system limitation outlined in the Master Terms of Service restricting the transmission of complex alphanumeric PHI (such as insurance policy numbers) over the voice recording line, and agrees to utilize the Business Associate’s designated secure intake forms for such data.

4. Term and Termination

• Term: This BAA shall become effective on the date the Covered Entity begins using the Service and shall terminate when all PHI provided by Covered Entity is destroyed or returned, or if it is infeasible to return or destroy, protections are extended to such information in accordance with termination provisions.
• Termination for Cause: Upon Covered Entity’s knowledge of a material breach by Business Associate, Covered Entity shall provide an opportunity for Business Associate to cure the breach or end the violation. If cure is not possible within thirty (30) days, Covered Entity may terminate the underlying Master Terms of Service.
• Effect of Termination: Upon termination of this BAA for any reason, Business Associate shall, within sixty (60) days, securely destroy or de-identify all PHI received from Covered Entity.

5. Miscellaneous

• Regulatory References: A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.
• Amendment: The Parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law.
• Survival: The respective rights and obligations of Business Associate regarding the protection of PHI shall survive the termination of this BAA.