Business Associate Agreement (BAA)
1. Parties
This Business Associate Agreement ("Agreement") is entered into between Bonis Systems LLC dba TrustAI ("Business Associate") and the engaging organization ("Covered Entity").
2. Definitions
Capitalized terms used herein have the meanings ascribed under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), 45 CFR Parts 160 and 164.
3. Permitted Uses and Disclosures
Business Associate may use or disclose Protected Health Information ("PHI") only as necessary to perform the analytical, forensic, and case-management services TrustAI provides to Covered Entity, or as required by law.
4. Safeguards
Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI it creates, receives, maintains, or transmits on behalf of Covered Entity. Specifically:
- AES-256-GCM encryption at rest
- TLS 1.3 in transit
- Role-based access control with bcrypt-hashed credentials
- Immutable Knox-anchored audit trail of all PHI access
- Automatic PII/PHI scrubbing of all logs and AI prompts
- Continuous threat monitoring and intrusion detection
5. Subcontractors
Business Associate shall ensure that any subcontractor that creates, receives, maintains, or transmits PHI on behalf of Business Associate agrees to substantially the same restrictions and conditions.
6. Breach Notification
Business Associate shall report to Covered Entity any Breach of Unsecured PHI without unreasonable delay, and in no event later than 30 calendar days after discovery, in accordance with 45 CFR § 164.410.
7. Access, Amendment, and Accounting
Business Associate shall make available PHI as necessary to satisfy Covered Entity's obligations under 45 CFR §§ 164.524, 164.526, and 164.528.
8. Term and Termination
This Agreement is effective on the date of execution and shall remain in effect until terminated. Upon termination, Business Associate shall return or destroy all PHI received from Covered Entity, except to the extent retention is required by law.
9. Indemnification
Each party shall indemnify and hold harmless the other from any losses arising out of breach of this Agreement.
10. Governing Law
This Agreement shall be governed by the laws of the State of Wyoming. Any disputes shall be resolved in Sheridan County, Wyoming.
11. Signatures
This template is provided for review. A signed copy will be executed upon engagement.
______________________________
Bonis Systems LLC dba TrustAI
By: Jonis Fields, Founder & CEO
Date: _____________
______________________________
Covered Entity
By: ____________________
Title: __________________
Date: _____________