Customer has entered into a Services Agreement with BandJam, LLC, a Delaware limited liability company (“BandJAM”) pursuant to which Customer is provided access toBandJAM’s business-to-business marketplace (the “BandJAM Marketplace”) offering services for booking, organizing and managing music sessions, performances, and audio/video based productions from third party musicians, performers, and contractors (each, a “Performer”).
Customer is a CoveredEntity as defined by the Administrative Simplification provisions of the HealthInsurance Portability and Accountability Act of 1996, as amended, ("HIPAA"),Customer and Performer agree to the following terms and conditions, which are intended to comply with HIPAA, the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") and their implementing regulations.
To the extent that Customer discloses Protected Health Information to a Performer, or a Performer handlesProtected Health Information on Customer's behalf, in connection with services provided to Customer, this Performer Business Associate Agreement (this “Agreement”)shall apply to such Performer’s access to, and use and disclosure of, protected health information. This Agreement shall be applicable only in the event and to the extent Performer meets, with respect to Customer, the definition of a BusinessAssociate set forth at 45 C.F.R. §160.103, or applicable successor provisions.
Now, therefore, inconsideration of the foregoing and other good and valuable consideration, the sufficiency and receipt of which are hereby acknowledged, the parties agree as follows:
1. General Terms.
1.1. This HIPAA Performer Agreement (this “Agreement”) is between Customer and Performer.
1.2. “Business Associate” shall generally have the same meaning as the term “Business Associate” at 45 C.F.R. §160.103, and in reference to the party to this Agreement shall mean thePerformer providing services to Customer.
1.3. “Covered Entity” shall generally have the same meaning as the term “Covered Entity” at 45 C.F.R. §160.103, and in reference to the party to this Agreement shall mean, the Customer that has executed this Agreement in connection with such Customer’s access to the BandJAM Marketplace.
1.4. The “Effective Date” of this Agreement, as betweenPerformer and Customer, is the date on which Customer books services provided by such Performer on the BandJAM Marketplace.
1.5. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45C.F.R. Part 160 and Part 164.
1.6. Other definitions: The following terms used in this Agreement shall have the same meaning as those in the HIPAA Rules: Breach, DataAggregation, Designated Record Set, Disclosure, Health Care Operations,Individual, Minimum Necessary, Notice of Privacy Practices, Protected HealthInformation (to the extent such Protected Health Information is created, transmitted, received, used, disclosed, accessed or maintained by Performer),Required By Law, Secretary, Security Incident, Subcontractor, UnsecuredProtected Health Information, and Use. Other terms shall have the definitions set forth in this Agreement.
2. Obligations and Activities of Performer.
2.1. Performer shall not use or disclose Protected Health Information other than as permitted or required by this Agreement or, as permitted orRequired by Law.
2.2. Performer agrees to use appropriate safeguards, including compliance with Subpart C of 45 C.F.R. Part 164 with respect to electronicProtected Health Information, to prevent use or disclosure of the ProtectedHealth Information other than as permitted by this Agreement.
2.3. Performer agrees to report to Customer any use or disclosure ofProtected Health Information not provided for by this Agreement of which it becomes aware, including Breaches of Unsecured Protected Health Information, as required by 45 C.F.R. §164.410, and any Security Incident of which it becomes aware. For reports of incidents constituting a Breach, the report shall include, to the extent available, the identification of each individual whoseUnsecured Protected Health Information has been, or is reasonably believed by Performer to have been, accessed, acquired, or Disclosed during such Breach. This paragraph constitutes notice to Customer of the ongoing existence of SecurityIncidents that do not result in any unauthorized access, use, disclosure, modification, destruction of information or interference with system operations and the parties agree no further notice of such unsuccessful Security Incidents will be required.
2.4. In accordance with 45 C.F.R. §§164.502(e)(1)(ii) and164.308(b)(2), if applicable, Performer agrees to ensure that subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Performer agree to the same restrictions, conditions and requirements that apply through this Agreement to Performer with respect to such information.
2.5. To the extent Performer has Protected Health Information in aDesignated Record Set, and only to the extent required by HIPAA, Performer agrees to make available Protected Health Information in a Designated RecordSet, to Customer as necessary to satisfy Customer’s obligations under 45 C.F.R.§164.524.
2.6. (f) Performer agrees to make Protected Health Information available for purposes of any amendment(s) to Protected Health Information inits possession contained in a Designated Record Set as agreed to by Customer pursuant to 45 C.F.R. §164.526 or take other measures as necessary to satisfy Customer’s obligations under 45 C.F.R. §164.526.
2.7. Performer agrees to maintain and make available the information required to provide an accounting of disclosures to Customer as necessary to satisfy Customer’s obligations under 45 C.F.R. §164.528.
2.8. To the extent Performer is to carry out one or more of Customer’s obligations under Subpart E of 45 C.F.R. Part 164 of the HIPAA Rules, Performer agrees to comply with the requirements of Subpart E that apply to Customer in the performance of such obligation(s).
2.9. Performer agrees to make its internal practices, books, and records related to Performer’s use and disclosure of Protected HealthInformation received from Customer available to the Secretary for purposes of determining compliance with the HIPAA Rules.
3. Permitted Uses and Disclosures by Performer.
3.1. Performer may only use or disclose Protected Health Information as necessary to perform the services set forth in the agreement between Performer and its client, as permitted in this Agreement, and as otherwise permitted by the HIPAA Rules.
3.2. Performer may Use or Disclose Protected Health Information asRequired By Law.
3.3. Performer may use Protected Health Information for the proper management and administration of Performer or to carry out the legal reesponsibilities of Performer.
3.4. Performer may disclose Protected Health Information for the proper management and administration of Performer or to carry out the legal responsibilities of Performer, provided that the disclosures are Required ByLaw or Performer obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as Required By Law or for the purposes for which it was disclosed to the person, and the person notifies Performer of any instances of which it is aware in which the confidentiality of the information has been breached.
4. Obligations of Customer.
4.1. Customer agrees to comply with all applicable state and federal privacy and security laws and regulations, including the HIPAA Rules. Customer agrees to obtain any patient authorizations or consents that may be required under state or federal law or regulation in order to transmit Protected HealthInformation to Performer and to enable Performer and its subcontractors to use and disclose Protected Health Information as contemplated by this Agreement.
4.2. Customer shall not request that Performer use or discloseProtected Health Information in any manner that would not be permissible under the HIPAA Rules if done by Customer, except that Performer may use or discloseProtected Health Information for its proper management and administration, data aggregation, and other activities specifically permitted by this Agreement.
4.3. Customer shall disclose only the Minimum Necessary ProtectedHealth Information to accomplish the intended purpose of such disclosure or request. Prior to any disclosure, Customer shall determine whether a LimitedData Set would be sufficient for the purpose.
5. Term and Termination.
5.1. The term of this Agreement shall commence on the Effective Date and thereafter this Agreement will continue until Performer ceases to provide services to Customer, at which time this Agreement will terminate.
5.2. Upon Customer’s knowledge of a material breach of this Agreement by Performer, Customer shall provide written notice to Performer and may terminate this Agreement if Performer does not cure the breach or end the violation within thirty (30) days.
5.3. Except as required by law or regulation, upon termination of thisAgreement for any reason Performer shall return or destroy all Protected HealthInformation.
6. Liability.
6.1. IN NO EVENT WILL EITHER PARTY BE LIABLE OR RESPONSIBLE TO THE OTHER FOR ANY TYPE OF INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, INDIRECT OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST REVENUE, LOST PROFITS, LOSS OF DATA, OR CIVIL OR CRIMINAL PENALTIES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY HATO ANY CLAIM, INCLUDING WITHOUT LIMITATION CLAIMS BASED IN STATUTE, COMMON LAW,CONTRACT, WARRANTY, FIDUCIARY DUTY, INDEMNITY, NEGLIGENCE OR OTHER TORT, OR. STRICT LIABILITY. THIS LIMITATION OF LIABILITY SHALL ALSO APPLY AFTER TERMINATION OF THIS AGREEMENT.
6.2. PERFORMER’S AGGREGATE LIABILITY TO CUSTOMER UNDER THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT ACTUALLY PAID TO PERFORMER FOR SERVICES GIVING RISETO SUCH LIABILITY, AND A RETURN OF SUCH AMOUNTS PAID SHALL BE CUSTOMER’S EXCLUSIVE REMEDY FOR ANY DAMAGES. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY TO ANY CLAIM, INCLUDING WITHOUT LIMITATION CLAIMS BASED IN STATUTE,COMMON LAW, CONTRACT, WARRANTY, FIDUCIARY DUTY, INDEMNITY, NEGLIGENCE OR OTHER TORT, OR STRICT LIABILITY. THIS LIMITATION OF LIABILITY SHALL ALSO APPLY AFTER TERMINATION OF THIS AGREEMENT.
7. Miscellaneous.
7.1. A regulatory reference in this Agreement to a section of the HIPAARules means the section as in effect or as amended. Any ambiguity or inconsistency in this Agreement shall be interpreted to permit compliance with the HIPAA Rules. This Agreement supersedes any and all prior representations, understandings, or agreements, written or oral, concerning the subject matter herein. Customer and Performer agree to negotiate in good faith to take such action as is reasonably necessary to amend this Agreement from time to time as is necessary for Customer to comply with the requirements of HIPAA as they maybe amended from time to time; provided, however, that if such an amendment would materially increase the cost of Performer providing service under theAgreement, Performer shall have the option to terminate the Agreement on thirty(30) days advance notice. No change, amendment, or modification of thisAgreement shall be valid unless set forth in writing by both parties.
7.2. The respective rights and obligations of Performer and Customer under this Agreement shall survive its termination. Performer’s obligations shall end when all of the Protected Health Information provided by Customer to Performer, or created or received by Performer on behalf of Customer, is destroyed or returned to Customer.
7.3. To the extent not preempted by federal law, this Agreement shall be governed and construed in accordance with the state laws of California, without regard to conflicts of law provisions that would require the application of the law of another state.
7.4. The terms and conditions of this Agreement are intended for the sole benefit of Performer and Customer and do not create any third party rights.
7.5. This Agreement binds and benefits the parties, their respective successors, and their permitted assigns.
7.6. Whenever possible, each provision of this Agreement shall be interpreted so as to be effective and valid under applicable law. If any provision of this Agreement should be prohibited or found invalid under applicable law, such provision shall be ineffective to the extent of such prohibition or invalidity without invalidating the other of such provision or the remaining provisions of this Agreement; provided, however, that if any such invalid provision is material to an extent that the party would not have entered into the Agreement absent such provision, then that party may terminate theAgreement upon ninety (90) calendar days’ prior written notice to the other party.
7.7. This Agreement may be executed in multiple counterparts, which shall constitute a single Agreement, and by facsimile or pdf signatures, which shall be treated as originals.
DocumentID_BAA·Version_2025-09-15.pdf chksum(181bed29c977397bfb73ba5dd7624a78e4494c54e4fed318c9d702652ad34494)