Legal
Business Associate Agreement
Last updated: June 2026
Draft — pending legal review. This document is provided as an operational aid and must be reviewed by a licensed attorney before it is relied upon. It is not legal advice.
Available on request. Funeral homes are generally not HIPAA covered entities, so eterni does not act as a business associate by default and Protected Health Information (PHI) should not be submitted to the Services. This template is offered to customers who are covered entities or otherwise require a BAA. It applies only once executed by both parties. Request one at support@myagentworks.ai.
This Business Associate Agreement ("BAA") template is entered into between the customer, as a covered entity (the "Covered Entity"), and myagentworks llc, a New Jersey limited liability company doing business as eterni, as business associate (the "Business Associate"), and is effective only upon execution by both parties.
1. Definitions
Capitalized terms used but not otherwise defined in this BAA have the meanings given to them under HIPAA and the HITECH Act, including 45 CFR Parts 160 and 164.
2. Permitted Uses & Disclosures
The Business Associate may use or disclose PHI only as permitted by this BAA, to perform the Services for the Covered Entity, for the Business Associate's proper management and administration, and as required by law.
3. Safeguards
The Business Associate implements administrative, physical, and technical safeguards under the HIPAA Security Rule that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic PHI it creates, receives, maintains, or transmits on behalf of the Covered Entity.
4. Subcontractors
The Business Associate ensures that any subcontractor that creates, receives, maintains, or transmits PHI on its behalf agrees in writing to the same restrictions, conditions, and requirements that apply to the Business Associate under this BAA (flow-down).
5. Reporting & Breach Notification
The Business Associate reports to the Covered Entity any use or disclosure of PHI not permitted by this BAA, any security incident, and any breach of unsecured PHI, without unreasonable delay and no later than 60 days after discovery.
6. Access, Amendment & Accounting
The Business Associate provides reasonable assistance to satisfy the Covered Entity's obligations regarding individual access to PHI (§164.524), amendment of PHI (§164.526), and an accounting of disclosures (§164.528).
7. Minimum Necessary
The Business Associate limits its use, disclosure, and request of PHI to the minimum necessary to accomplish the intended purpose, consistent with the HIPAA minimum-necessary standard.
8. Return or Destruction
On termination of this BAA, the Business Associate returns or destroys all PHI received from, or created or received on behalf of, the Covered Entity where feasible. Where return or destruction is not feasible, the Business Associate extends the protections of this BAA to that PHI and limits further uses and disclosures for so long as it retains the PHI.
9. Term & Termination
This BAA is effective upon execution by both parties and remains in effect until all PHI is returned or destroyed. The Covered Entity may terminate this BAA if the Business Associate materially breaches it and fails to cure the breach within a reasonable period after notice.
10. Operational Note
In plain language: PHI may be processed through the Services only under an executed BAA. In addition, before any PHI is processed, eterni must have corresponding BAAs in place with any subprocessor that will handle that PHI. Until both conditions are met, PHI should not be submitted to the Services.