HIPAA and Privacy Laws. (a) Since January 1, 2021, each Company Entity is and has been in material compliance with HIPAA and applicable Privacy Laws. (b) Since January 1, 2021, when functioning either as a “Covered Entity” or as a “Business Associate” (each as defined in 45 C.F.R. § 160.103), each Company Entity has executed valid “business associate agreement” (as described in 45 C.F.R. §§ 164.502(e) and 164.504(e)) with each: (x) agent or contractor of such Company Entity that is a “Business Associate” or Business Associate of such Company Entity; and (y) Covered Entity for which such Company Entity performs functions or activities that renders such Company Entity a Business Associate or Subcontractor (as defined by 45 C.F.R. § 160.103). No Company Entity or, to the Company’s Knowledge, any of their respective Business Associates, has materially breached any such business associate agreement. (c) Since January 1, 2021, no Company Entity has received any written or oral communication from any Governmental Authority alleging material non-compliance by such Company Entity or any Business Associate, agent or subcontractor of such Company Entity with respect to either HIPAA or a Privacy Law. There is no ongoing or, to the Company’s Knowledge, imminently threatened litigation, enforcement proceeding, or to the Company’s Knowledge, any investigation by any Governmental Authority with respect to the HIPAA or Privacy Law compliance of any Company Entity or any Business Associate, agent or subcontractor of any Company Entity. (d) Since January 1, 2021, no Company Entity has experienced any: (i) breach of privacy, security, or confidentiality with respect to Personal Information that required notification to affected data subjects or Governmental Authorities under applicable Privacy Laws; (ii) Breach of Unsecured Protected Health Information, as “Breach” and “Unsecured Protected Health Information” are defined by HIPAA that required notification to affected data subjects, customers or Governmental Authorities under HIPAA; or (iii) any Security Incident as “Security Incident” is defined by HIPAA that required notification to customers under HIPAA.
Appears in 2 contracts
Sources: Class a Common Stock Purchase Agreement (American Oncology Network, Inc.), Class a Common Stock Purchase Agreement (American Oncology Network, Inc.)