Business Associate Agreement

Effective Date: July 8, 2025

This Business Associate Agreement (the "Agreement") is entered into by and between BillingMart.com, LLC ("Business Associate") and the Covered Entity ("Customer") in connection with the use of the DonorMesh platforms (donormesh.com and account.donormesh.com). This Agreement supplements any underlying service agreement and is intended to satisfy certain standards and requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations.

1. Definitions

Capitalized terms used but not defined in this Agreement have the meanings given in HIPAA and the Health Information Technology for Economic and Clinical Health Act ("HITECH").

  • Protected Health Information (PHI): Individually identifiable health information transmitted or maintained by the Business Associate.
  • Covered Entity: Customer, as defined by HIPAA.
  • Business Associate Services: Services provided by BillingMart that involve the use or disclosure of PHI.
2. Obligations of Business Associate
  • Permitted Uses and Disclosures: Business Associate shall use or disclose PHI only as necessary to perform Business Associate Services or as Required by Law.
  • Safeguards: Business Associate shall implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.
  • Reporting: Business Associate shall report any use or disclosure of PHI not permitted by this Agreement, including breaches of unsecured PHI, within five (5) business days.
  • Subcontractors: Business Associate shall ensure that any subcontractors agree in writing to the same restrictions and conditions that apply to Business Associate.
  • Access and Amendment: Business Associate shall provide access to PHI to Customer or to an individual as directed by Customer in accordance with 45 CFR §164.524 and shall make amendments to PHI as requested by Customer.
3. Permitted Uses by Covered Entity

Customer may use and disclose PHI in accordance with its own Privacy Policy and HIPAA authorizations. Customer authorizes Business Associate to use PHI as necessary to provide the Platform and related services.

4. Term and Termination
  • Term: This Agreement is effective as of the Effective Date and shall remain in effect so long as Business Associate retains any PHI.
  • Termination for Cause: Customer may terminate this Agreement if Business Associate materially breaches its terms and fails to cure within thirty (30) days of notice.
  • Obligations on Termination: Upon termination, Business Associate shall return or destroy all PHI in its possession, or if infeasible, extend the protections of this Agreement to such PHI.
5. Miscellaneous
  • Regulatory References: Terms used but not defined have the meanings given in HIPAA regulations.
  • Amendment: This Agreement may only be amended in writing and signed by both parties.
  • Governing Law: This Agreement is governed by the laws of the State of California, without regard to conflict of laws.
6. Signatures

By using the Platform, Customer agrees to the terms of this Business Associate Agreement.

Streamline Your Fundraising Today

Join thousands of nonprofits using DonorMesh to simplify online giving, manage events, and deepen donor relationships—all from one secure, user-friendly platform.

Start For Free