OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA"

Transcription

1 Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR

2 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act of It in part strives to make sure your medical information and records are kept private and secure and under your control, no matter who ends up with them. I have WHAT??? 2

3 HIPAA Roles & Relationships The HIPAA regulations apply to health care providers, health plans (i.e., public or private health insurance plans), and health care clearinghouses (i.e., organizations that support specific types of electronic transactions). These three types of organizations are known as covered entities, under the regulations. The regulations also apply to service providers that create, receive, transmit, or maintain protected health information (PHI) on behalf of covered entities. Such service providers are called business associates. You will gain a new cadre of business associates you never knew existed! 3

4 HIPPA, HITECH & YOU! So now I know what HIPAA is, what s HITECH (NOT high tech!) The Health Information Technology for Economic and Clinical Health ( HITECH ) Act, enacted in 2009, raised the bar for protecting PHI. 4

5 HIPAA regulations have been recently updated and must now meet a number of new requirements put in place by the HITECH Act. Those changes were published in January 2013 and are effective as of September 23, Most notable for OCRA members is that under the new regulations sometimes referred to as the HIPAA Omnibus Rule business associates are now subject to direct regulatory enforcement. 5

6 Further, business associates must now treat their subcontractors who create, receive, transmit, or maintain PHI in the same manner that covered entities treat their business associates. This is where YOU COME IN! 6

7 WHY ME?? Why the %#8&! Do I Need to be Involved in this? Simple Answer: Because the U.S. Department of Health & Human Services says so. (dang)! Here s what it has said: In providing legal services to a covered entity, must a lawyer who is a business associate require that those persons to whom it discloses protected health information agree to abide by the privacy restrictions and conditions that apply to the lawyer? 7

8 Not so simple Answer: It depends on who the recipient is. The business associate agreement (BAA) between the covered entity and the lawyer business associate must provide that the lawyer will ensure that any agents, including subcontractors (like court reporters), to whom it provides protected health information agree to the same restrictions and conditions that apply to the business associate with respect to the information. See 45 CFR (e)(2)(ii)(D). 8

9 NOW I get it This, too, will absorb into my brain! Thus, if a lawyer/business associate enlists the services of a person or entity in furtherance of the lawyer s legal services to a covered entity, and the lawyer must provide protected health information to the person or entity for such purpose, the lawyer s business associate contract with the covered entity requires that the lawyer ensure that these persons agree to the same restrictions and conditions with respect to the protected health information they receive that apply to the lawyer as a business associate (now you and your down - stream service providers (scopists, etc.) 9

10 Tell Me More, if you MUST! Pursuant to its business associate contract, a lawyer must ensure that other legal counsel, document or file managers, investigators, litigation support personnel, or others hired by the lawyer to assist the lawyer in providing legal services to the covered entity (meaning you), will also safeguard the privacy of the protected health information the lawyer receives to perform its duties. Conversely, a lawyer- business associate needn t ensure that opposing counsel, fact witnesses, or other persons who do not perform functions or services that assist the lawyer in performing its services to the client, agree to the business associate restrictions and conditions, even though the lawyer may have to disclose protected health information to these third parties. See link. And, also, because 45 CFR (e)(2)(ii)(D) says this, governing the behavior of business associates when it comes to providing protected health information to others: (D) Ensure that any agents, including a subcontractor, to whom it provides protected health information received from, or created or received by the business associate on behalf of, the covered entity agrees to the same restrictions and conditions that apply to the business associate with respect to such information. 10

11 I m not a lawyer! What s all this mean? As someone who is hired by a lawyer the HIPAA obligations imposed on the lawyerbusiness associate float downstream to you. So, if you receive protected health information either via the text of a deposition or medical record exhibits, you have the same obligations to abide by HIPAA as the lawyer and a lawyer can ask that you offer satisfactory assurance in the form of signing a contract saying you will treat such information according to HIPAA. And here (from 45 CFR (e)) are the core requirements of such contracts, keeping in mind that the full, sample contract provided by the Department of Health & Human Services is in Appendix A, below. ding/coveredentities/contractprov.html#top 11

12 What Elements are Required in a BAA (Business Associate Agreement)? The recent changes to the HIPAA regulations have caused most covered entities to review their compliance programs. Moreover, business associates such as lawyers and other service providers are now required to execute a BAA with their subcontractors. These factors make it much more likely that you are now being presented with BAAs, perhaps even for the first time. 12

13 Under the HIPAA regulations, BAAs must include ten specific provisions, even if those terms do not apply to the particular services you may be providing to a covered entity (as a business associate) or to a business associate (as a subcontractor). Thus, you should expect a BAA to: 13

14 10 Provisions of BAAs 1. Establish the ways that the business associate (or subcontractor) is permitted to use and disclose PHI. 2. Provide that the business associate (or subcontractor) may not use or disclose PHI in any other manner. 3. Require that the business associate (or subcontractor) implement safeguards, consistent with the Security Rule. 14

15 4. Require the business associate (or subcontractor) to report any unauthorized use or disclosure of PHI, including breaches. 5. Ensure that the business associate (or subcontractor) supports patient rights, including accounting of disclosures (with proper data collection) and PHI access and amendment, under the Privacy Rule. 6. Obligate the business associate (or subcontractor) to comply with the applicable requirements, if it is carrying out any of the covered entity s duties or obligations under the Privacy Rule. 15

16 7. Require that the business associate (or subcontractor) make its internal practices, books, and records regarding its PHI-related activities and compliance with the HIPAA regulations available to HHS, in the event of a request or investigation. 8. Call for the business associate (or subcontractor) to either destroy or return any PHI at the BAA s termination, or if destruction is not feasible, to continue to safeguard the PHI. 16

17 9. Require that the business associate (or subcontractor) ensure any of its subcontractors agree to the same restrictions and conditions regarding PHI (i.e., execute a BAA that flows down substantially similar provisions). 10. Authorize termination of the BAA, if the business associate (or subcontractor) violates a material term. 17

18 How Can I Boil this DOWN? THERE ARE 3 THINGS TO THINK ABOUT: 1. Your internal office processes. 2. Your relationships with lawyers. 3. Your relationships with your own subcontractors (videographers, scopists, proof readers). Let s take these one at a time 18

19 Your Internal Office Processes Treat protected health information the same way you would want your information treated. HIPAA safeguards require that you: Train your staff. Provide training to employees, contractors and subcontractors on how to prevent the improper use or disclosure of protected health information. The gist of such training is that such information should looked for, be afforded unique attention, and handled with special care. Get this issue on your employees and reporters radar screens. 19

20 Internal Administrative Safeguards Adopt written policies and procedures regarding the safe-guarding of protected health information. These should include what happens when there is a breach and that protected health information should be handled in the fashion permitted by the Oregon Code of Civil Procedure unless otherwise specified. Original exhibits containing protected health information should be returned to the client along with the original, scans or copies of them available only to those legally entitled to them. 20

21 Technical Physical Safeguards Adopt appropriate technical safeguards to ensure protected health information, is handled appropriately including access controls to electronic and physical files, authentication of who can access them, and transmission security. Adopt appropriate physical safeguards to protect protected health information, including workstation security. HINT: HIPAA is very onerous. BUT, you are probably already doing many of the things HIPPA requires. You are likely not leaving transcripts lying around where strangers can stroll in and snag them. You are likely treating transcripts and exhibits with security and care. Your staff and reporters already likely know or have been told not to save transcripts or exhibits on unsecured laptops that travel to coffee shops and the like, only to be left behind. Your likely password protect and limit access to your databases. If so, this may mostly be a matter of simply documenting and putting into HIPAA words what you are already doing and why. 21

22 Your Relationships with Lawyers Lawyers have a duty to ask you to abide by HIPAA. Plus, you have an obligation to follow the law. That said, you are not a lawyer and cannot be expected to know the ends and outs of what constitutes protected health information, especially in close cases. More importantly, neither can your reporters. 22

23 If your policies, procedures, and technology are sufficient overall to satisfy HIPAA, then it doesn t really matter whether or not your clients pre identify a deposition or exhibits as implicating HIPAA. If that isn t the case, then you may need to consider asking your clients up front or your reporters after a deposition whether there was medical testimony or records produced so that special, HIPAA compliant procedures can be used to protect them. 23

24 As lawyers begin increasingly to ask that you sign HIPAA contracts, scrutinize the terms of the contract benchmarked against the model contract in the appendix below from the U.S. Department of Health & Human Services. Ask OCRA to talk to OSBA. Maybe a standard BAA can be created? 24

25 Your Relationship to your Own Subcontractors As you are to your lawyer clients, so your subcontractors are to you. Meaning, just as lawyers have to make sure their subcontractors have satisfactory assurance that they are complying with HIPAA, you should consider obtaining the same protection in the form of a contract to make sure your proofreaders or scopists are abiding by HIPAA, just as you are. Am I going to have to hand out those Privacy Policy thingies like I get and don t read at my doctor s office? No. 25

26 Who Should I Execute a BAA with? Keep in mind that as a business associate (or subcontractor), you must (1) comply with the HIPAA regulations; and (2) execute a BAA with any subcontractors who assist you in providing services that involve creating, receiving, transmitting, or maintaining PHI. For instance, you should have a BAA in place with independent contractors you hire to provide applicable services to clients with whom you have a BAA. You should also execute a BAA with vendors, such as information technology service providers, if they have access to the PHI that you create, receive, transmit, or maintain. 26

27 If you use cloud services to create, receive, transmit, or maintain PHI, then you will need to execute a BAA with them. You are also responsible for maintaining reasonable oversight for your: Independent contractors scopists Proof readers Videographers Print or copy companies Cover your backside! 27

28 OVERVIEW Key Compliance Steps Complying with the HIPAA regulations may seem daunting, but there are resources available to help you and some simple steps you can take now to get started: Review BAAs. Collect and maintain any BAAs that you have executed and periodically review them to ensure that you understand the requirements and maintain compliance. Perform a risk analysis. This includes documenting when and how you handle PHI, where it is stored, and how you protect it. Compare your safeguards to those required by the Security Rule and resolve any gaps that you identify. 28

29 Train your workforce. Ensure that you and your employees understand your HIPAA obligations, and hold your subcontractors to the same standards. Implement safeguards. Recognize that the HIPAA regulations allow you to select an approach that is appropriate for the size and complexity of your business. For example, investigating the use of secure , encryption for your mobile devices, proper access controls to limit who can access PHI, and cloud computing services that comply with HIPAA requirements are great places to start. Manage your subcontractors. Keep track of subcontractors who handle PHI and ensure that you have executed appropriate BAAs. 29

30 Develop a breach response plan. Consider and document how you would handle a data breach that involves PHI before it happens. Who will you notify? How long do you have to respond? How will you mitigate risks? What other actions will you take to investigate and resolve the event? Document your HIPAA compliance program. Think like an auditor what would you like to see to demonstrate your compliance program fitness? Put together a simple compliance notebook (online or on paper) that describes the steps you have taken and tracks your ongoing activities. Seek advice specific to your business situation and needs. Utilize available resources and seek specific legal advice when you have detailed questions or concerns. 30

31 What if there s a BREACH? In addition to these required provisions, covered entities will often impose additional requirements on their business associates, in an effort to lower their own risk. For example, a covered entity may call for notification of any unauthorized use of PHI or a data breach within a specific, brief period of time, such as five or fewer business days. Covered entities also commonly seek indemnification from their business associates for any costs associated with breaches or other unauthorized uses of PHI. 31

32 What if there s a BREACH ~ pg 2 ~ For instance, a covered entity may ask you to agree that you will take responsibility for any fines, litigation costs, or other expenses (e.g., notifying affected individuals), if you or your workforce causes a data breach. Business associates often look to flow similar provisions down to their subcontractors. Before agreeing to any BAA provisions that call for narrow timeframes or other limits, or that go beyond the ten required elements described above, you should carefully review and consider the obligations, potential risks, and your available resources. In such circumstances, you should also consider seeking specific legal advice. 32

33 The Enforcement Rule The Enforcement Rule (See 45 CFR 160.3xx-.5xx) specifies the processes and procedures to address potential violations of the HIPAA regulations. Civil money penalties, under the HITECH Act, may range from $100 to $50,000 per violation or a total of $1.5M for identical violations during a calendar year, based on the level of culpability. 33

34 General Overview Security Management Process. As explained in the previous section, a covered entity must identify and analyze potential risks to e-phi, and it must implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level. Security Personnel. A covered entity must designate a security official who is responsible for developing and implementing its security policies and procedures. Information Access Management. Consistent with the Privacy Rule standard limiting uses and disclosures of PHI to the "minimum necessary," the Security Rule requires a covered entity to implement policies and procedures for authorizing access to e-phi only when such access is appropriate based on the user or recipient's role (role-based access). 34

35 Workforce Training and Management. A covered entity must provide for appropriate authorization and supervision of workforce members who work with e-phi. A covered entity must train all workforce members regarding its security policies and procedures, and must have and apply appropriate sanctions against workforce members who violate its policies and procedures. Evaluation. A covered entity must perform a periodic assessment of how well its security policies and procedures meet the requirements of the Security Rule Physical Safeguards. A covered entity must limit physical access to its facilities while ensuring that authorized access is allowed. 35

36 Workstation and Device Security. A covered entity must implement policies and procedures to specify proper use of and access to workstations and electronic media. A covered entity also must have in place policies and procedures regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of electronic protected health information (e-phi). Technical Safeguards Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-phi). Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-phi. Integrity Controls. A covered entity must implement policies and procedures to ensure that e-phi is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-phi has not been improperly altered or destroyed. Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-phi that is being transmitted over an electronic network. Cyber Security Insurance. You can purchase insurance in case of a breach. 36

37 RESOURCES ding/srsummary.html 2e411a1.htm Where Can I find More Information? 0-1cf be7ccb0f4a769843/presentation/publicationattach ment/81794b42-2bcc-4d74-94e5- be bd/13-066%20hipaa-hitechomnibus-finalrule.pdf htm Portland-OR/2477/35 37

38 Appendix A Sample Business Associate Agreement Provisions Words or phrases contained in brackets are intended as either optional language or as instructions to the users of these sample provisions. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use. Specific definitions: (a) Business Associate. Business Associate shall generally have the same meaning as the term business associate at 45 CFR , and in reference to the party to this agreement, shall mean [Insert Name of Business Associate]. (b) Covered Entity. Covered Entity shall generally have the same meaning as the term covered entity at 45 CFR , and in reference to the party to this agreement, shall mean [Insert Name of Covered Entity]. (c) HIPAA Rules. HIPAA Rules shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164. Obligations and Activities of Business Associate Business Associate agrees to: (a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law; (b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement; (c) Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR , and any security incident of which it becomes aware; [The parties may wish to add additional specificity regarding the breach notification obligations of the business associate, such as a stricter timeframe for the business associate to report a potential breach to the covered entity and/or whether the business associate will handle breach notifications to individuals, the HHS Office for Civil Rights (OCR), and potentially the media, on behalf of the covered entity.] (d) In accordance with 45 CFR (e)(1)(ii) and (b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information; (e) Make available protected health information in a designated record set to the [Choose either covered entity or individual or the individual s designee ] as necessary to satisfy covered entity s obligations under 45 CFR ; [The parties may wish to add additional specificity regarding how the business associate will respond to a request for access that the business associate receives directly from the individual (such as whether and in what time and manner a business associate is to provide the requested access or whether the business associate will forward the individual s request to the covered entity to fulfill) and the timeframe for the business associate to provide the information to the covered entity.] (f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR , or take other measures as necessary to satisfy covered entity s obligations under 45 CFR ; [The parties may wish to add additional specificity regarding how the business associate will respond to a request for amendment that the business associate receives directly from the individual (such as whether and in what time and manner a business associate is to act on the request for amendment or whether the business associate will forward the individual s request to the covered entity) and the timeframe for the business associate to incorporate any amendments to the information in the designated record set.] (g) Maintain and make available the information required to provide an accounting of disclosures to the [Choose either covered entity or individual ] as necessary to satisfy covered entity s obligations under 45 CFR ; [The parties may wish to add additional specificity regarding how the business associate will respond to a request for an accounting of disclosures that the business associate receives directly from the individual (such as whether and in what time and manner the business associate is to provide the accounting of disclosures to the individual or whether the business associate will forward the request to the covered entity) and the timeframe for the business associate to provide information to the covered entity.] (h) To the extent the business associate is to carry out one or more of covered entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s); and (i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules. 38

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

Sample Business Associate Agreement Provisions

Sample Business Associate Agreement Provisions Sample Business Associate Agreement Provisions Words or phrases contained in brackets are intended as either optional language or as instructions to the users of these sample provisions. Definitions Catch-all

More information

MMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE*

MMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE* This is only sample language. The language should be changed to accurately reflect business arrangements between a covered entity and business associate or business associate and subcontractor. In addition,

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Business Associate and Other Agreements

Business Associate and Other Agreements Section 4.3 Implement Business Associate and Other Agreements This tool identifies the types of agreements that may be necessary for a community-based care coordination (CCC) program to have in place in

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule) BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule) This Business Associate Agreement (the Agreement ), dated September 9, 2013, is entered into by and between ( Covered Entity ) and Schuster

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into on [Month], [Day] 2014 (the effective Date ), by and between Accreditation Association for Ambulatory Health

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

The Institute of Professional Practice, Inc. Business Associate Agreement

The Institute of Professional Practice, Inc. Business Associate Agreement The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BAA ) is by and between the National Association of Boards of Pharmacy

More information

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

The Accreditation Association for Ambulatory Health Care (AAAHC) is a Business Associate as defined in the HIPAA Privacy Rule:

The Accreditation Association for Ambulatory Health Care (AAAHC) is a Business Associate as defined in the HIPAA Privacy Rule: HIPAA BUSINESS ASSOCIATE AGREEMENT The Accreditation Association for Ambulatory Health Care (AAAHC) is a Business Associate as defined in the HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/faq/business_associates/238.html

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements

Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements Sara Kashing, JD, Staff Attorney July/August 2012 The Therapist If you are considered a Covered Entity

More information

Definitions. Catch-all definition:

Definitions. Catch-all definition: BUSINESS ASSOCIATE AGREEMENT THESE PROVISIONS MAY STAND ALONE AS A BUSINESS ASSOCIATE AGREEMENT, OR MAY BE INCORPORATED INTO A LARGER, MORE COMPREHENSIVE CONTRACT WITH THE BUSINESS ASSOCIATE TO COVER OTHER

More information

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ), entered into and effective this day of,, is by and between ( Business Associate ) and Black, Gould & Associates, Inc.

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum; BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. The terms and conditions of this document entitled Business Associate Agreement ( Business Associate Agreement ), shall be attached to and incorporated by reference in the

More information

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions A. Business Associate. Business Associate shall have the meaning given to such term under the Privacy and Security Rules, including,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( the Agreement ) is entered into this day of, 20 by and between the Tennessee Chapter of the American Academy of Pediatrics ( Business Associate

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated

More information

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate; BUSINESS ASSOCIATE AGREEMENT (Agreement #) THIS DOCUMENT CONSTITUTES AN AGREEMENT BETWEEN: AND (Contractor name and address), hereinafter referred to as Business Associate; The Department of Behavioral

More information

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS)

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS) ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS) THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ), is dated as of, by and between Action Collection Services Inc. (

More information

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 THIS AGREEMENT is entered into on ( Effective Date ) by and between LaSalle County Health Department, hereinafter called Covered Entity and, hereinafter

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule) 5450F1 (page 1 of 6) Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule) THIS AGREEMENT is entered into on this day of, 20 by and between

More information

Business Associates Agreement

Business Associates Agreement Business Associates Agreement This Business Associate Agreement (the Agreement ) between Customer,( Covered Entity ) and Kareo ( Business Associate ) will be in effect during any such time period that

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is entered into as of the day of, 2013 by and between RUTGERS UNIVERSITY, a Hybrid Entity, on behalf and for the

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

Appendix : Business Associate Agreement

Appendix : Business Associate Agreement I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ("Agreement") is made and is effective as of the date of electronic signature("effective Date") between Name of Organization ("Covered

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is entered into by and between the Board of Regents of the University of Wisconsin System on behalf of the [insert name

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.

More information

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement You may be aware that the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) requires health plans

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

Check In Systems. Software Usage Agreement

Check In Systems. Software Usage Agreement Check In Systems Software Usage Agreement Usage of Check In Systems Inc. software shall constitute agreement with the following; You understand that you have the right to terminate or not use the software

More information

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules Professional Solutions Insurance Company Business Associate Agreement re HIPAA Rules I. Purpose of Agreement This Agreement reflects Professional Solutions Insurance Company s agreement to comply with

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( BAA ), effective as of, ( Effective Date ), is made by and between ( Covered Entity ) and da Vinci Motion Graphics, Inc. d/b/a

More information

Enclosure. Dear Vendor,

Enclosure. Dear Vendor, Dear Vendor, As you may be aware, the Omnibus Rule was finalized on January 25, 2013 and took effect on March 26, 2013. Under the Health Insurance Portability & Accountability Act (HIPAA) and the Omnibus

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Hereinafter "Agreement") dated as of, 2013, is made by and between (Hereinafter Covered Entity ) and (Hereinafter Business Associate ). ARTICLE

More information

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is effective as of (the Effective Date ) and is entered into by and between, with an address of (the Covered Entity

More information

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? The AMC Privacy & Security Conference Series Securely Connecting Communities for Improved Health

More information

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is entered into between Covered Entity and CoverMyMeds LLC, a Delaware limited liability company ( Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is effective as of, 2013, and is by and between SOUTHWEST DEVELOPMENTAL SERVICES, INC. ( Covered Entity ) and ( Business Associate

More information

Preferred Professional Insurance Company Subcontractor Business Associate Agreement

Preferred Professional Insurance Company Subcontractor Business Associate Agreement Preferred Professional Insurance Company Subcontractor Business Associate Agreement THIS SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT ( Agreement ) amends and is made a part of all Services Agreements (as

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM This Business Associate Addendum ( Addendum ), effective, 20 ( Effective Date ), is entered into by and between University of Southern California, ( University

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

Business Associate Contract

Business Associate Contract Business Associate Contract THIS CONTRACT is made and entered into by and between Imagine! (hereinafter called Contractor ), a not-for-profit Community Centered Board, duly incorporated and existing under

More information

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (Agreement) is made this day of, 20, between the Catholic Social Services ( CSS ), whose business address is 3710

More information

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN Stewart C. Miller & Co., Inc. (Business Associate) AND City of West Lafayette Flexible Spending Plan (Covered Entity) TABLE OF CONTENTS

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is between you, a healthcare provider, its employees and agents ( Covered Entity ) and Doc Halo, LLC ( Business Associate ).

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES This Addendum is entered into effective as of, by and among Delta Dental of Virginia ("Business Associate"), and ( Covered

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) is entered into this day of 2014. Perry Memorial Hospital ( Covered Entity ) and [ABC Company] ( Business Associate ) referred

More information

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt.

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt. Re: Notice of Business Associate Agreement This Notice concerns the mutual obligations arising from the COBRA Administration Contract ( Contract ) between your company ( Covered Entity ) and Small Business

More information

Exhibit 2. Business Associate Addendum

Exhibit 2. Business Associate Addendum Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing

More information