A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1"

Transcription

1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register as follows: August 14, 2002-Privacy, February 20, 2003 Security Rule February 19, 2009 The American Recovery Reinvestment Act 2009 Privacy Originally Published CLAYTON MACBAIN LLC April, 2003 Security Originally Published THE CLAYTON GROUP LLC April, 2005 Revised 2009 by: Lesley E. Berkeyheiser, Mark Cone N-Tegrity Solutions Group, LLC ARRA 2009 Published N-TEGRITY SOLUTIONS GROUP LLC

2 ARRA SEC APPLICATION OF SECURITY PROVISIONS AND PENALTIES TO BUSINESS ASSOCIATES OF COVERED ENTITIES; ANNUAL GUIDANCE ON SECURITY PROVISIONS BACKGROUND: Under HIPAA each business associate (BA) was responsible to safeguard and protect the PHI it handled. This was typically conveyed via the Business Associate Agreement. The Covered Entity was the only business entity directly subject to Civil Monetary Penalties for wrongful disclosures. However, ARRA extends monetary penalties to business associates. It is clear that all of the basic Safeguard provisions within HIPAA Security are now directly applied to business associates. The HIPAA Security Standards named include: 1) Administrative Safeguards; 2) Physical Safeguards; 3) Technical Safeguards; and 4) Policies and Procedures and Documentation Requirements. This means that every business associate must now conduct an initial (and perform routine and ongoing) HIPAA Security Risk Assessment, mitigate gaps between these requirements and their business and create and implement written policies and procedures to address these requirements. In addition to being responsible to carry out the Safeguards named above, the business associate is now also directly held accountable for wrongful disclosures (just as if they were covered entities). NOTE: Because wrongful disclosures in the law are specific to individually identifiable health information the extent to which Privacy Provisions are affected are addressed in ARRA Section EFFECTIVE DATE: As of July 2009 according to the Office of the National Coordinator (ONC) 2009 Implementation Plan, the Centers for Medicare/Medicaid Services (CMS) will be issuing regulations to extend certain HIPAA Security Rule provisions to business associates under Section by February 18, In addition, on a yearly basis DHSS shall continue to issue guidance on the most appropriate technical safeguards for use in carrying out the security standards N-Tegrity Solution Group 1

3 IMPLEMENTATION NOTES: Revise your internal DISCLOSURE OF PROTECTED HEALTH INFORMATION TO BUSINESS ASSOCIATES AND OTHER CONTRACTORS Policy and Procedure. As a covered entity, review all business associate agreements to assure that they are valid (that the entity to which you are contracting is indeed acting as a business associate) and current (that the relationship is clearly defined and mirroring your business operations). NOTE: The BA DECISION TREE has been included in this document to assist in performing this step. Review and revise Business Associate Contract language. NOTE: A sample contract (revised with ARRA related language) has been included. Contact all business associates and amend language to assure contractual documents include the fact that business associates are now to be responsible for adopting Sections , , , and (Administrative, Physical and Technical Safeguards and related documentation of policies and procedures) of title 45, Code of Federal Regulations. In addition, based on clarification by CMS, consider revising language to clearly address the uses and disclosures of PHI by the business associate. NOTE: To perform this step, first review the enclosed document: Implementing Business Associate Agreements To Meet HIPAA Privacy and Security Requirements (Revised to comply with ARRA 2009) Consider whether or not your organization wants to conduct due diligence steps on your business associate (you may choose to do so based on your organization s risk assessment results). For example, a covered entity which out-sources all of its operations to one business associate (who generates PHI on the CE s behalf) may choose to go farther in conducting due diligence efforts than if the BA only handled a copy of PHI for a very limited and specific purpose. Steps such as requiring the business associate to submit copies of recent Security Risk Analysis information and set of policies and procedures may be considered. AFFECTS THE FOLLOWING (Clayton-MacBain/Clayton Group) POLICIES AND PROCEDURES: For Covered Entities: DISCLOSURE OF PROTECTED HEALTH INFORMATION TO BUSINESS ASSOCIATES AND OTHER CONTRACTORS or BUSINESS ASSOCIATES CONTRACTS AND OTHER ARRANGEMENTS 2009 N-Tegrity Solution Group 2

4 DISCLOSURE OF PROTECTED HEALTH INFORMATION TO BUSINESS ASSOCIATES AND OTHER CONTRACTORS RESPONSIBILITY: Privacy Official, General Counsel, Security Official BACKGROUND: [ENTITY] sometimes contracts with other organizations, or with individuals who are not members of [ENTITY] s workforce, to perform services. This may range from computer system maintenance to accounting and legal services to quality improvement studies. These contractors may require access to protected health information (PHI) to perform their services for [ENTITY]. These contractors are termed business associates. HITECH introduced additional entities that provide data transmission services for a covered entity and require access to protected health information (Health Information Exchange Organization; e- Prescribing Gateway; etc ) or act as a vendor of a PHR on behalf of a covered entity and will be treated as a Business Associate. These entities will now be required to enter into a written contract or some other written arrangement. Contractors or business entities that do not require access to PHI to perform their duties under their contracts are not business associates and will not be treated as such. The purpose of this policy and procedure is to establish standards for contracts between [ENTITY] and its business associates and other contractors regarding the privacy and confidentiality of PHI. This is to provide assurance that PHI will be safeguarded and that [ENTITY] will have adequate access to PHI maintained by business associates. It also establishes accountability to [ENTITY] for how the business associate handles PHI. Sample wording for a business associate contract, as recommended by the federal Department of Health and Human Services (DHHS), is attached to this policy as an appendix. POLICY: 1. No member of the [ENTITY] workforce is permitted to disclose protected health information (PHI) to a contractor unless that contractor requires the information in order for it to perform the services for which [ENTITY] has contracted with it. 2. If [ENTITY] is conducting business with a contractor that provides data transmission services of protected health information and requires access to such information (e.g., Health Information Exchange; Regional Health Information Organization; or e-prescribing Gateway) or a vendor that allows [ENTITY] to offer workforce members access to a Personal Health Record, this contractor (non- HIPAA covered entity) will be treated as a business associate. 3. No member of the [ENTITY] workforce is permitted to disclose protected health information (PHI) to a business associate (see DEFINITIONS)/non-HIPAA covered entity, or to allow a business associate/non-hipaa covered entity to obtain PHI on behalf of [ENTITY], unless a written contract (or other written arrangement) 2009 N-Tegrity Solution Group 3

5 has been executed between [ENTITY] and the business associate/non-hipaa covered entity. This agreement must include provisions that meet the standards listed in this policy. 4. No business associate of [ENTITY] is permitted to disclose protected health information to another business associate unless a written agreement has been executed between [ENTITY] and each business associate. 5. If [ENTITY] learns that a business associate or non-hipaa covered entity being treated as a business associate has materially violated its agreement, [BUSINESS ASSOCIATE] will so notify [ENTITY]. Failure to cure the breach within thirty days will result in termination of the agreement. If, for some reason, [ENTITY] determines that it is not feasible to terminate the agreement, the Secretary, federal Department of Health and Human Services, will be notified. [NOTE: Organizations may want to include other specific remedies, such as the right to require a business associate to remove certain members of its workforce from participation under the contract in the event of a breach. However, this is not a substitute for the requirement that the contract be terminated if a breach is not cured within thirty days of notification from the organization.] 6. Contractors that do not require PHI in order to fulfill their contractual responsibilities to [ENTITY] are not considered business associates. However, since such contractors may encounter PHI incidentally in the process of performing their duties under their contracts, and since [ENTITY] has a duty to safeguard PHI, all [ENTITY] contracts for services will contain the basic confidentiality clause listed in this policy. Business Associate Agreement Not Required 7. When [ENTITY] discloses PHI to a provider of health care services, for purposes of providing medical treatment to the individual to whom the PHI pertains, a business associate agreement with the provider is not required. 8. A business associate agreement is not required to disclose PHI to a health plan for purposes of obtaining payment for health care services. However, health plan contracts with [ENTITY] must conform to the standards of the TRADING PARTNER AGREEMENT policy. 9. Disclosures of PHI from the [ENTITY] s group health plan to [ENTITY], in its capacity as plan sponsor, is governed by the plan documents, and a business associate agreement is not required. (See EMPLOYEE HEALTH BENEFIT PLAN policy). 10. If a business associate is required by law to perform a function or activity on behalf of [ENTITY], or to provide a service described in the definition of business associate (See DEFINITIONS), [ENTITY] may disclose protected health information to the business associate to the extent necessary to comply with the legal mandate. [ENTITY] will attempt in good faith to obtain an agreement that meets the standards of this policy, and, if such 2009 N-Tegrity Solution Group 4

6 attempt fails, will document the attempt and the reasons that the agreement cannot be obtained. Types Of Business Associates 11. At a minimum, persons and organizations that provide the following types of services to or on behalf of [ENTITY] are considered business associates: Health care clearinghouse (an organization which transmits electronic transactions to, or receive electronic transactions from, other organizations on behalf of [ENTITY]) Fundraising or marketing Mailing Data analysis or data aggregation of any kind, including services that de-identify PHI Professional services, such as consulting, legal, accounting and auditing, actuarial, management or administration, financial, etc Accreditation Electronic data processing, including software and hardware maintenance Photocopying medical records and other sources of PHI Document shredding Repricing (such as performed by a preferred provider organization to apply negotiated discounts to claims) Storage of PHI (both paper records and electronic media) Outsourced services, such as billing or collections, that involve PHI in any way Web site hosting Collection of PHI from patients Vendor of PHR for [ENTITY} Health Information Exchange Organization (HIE) Regional Health Information Organization (RHIO) E-Prescribing Gateway ADDITIONAL POLICY EXISTS THIS SAMPLE IS MEANT TO PROVIDE AN IDEA OF HOW THE ORIGINAL CLAYTON GROUP TEMPLATE IS BEING CHANGED (SHOWN IN BLUE TEXT) OR THE NEW COMPONENTS THAT SHOULD BE CONSIDERED FOR POLICIES THAT YOUR ORGANIZATION INDEPENDENTLY DEVELOPED 2009 N-Tegrity Solution Group 5

7 Business Associate (BA) Decision Tree Updated and changed for HITECH Act from ARRA N-Tegrity Solution Group 6

8 SAMPLE- HIPAA Business Associate Agreement (This document is constructed based on the original BAA released by CMS) This Business Associate Agreement ( Agreement ) is entered into this day of, between <covered entity>, a <state corporation> (Company ) and <business associate>, a <state corporation> ( Contractor ). RECITALS I. Company is a <type of organization> that <description of primary functions or activities> with a principal place of business at <address>. II. Contractor is a <type of organization> that <description of primary functions or activities> with a principal place of business at <address>. III. Company, as a Covered Entity defined herein under the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) is required to enter into this Agreement to obtain satisfactory assurances that Contractor, a Business Associate under HIPAA, will appropriately safeguard all Protected Health Information ( PHI ) as defined herein, disclosed, created or received by Contractor on behalf of, Company. IV. Company desires to engage Contractor to perform certain functions for, or on behalf of, Company involving the disclosure of PHI by Company to Contractor, or the creation or use of PHI by Contractor on behalf of Company, and Contractor desires to perform such functions. <Description of the services to be performed should be included here or attached in a specific Addendum> V. Contractor may be considered an organization that provides data transmission of protected health information to Company and requires access on a routine basis to protected health information or a Vendor of Personal Health Records. As required under Section of the HITECH Act, the Contractor will be treated as a business Associate of the Company. In consideration of the mutual promises below and the exchange of information pursuant to this agreement and in order to comply with all legal requirements for the protection of this information, the parties therefore agree as follows: A. Definitions of Terms 1. Agreement means this Business Associate Agreement. 2. Breach shall mean the acquisition, access, use or disclosure of protected health information which compromises the security or 2009 N-Tegrity Solutions Group 7

9 privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. HITECH Act Subtitle D. 3. Business Associate shall have the meaning given to such term in 45 C.F.R. section C.F.R. shall mean the Code of Federal Regulations. 5. Designated Record Set shall have the meaning given to such term in 45 C.F.R. section Covered Entity shall have the meaning given to such term in 45 C.F.R. section Electronic Health Record shall mean an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. 8. Electronic Protected Health Information means Protected Health Information that is transmitted by Electronic Media (as defined in the Security and Privacy Rule) or maintained in Electronic Media. 9. Personal Health Record shall mean an electronic record of identifiable health information on an individual that can be drawn from multiple sources and that is managed, shared and controlled by or primarily for the individual. HITECH Act Subtitle D. 10. Protected Health Information or PHI shall have the meaning given to such term in 45 C.F.R. section , limited to the information created or received by Contractor from or on behalf of Covered Entity. 11. Required By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his designee. 13. Security Incident means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. 14. Security Rule shall mean the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR Parts 160 and 162, and Parts 164, Subparts A and C. The application of Security provisions Sections ; , , and of title 45, Code of Federal Regulations shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. 15. Unsecured PHR Identifiable Health Information is information that is not protected through the use of a technology or 2009 N-Tegrity Solutions Group 8

10 methodology specified by the Secretary in the guidance issued under section 13402(h)(2). 16. Vendor of Personal Health Records shall mean an entity, other than a covered entity that offers or maintains a personal health record. HITECH Act Subtitle D. B. Obligations and Activities of Contractor. 1. Contractor agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law. 2. Contractor agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. 3. Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to Contractor of a use or disclosure of Protected Health Information by Contractor in violation of the requirements of this Agreement. 4. Contractor agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware. 5. Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Contractor on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Contractor with respect to such information. 6. Contractor agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements of 45 CFR Contractor agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR at the request of Covered Entity or an Individual, and in the time and manner designated by the Covered Entity. 8. Contractor agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Contractor on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner designated by the Covered Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy and Security Rules. 9. Contractor agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR Contractor agrees to provide to Covered Entity or an Individual, in time and manner designated by the Covered Entity, information collected in accordance with Section B 2009 N-Tegrity Solutions Group 9

11 of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR Contractor shall maintain a comprehensive security program appropriate to the size and complexity of the Contractor s operations and the nature and scope of its activities as defined in the Security Rule. 12. Contractor and its agents and subcontractor are prohibited from directly or indirectly receiving any remuneration in exchange for an individual s protected health information unless the individual provides a valid authorization. 13. Contractor shall contact the Covered Entity immediately in the event that a breach of data has been discovered for unprotected health information The notification should include the identification of each individual whose unsecured protected health information has been, or is reasonably believed to have been accessed, acquired or disclosed during such breach Notification to individuals must be made within 60 days from discovering the breach. Notification must be coordinated with and approved by the Covered Entity Covered Entity will coordinate with Contractor in the determination of additional specific actions that will be required of the Contractor for mitigation of the breach If the Contractor is a vendor of personal health records, notification of the breach will need to be made with the Federal Trade Commission. 14. Contractor shall be responsible for any and all costs associated with the notification and mitigation of a data breach that has occurred because of the negligence of the Contractor. 15. Contractor shall be subject to prosecution by the Department of Justice for criminal violations of HIPAA if the Contractor obtains or discloses individually identifiable health information without authorization, and shall be responsible for any an all costs associated with prosecution. C. Permitted Uses and Disclosures by Contractor General Use and Disclosure Provisions Except as otherwise limited in this Agreement, Contractor may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in [Insert Name of Services Agreement], provided that such 2009 N-Tegrity Solutions Group 10

12 use or disclosure would not violate the Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. Specific Use and Disclosure Provisions [only necessary if parties wish to allow Contractor to engage in such activities] 1. Except as otherwise limited in this Agreement, Contractor may use Protected Health Information for the proper management and administration of the Contractor or to carry out the legal responsibilities of the Contractor. To the extent practical, the information should be in a limited data set or if necessary to the minimum necessary information. 2. Except as otherwise limited in this Agreement, Contractor may disclose Protected Health Information for the proper management and administration of the Contractor, provided that disclosures are Required By Law, or Contractor obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Contractor of any instances of which it is aware in which the confidentiality of the information has been breached. 3. Except as otherwise limited in this Agreement, Contractor may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 42 CFR (e)(2)(i)(B). 4. Contractor may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with (j)(1). 5. Contractor is required to comply with an individual s restriction request, except as otherwise required by law, if it is to a health plan for payment or health care operation and pertains to a health care item or service for which the health care provider was paid in full out of pocket. Reporting Improper Use or Disclosure 1. Contractor shall report to Covered Entity any use or disclosure of Protected Health Information not provided for by the Agreement immediately from the time becomes aware of such use or disclosure. Contractor shall report to Covered Entity any Security Incident and/or breach immediately from the time it becomes aware of such incident. D. Obligations of Covered Entity Provisions for Covered Entity to Inform Contractor of Privacy Practices and Restrictions [provisions dependent on business arrangement] 1. Covered Entity shall notify Contractor of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR , to the extent that 2009 N-Tegrity Solutions Group 11

13 such limitation may affect Contractor's use or disclosure of Protected Health Information. 2. Covered Entity shall notify Contractor of any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, to the extent that such changes may affect Contractor's use or disclosure of Protected Health Information. 3. Covered Entity shall notify Contractor of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR , to the extent that such restriction may affect Contractor's use or disclosure of Protected Health Information. Permissible Requests by Covered Entity Covered Entity shall not request Contractor to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity. E. Term and Termination 1. Term. The Term of this Agreement shall be effective as of [Insert Effective Date]. The term of this Agreement shall terminate when all of the Protected Health Information provided by Covered Entity to Contractor, or created or received by Contractor on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section. E. 2. Termination for Cause. Upon Covered Entity's knowledge of a material breach by Contractor, Covered Entity shall either: a. Provide an opportunity for Contractor to cure the breach or end the violation and terminate this Agreement if Contractor does not cure the breach or end the violation within the time specified by Covered Entity; b. Immediately terminate this Agreement if Contractor has breached a material term of this Agreement and cure is not possible; or c. If neither termination nor cure is feasible, Covered Entity shall report the violation to the Secretary. 3. Effect of Termination. a. Except as provided in paragraph (b) of this section, upon termination of this Agreement, for any reason, Contractor shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Contractor on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Contractor. Contractor shall retain no copies of the Protected Health Information N-Tegrity Solutions Group 12

14 b. In the event that Contractor determines that returning or destroying the Protected Health Information is infeasible, Contractor shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon determination by Covered Entity that return or destruction of Protected Health Information is infeasible, Contractor shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Contractor maintains such Protected Health Information. F. Indemnification. Indemnification. Each party will indemnify and hold harmless the other party to this Agreement from and against all claims, losses, liabilities, costs and other expenses incurred as a result of, or arising directly or indirectly out of or in conjunction with: a. any misrepresentation, breach of warranty or non-fulfillment of any undertaking on the part of the party under this Agreement; and b. any claims, demands, awards, judgments, actions and proceedings made by any person or organization arising out of or in any way connected with the party s performance under this Agreement. G. Miscellaneous 1. Regulatory References. A reference in this Agreement to a section in the Privacy or Security Rule or HITECH Act and its associated regulations means the section as in effect or as amended. 2. Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy or Security Rule and the Health Insurance Portability and Accountability Act of 1996, Pub. L. No or the HITECH Act from the American Recovery and Reinvestment Act of 2009 and its associated regulations. 3. Survival. The respective rights and obligations of Contractor under Section 3 of this Agreement shall survive the termination of this Agreement. 4. Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy and Security Rule or HITECH Act and its associated regulations. 5. Notices. Any notice required to be given pursuant to the terms and provisions of this Agreement shall be in writing and may be either personally delivered or sent by registered or certified mail in the United States Postal Service, Return Receipt Requested, postage prepaid, addressed to each party at the addresses which follow or to such other addresses as the parties may hereinafter designate in writing: 2009 N-Tegrity Solutions Group 13

15 Company: Contractor: Any such notice shall be deemed to have been given, if mailed as provided herein, as of the date mailed. IN WITNESS WHEREOF, the parties hereto have duly executed this agreement to be effective as of (effective date of the agreement). COMPANY CONTRACTOR By: Printed Name: Title: Date: By: Printed Name: Title: Date: 2009 N-Tegrity Solutions Group 14

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum; BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 THIS AGREEMENT is entered into on ( Effective Date ) by and between LaSalle County Health Department, hereinafter called Covered Entity and, hereinafter

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is entered into by and between the Board of Regents of the University of Wisconsin System on behalf of the [insert name

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Addendum is made part of the agreement between Boston Medical Center ("Covered Entity ) and ( Business Associate"), dated [the Underlying Agreement ]. In connection with

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS)

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS) ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS) THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ), is dated as of, by and between Action Collection Services Inc. (

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( BAA ), effective as of, ( Effective Date ), is made by and between ( Covered Entity ) and da Vinci Motion Graphics, Inc. d/b/a

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

Business Associates Agreement

Business Associates Agreement Business Associates Agreement This Business Associate Agreement (the Agreement ) between Customer,( Covered Entity ) and Kareo ( Business Associate ) will be in effect during any such time period that

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM This HIPAA Addendum ("Addendum") is entered into effective this first day of November 1, 2015, by and between "Business Associate" AND COUNTY OF OTTAWA Ottawa County

More information

Louisiana State University System

Louisiana State University System PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered

More information

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. The terms and conditions of this document entitled Business Associate Agreement ( Business Associate Agreement ), shall be attached to and incorporated by reference in the

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is entered into between Covered Entity and CoverMyMeds LLC, a Delaware limited liability company ( Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (this "Agreement") is made as of, 201_ (the Effective Date ), and is entered into between ( Covered Entity ) and Delta Business System, Inc.

More information

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into as of [Date] (hereinafter Effective

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

The Institute of Professional Practice, Inc. Business Associate Agreement

The Institute of Professional Practice, Inc. Business Associate Agreement The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule) 5450F1 (page 1 of 6) Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule) THIS AGREEMENT is entered into on this day of, 20 by and between

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf

More information

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT H I P AA B U S I N E S S AS S O C I ATE AGREEMENT This HIPAA BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into by and between Opticare of Utah, Inc. ( Covered Entity ), and,( Business Associate ).

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION This Agreement governs the provision of Protected Health Information ("PHI") (as defined in 45 C.F.R.

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered between ("Covered Entity" or "CE") and, ("Business Associate" or "BA"), collectively the Parties, who agree as follows:

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is effective as of, 2013, and is by and between SOUTHWEST DEVELOPMENTAL SERVICES, INC. ( Covered Entity ) and ( Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate; BUSINESS ASSOCIATE AGREEMENT (Agreement #) THIS DOCUMENT CONSTITUTES AN AGREEMENT BETWEEN: AND (Contractor name and address), hereinafter referred to as Business Associate; The Department of Behavioral

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, LLC. (hereinafter known as Business Associate ), and

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate

More information

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN Stewart C. Miller & Co., Inc. (Business Associate) AND City of West Lafayette Flexible Spending Plan (Covered Entity) TABLE OF CONTENTS

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES This Addendum is entered into effective as of, by and among Delta Dental of Virginia ("Business Associate"), and ( Covered

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter Agreement ) is between COVERED ENTITY NAME (hereinafter Covered Entity ) and BUSINESS ASSOCIATE NAME (hereinafter Business

More information

This form may not be modified without prior approval from the Department of Justice.

This form may not be modified without prior approval from the Department of Justice. This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate

More information

Business Associate Contract

Business Associate Contract Business Associate Contract THIS CONTRACT is made and entered into by and between Imagine! (hereinafter called Contractor ), a not-for-profit Community Centered Board, duly incorporated and existing under

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ("Agreement") is made and is effective as of the date of electronic signature("effective Date") between Name of Organization ("Covered

More information

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract

More information

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement This (hereinafter referred to as Addendum ) by and between Athens Area Health Plan Select, Inc. (hereinafter referred to as HPS ) a Covered Entity under HIPAA, and INSERT ORG NAME (hereinafter referred

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) is entered into this day of 2014. Perry Memorial Hospital ( Covered Entity ) and [ABC Company] ( Business Associate ) referred

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is entered into as of the day of, 2013 by and between RUTGERS UNIVERSITY, a Hybrid Entity, on behalf and for the

More information

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into as of ( Effective Date ) by and between ( Covered Entity ) and American Academy of Sleep Medicine ( Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT TERMS BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions A. Business Associate. Business Associate shall have the meaning given to such term under the Privacy and Security Rules, including,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.

More information

HIPAA Business Associate Addendum

HIPAA Business Associate Addendum HIPAA Business Associate Addendum THIS HIPAA BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is by and between ( Covered Entity ) and TALKSOFT CORPORATION ( Business Associate ) (hereinafter, Covered Entity

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT Please complete the following and return signed via Fax: 919-785-1205 via Mail: Aesthetic & Reconstructive Plastic Surgery, PLLC 2304 Wesvill Court Suite 360 Raleigh, NC 27607

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is between you, a healthcare provider, its employees and agents ( Covered Entity ) and Doc Halo, LLC ( Business Associate ).

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ), entered into and effective this day of,, is by and between ( Business Associate ) and Black, Gould & Associates, Inc.

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2015 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS

More information

HIPAA Privacy and Business Associate Agreement

HIPAA Privacy and Business Associate Agreement HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)

More information

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement You may be aware that the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) requires health plans

More information

BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES

BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES 1 BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES This BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is entered into as of the date first written in the signature block below (the Effective Date

More information

Business Associate and Data Use Agreement

Business Associate and Data Use Agreement Business Associate and Data Use Agreement This Business Associate and Data Use Agreement (the Agreement ) is entered into by and between ( Covered Entity ) and HealtHIE Nevada ( Business Associate ). W

More information

Note to Users: Page 1 of 5

Note to Users: Page 1 of 5 Note to Users: The subsequent pages contain a Sample Business Associate Agreement that may be used by healthcare facilities. Be advised that this is strictly a sample and any formal Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Hereinafter "Agreement") dated as of, 2013, is made by and between (Hereinafter Covered Entity ) and (Hereinafter Business Associate ). ARTICLE

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BAA ) is by and between the National Association of Boards of Pharmacy

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY

More information

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS HSHS BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement, ( Agreement ) is entered into on the date(s) set forth below by and between Hospital Sisters Health System on its own behalf and

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap

More information

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (Agreement) is made this day of, 20, between the Catholic Social Services ( CSS ), whose business address is 3710

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is effective as of, 200 ( Effective Date ), and entered into by and between, whose address is ( Business Associate ) and THE

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT Express Scripts, Inc. and one or more of its subsidiaries ( ESI ), and Sponsor or one of its affiliates ( Sponsor ), are parties to an agreement ( PBM Agreement ) whereby ESI

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into on [Month], [Day] 2014 (the effective Date ), by and between Accreditation Association for Ambulatory Health

More information

Iowa Health Information Network BUSINESS ASSOCIATE AGREEMENT

Iowa Health Information Network BUSINESS ASSOCIATE AGREEMENT Iowa Health Information Network BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is made entered into and effective on the day of, 201_ ( Effective Date ) by and between

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this Agreement ) is made effective as of ( Effective Date ) by and between Sentara Health Plans, Inc. ( Covered Entity ) and ( Business Associate

More information

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) THIS AGREEMENT is entered into and made effective the day of, 2012 (the Effective Date ), by and between (a)

More information