HIPAA GENERAL POLICIES & PROCEDURES
|
|
- Beatrix Goodwin
- 7 years ago
- Views:
Transcription
1 HIPAA GENERAL POLICIES & PROCEDURES Index 1. Introduction 2. Amendments 3. Privacy Notice 4. Business Associate Agreements 5. Access 6. Risk Analysis 7. Risk Management 8. Privacy and Security Officer 9. Training 10. Privacy and Security Incidents 11. Sanctions 12. Mitigation 13. Documentation 14. Administrative Requirements 1. Introduction The District s HIPAA Policies and Procedures (Code nos ) are designed to comply with the privacy and security standards under the Health Insurance Portability and Accountability Act (HIPAA), and apply to the District s group health plans (the covered entities ). All of the District s HIPAA Policies and Procedures shall at all times be interpreted consistent with the HIPAA privacy and security standards set forth in 45 CFR Parts 160 and 164, and any new or amended HIPAA statutes and regulations. Nothing in the District s Policies and Procedures shall be interpreted as granting any additional rights to individuals, or placing any additional obligations on the District s group health plans, other than those required by the Privacy and Security Rules or any other applicable law. Nor shall the Policies and Procedures be considered contractual in nature. 2. Amendments The District s Policies and Procedures may be revised at any time in accordance with the HIPAA Privacy and Security Rules and any new or amended HIPAA statutes and regulations, and shall be revised if necessitated by any change in law. The Policies & Procedures shall be reviewed periodically, and update as needed, in response to environmental or operational changes affecting the privacy or security of protected health information. The group plans must provide their business associates with all relevant changes to the Polices and Procedures. WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 1 of 6
2 3. Privacy Notice The covered entities shall adopt a Privacy Notice regarding potential uses and disclosures of protected health information (PHI) and individuals rights and the covered entities legal duties with respect to PHI. Where the covered entity is a group health plan which provides benefits solely through an insurance contract with a health insurance issuer or HMO, the covered entity shall maintain a Privacy Notice and shall provide the Privacy Notice to any person upon request. If the covered entity is a group health plan which does not provide benefits solely through an insurance contract, the Privacy Notice must be provided to individuals as follows: At the time of enrollment, to new enrollees; Within 60 days of a material revision to the Privacy Notice, to individuals covered by the plan; To any person upon request; and At least once every three years, the health plan must notify individuals covered by the plan of the availability of the Privacy Notice and how to obtain it. The Privacy Notice and its terms may be revised, and the revisions may be effective for all PHI maintained by the covered entities, to the full extent allowed by the Privacy Rules. If the covered entities maintain a web site providing information about their benefits, they must post the Privacy Notice on the web site and make the notice available electronically through the web site. 4. Business Associate Agreements The covered entities must, on a continuous basis, identify all business associates, who are those persons or entities who perform certain functions or activities that involve the use or disclosure of protected health information on behalf of, or which provides services to, a covered entity. Employees of covered entities are not business associates. Business associate functions and activities include: claims processing or administration; data analysts, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing. Business associate services include: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial. The covered entities may permit a business associate to create, receive, maintain, or transmit electronic protected health information on their behalf only if the covered entities obtain satisfactory assurances that the business associate will appropriately safeguard the information and comply with the privacy and security rules. The covered entities shall therefore require all current and future business associates to execute a business associate agreement, or an amendment to a business associate agreement, which provides that the business associate will comply with HIPAA and notify the covered applicable covered entity of any privacy or security incidents or breaches. WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 2 of 6
3 If the covered entities learn of a pattern of activity or practice of the business associate that constitutes a material breach or violation of the business associate s obligations under the contract, the covered entities must take reasonable steps to cure the breach or end the violation, as may be applicable. If such steps are unsuccessful, the covered entities must terminate the contract if feasible, or if termination is not feasible the covered entities must report the problem to the Department of Health and Human Services (HHS). 5. Access The covered entities will create, change, and safeguard passwords with regard to employees whose duties involve the benefit plan(s) at issue, as necessary to protect electronic protected health information (EPHI). The covered entities will provide for password protection for the work computers of those employees whose duties involve the benefit plan(s) at issue, and for the computer system(s) used by such individuals. The passwords will be changed following termination of the employee or other significant change in circumstances. The covered entities will, with regard to those employees whose duties involve the benefit plan(s) at issue, implement one or more of the following procedures if possible using their current hardware and software capabilities: limit the number of log-in attempts; provide notice to the security official if the maximum number of attempts is exceeded; lock the system to prevent access with that particular user s name if the maximum number of attempts is exceeded; etc. 6. Risk Analysis The Covered entities shall assess the potential risks and vulnerabilities to the confidentiality, integrity, and availability of EPHI held by the entities, if any. The risk analysis shall be overseen and directed by the designated security official. The goal of risk analysis is to identify potential security risks, the probability of occurrence, and the magnitude of the risk. The Covered entities shall periodically review and update their risk analysis, annually or more often if there are significant changes in the operating practices or procedures, personnel, physical environment, or computer hardware or software systems. All risk analysis documentation shall be retained for six (6) years. 7. Risk Management The Covered entities shall implement security measures sufficient to reduce risks and vulnerabilities to EPHI held by the entity, if any, to a reasonable and appropriate level. Risk management involves eliminating or reducing unacceptable risks to reasonable levels, and maintaining the lower acceptable level of risk over time. The goal of risk management is to: WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 3 of 6
4 (1) Ensure the confidentiality, integrity, and availability of all EPHI the covered entities create, receive, maintain, or transmit; (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information; (3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the HIPAA Privacy Rules; and (4) Ensure compliance with this subpart by their workforce. In deciding what security measures to use, the covered entities must take into consideration the following factors: 1. The size, complexity and capabilities of the covered entities. 2. The covered entities technical infrastructure, hardware, and software security capabilities. 3. The costs of security measures. 4. The probability and criticality (the degree of potential harm) of potential risks to EPHI. Cost cannot be the sole factor in the decision whether to implement an addressable implementation specification. The Covered entities shall periodically review and update their risk analysis, and, if warranted as a result thereof, implement reasonable and appropriate security measures to address any new or increased risks or vulnerabilities to EPHI held by the entities which are not adequately addressed by current security measures. 8. Privacy and Security Officer The covered entities shall designate privacy and security officials, who may be the same or different individuals, responsible for the development and implementation of these Policies and Procedures, and a contact person or office responsible for receiving notice of any privacy and security violations and to provide further information about matters covered by the privacy and security rules and these Policies and Procedures. The privacy and security officials and contact person functions may be fulfilled by the same or different persons. The privacy and security officials are authorized to have direct access or communication with officers, administrators and/or directors, as applicable, as necessary for compliance with these Policies and Procedures and the Privacy and Security Rules. 9. Training The covered entities shall train all members of their work force who may receive PHI on these Policies and Procedures, as necessary and appropriate for the workforce members to carry out their function within the covered entity. Training shall be provided to new workforce members who may receive PHI within a reasonable period of time after WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 4 of 6
5 joining the covered entity s workforce. Training must also be provided as needed, to each member of the workforce whose functions are affected by a material change in these Policies and Procedures, within a reasonable period of time after the change takes effect. 10. Privacy and Security Incidents The covered entities shall provide a process for individuals to identify and respond to privacy and security incidents, and to report violations of these Policies and Procedures or the Privacy or Security Rules. Privacy and security incidents and violations must be reported to the designated privacy or security official or the designated contact person. The privacy or security official or contact person shall reasonably investigate any privacy or security incident or violation and determine whether and what responsive action or remedial measures, if any, are appropriate, and shall then act on this determination. The privacy or security official shall take reasonable steps to preserve evidence; mitigate, to the extend possible, the situation that caused the incident; document the incident and the outcome; and evaluate privacy and security incidents as part of ongoing risk management. 11. Sanctions Where the privacy or security official has determined a member of its workforce has failed to comply with these Policies and Procedures or the Privacy or Security Rules, the covered entities shall apply sanctions against the workforce member. Depending on the nature and severity of the failure to comply, sanctions may include, but are not limited to, verbal warning, written warning, suspension, or termination. The determination of the appropriate sanction may take into account the severity of the breach, intent, malice, prior offenses, the effect of the breach, and other relevant circumstances. Sanctions may be initiated at any level without prior resort to lesser forms of sanction. 12. Mitigation The covered entities shall mitigate, to the extent practicable, any harmful effect known to the covered entities of a violation of these Policies and Procedures or the Privacy or Security Rules by the covered entities or their business associates. 13. Documentation The covered entities must maintain the Policies and Procedures, any documentation required by the Privacy and Security Rules to be in writing, and a record of any action, activity, or designation required by the Privacy and Security Rules to be documented, for a period of six years from the date of its creation or the date when it last was in effect, whichever is later. Documentation may be maintained in written or electronic form. The documentation must be made available to those persons responsible for implementing the procedures to which the documentation pertains. The documentation shall be reviewed periodically, and update as needed, in response to environmental or operational changes affecting the privacy or security of PHI. WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 5 of 6
6 14. Administrative Requirements a. No Retaliation: The covered entities may not intimidate, threaten, coerce, discriminate against, or take retaliatory action against individuals asserting rights under HIPAA. b. Waiver of Rights: The covered entities may not require individuals to waive their rights under HIPAA as a condition of the provision of treatment, payment, enrollment in a health plan, or eligibility for benefits. c. Policies and Procedures: The covered entities must maintain and implement these Policies and Procedures. d. Group Health Plans: Group health plans which provide health benefits solely through an insurance contract and/or which do not create or receive EPHI are not necessarily subject to certain HIPAA requirements. Nothing in these Policies and Procedures shall be interpreted as granting any additional rights to individuals, or placing any additional obligations on the covered entities, other than those required by the Privacy and Security Rules. Approved Reviewed Revised WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 6 of 6
HIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ("Agreement") is made and is effective as of the date of electronic signature("effective Date") between Name of Organization ("Covered
More informationHIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions
HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions A. Business Associate. Business Associate shall have the meaning given to such term under the Privacy and Security Rules, including,
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability
More informationADMINISTRATIVE REQUIREMENTS OF HIPAA
ADMINISTRATIVE REQUIREMENTS OF HIPAA Policy: The University of Connecticut will comply with all administrative requirements of the Health Insurance Portability and Accountability Act. Rationale: To maintain
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law
More informationPlease print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &
Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
More informationLouisiana State University System
PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into as of _September 23_, 2013, (the Effective Date ) by and between Denise T. Nguyen, DDS, PC ( Dental Practice
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into as of ( Effective Date ) by and between ( Covered Entity ) and American Academy of Sleep Medicine ( Business Associate
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationBUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION
BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION This Agreement governs the provision of Protected Health Information ("PHI") (as defined in 45 C.F.R.
More informationHow To Protect Your Health Care From Being Hacked
HIPAA SECURITY COMPLIANCE GUIDE May 9, 2005 FOR PIONEER EDUCATORS HEALTH TRUST. PIONEER EDUCATORS HEALTH TRUST HIPAA Security Introduction Various sponsoring employers (referred to collectively as the
More informationBUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS
PRIVACY 27.0 BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS
More informationBUSINESS ASSOCIATE AGREEMENT. Recitals
BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and
More informationINDIVIDUAL HIPAA RIGHTS (Health Insurance Portability and Accountability Act)
INDIVIDUAL HIPAA RIGHTS (Health Insurance Portability and Accountability Act) All staff with access to protected health information will follow the procedures below: Alternate Communications: The district
More informationExecutive Memorandum No. 27
OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address
More informationCOVERMYMEDS BUSINESS ASSOCIATE AGREEMENT
COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is entered into between Covered Entity and CoverMyMeds LLC, a Delaware limited liability company ( Business Associate
More informationBUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES
1 BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES This BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is entered into as of the date first written in the signature block below (the Effective Date
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationBUSINESS ASSOCIATE AGREEMENT
THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Addendum is made part of the agreement between Boston Medical Center ("Covered Entity ) and ( Business Associate"), dated [the Underlying Agreement ]. In connection with
More informationBusiness Associate Agreement
Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated
More informationBUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.
BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of
More informationHIPAA Compliance And Participation in the National Oncologic Pet Registry Project
HIPAA Compliance And Participation in the National Oncologic Pet Registry Project Your facility has indicated its willingness to participate in the National Oncologic PET Registry Project (NOPR) sponsored
More informationBUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]
OR HIPAA Privacy BUSINESS ASSOIATES [45 FR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses,
More informationUNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):
UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationCMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS
CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,
More informationSample Business Associate Agreement Provisions
Sample Business Associate Agreement Provisions Words or phrases contained in brackets are intended as either optional language or as instructions to the users of these sample provisions. Definitions Catch-all
More informationPATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)
PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) Use and Disclosure of PHI: Protected Health Information ( PHI ) may not be used or disclosed in violation of the Health Insurance
More informationELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION
ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity
More informationHSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS
HSHS BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement, ( Agreement ) is entered into on the date(s) set forth below by and between Hospital Sisters Health System on its own behalf and
More informationADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES
ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES This Addendum is entered into effective as of, by and among Delta Dental of Virginia ("Business Associate"), and ( Covered
More informationTulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY
Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their
More information2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE (Privacy Rule)
State of Tennessee Department of Finance and Administration Division of Health Care Finance and Administration HIPAA Business Associate Agreement THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationFirstCarolinaCare Insurance Company Business Associate Agreement
FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance
More informationBusiness Associates Agreement
Business Associates Agreement This Business Associate Agreement (the Agreement ) between Customer,( Covered Entity ) and Kareo ( Business Associate ) will be in effect during any such time period that
More informationDEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES
DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES POLICIES AND PROCEDURES Subject: ADMINISTRATION OF HIPAA Effective Date: 12/15/03 Review Date: 6/8/06 Revision Date: 11/21/06 (All legal citations
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationHIPAA Business Associate Addendum
HIPAA Business Associate Addendum THIS HIPAA BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is by and between ( Covered Entity ) and TALKSOFT CORPORATION ( Business Associate ) (hereinafter, Covered Entity
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More informationDefinitions. Catch-all definition:
BUSINESS ASSOCIATE AGREEMENT THESE PROVISIONS MAY STAND ALONE AS A BUSINESS ASSOCIATE AGREEMENT, OR MAY BE INCORPORATED INTO A LARGER, MORE COMPREHENSIVE CONTRACT WITH THE BUSINESS ASSOCIATE TO COVER OTHER
More informationHIPAA PRIVACY POLICIES AND PROCEDURES
HIPAA PRIVACY POLICIES AND PROCEDURES FOR MOTT COMMUNITY COLLEGE NOVEMBER 18, 2004 PREPARED BY: KUSHNER & COMPANY 2427 WEST CENTRE AVENUE PORTAGE, MICHIGAN 49024 (269) 342-1700 WWW.KUSHNERCO.COM EMPLOYEE
More informationPreferred Professional Insurance Company Subcontractor Business Associate Agreement
Preferred Professional Insurance Company Subcontractor Business Associate Agreement THIS SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT ( Agreement ) amends and is made a part of all Services Agreements (as
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BA Agreement ) is entered into by Medtep Inc., a Delaware corporation ( Business Associate ) and the covered entity ( Covered Entity
More informationBusiness Associate Agreements and Similar Arrangements
Business Associate Agreements and Similar Arrangements As a covered entity under the HIPAA Privacy Rule, the Indian Health Service (IHS) is required to have a written contract with each of its business
More informationHIPAA Privacy and Business Associate Agreement
HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)
More informationHIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHIPAA Privacy Summary for Fully-insured Employer Groups
HIPAA Privacy Summary for Fully-insured Employer Groups I. Overview The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures
More informationArizona Medical Information Exchange Proof Of Concept. Privacy & Security Policy Manual version 1.0
Arizona Medical Information Exchange Proof Of Concept Privacy & Security Policy Manual version 1.0 September 29, 2008 Chapter 100 Introduction Table of Contents... 2 Chapter 100 Introduction... 4 101:
More informationBUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]
BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain
More informationBUSINESS ASSOCIATE AGREEMENT TERMS
BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),
More informationOFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)
Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract
More informationHIPAA Business Associate Contract. Definitions
HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationHIPAA BUSINESS ASSOCIATE ADDENDUM
HIPAA BUSINESS ASSOCIATE ADDENDUM This Addendum, dated as of, 2007 ( Addendum ), supplements and is made a part of the Services Agreement (as defined below) by and between ( Covered Entity ) and FUJIFILM
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter Agreement ) is between COVERED ENTITY NAME (hereinafter Covered Entity ) and BUSINESS ASSOCIATE NAME (hereinafter Business
More informationHIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4
HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS HIPAA Privacy Policy pages 2 to 12 Exhibit A HIPAA Privacy Regulations pages A-1 to A-89 Exhibit B Notice of Privacy Practices pages B-1 to B-4 Exhibit
More informationCity of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010
City of Pittsburgh Operating Policies Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 PURPOSE: To establish internal policies and procedures to ensure compliance
More informationHIPAA Agreements Overview, Guidelines, Samples
HIPAA Agreements Overview, Guidelines, Samples I. Purpose The purpose of this document is to provide an overview of the regulatory requirements related to HIPAA trading partner agreements, business associate
More informationBUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:
BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective
More informationBUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;
BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.
More informationEnclosure. Dear Vendor,
Dear Vendor, As you may be aware, the Omnibus Rule was finalized on January 25, 2013 and took effect on March 26, 2013. Under the Health Insurance Portability & Accountability Act (HIPAA) and the Omnibus
More informationGaston County HIPAA Manual
Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.
More informationRUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information
RUTGERS POLICY Section: 100.1.9 Section Title: HIPAA Policies Policy Name: Standards for Privacy of Individually Identifiable Health Information Formerly Book: 00-01-15-05:00 Approval Authority: RBHS Chancellor
More informationDisclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this Agreement ) is made effective as of ( Effective Date ) by and between Sentara Health Plans, Inc. ( Covered Entity ) and ( Business Associate
More informationAPPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT
APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 20 (the Effective Date ), by and between (a) THE SOCIETY OF GYNECOLOGIC
More informationSnake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)
5450F1 (page 1 of 6) Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule) THIS AGREEMENT is entered into on this day of, 20 by and between
More informationHIPAA POLICY REGARDING BUSINESS ASSOCIATES
HIPAA POLICY REGARDING BUSINESS ASSOCIATES SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units of Emory University: School of Medicine; School of Nursing;
More informationDHHS POLICIES AND PROCEDURES
DHHS POLICIES AND PROCEDURES Section VIII: Privacy and Security Revision History: 8/21/13; 5/1/05 Original Effective Date: 4/14/03 Purpose To ensure that all individuals or organizations that perform specific
More informationDRAFT BUSINESS ASSOCIATES AGREEMENT
DRAFT BUSINESS ASSOCIATES AGREEMENT THIS AGREEMENT is made this day of, 20, by and among, a Corporation organized under the laws of the State of (hereinafter known as "Covered Entity") and organized under
More informationADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016
Page 1 of 9 CITY OF CHESAPEAKE, VIRGINIA NUMBER: 2.62 ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016 SUPERCEDES: N/A SUBJECT: HUMAN RESOURCES DEPARTMENT CITY OF CHESAPEAKE EMPLOYEE/RETIREE GROUP HEALTH
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,
More informationHIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION HILLSDALE COLLEGE HEALTH AND WELLNESS CENTER Policy Preamble This privacy policy ( Policy ) is designed to address the Use and Disclosure
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationProfessional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules
Professional Solutions Insurance Company Business Associate Agreement re HIPAA Rules I. Purpose of Agreement This Agreement reflects Professional Solutions Insurance Company s agreement to comply with
More informationCHAPTER 7 BUSINESS ASSOCIATES
CHAPTER 7 BUSINESS ASSOCIATES I. GENERAL RULE DMH may disclose Protected Health Information (PHI) to a Business Associate or allow it to create or receive PHI on DMH's behalf only if DMH obtains satisfactory
More informationINTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT
INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between The Board of Trustees of the University of Alabama, on behalf of INTERMACS Registry ( Business Associate
More informationThe Institute of Professional Practice, Inc. Business Associate Agreement
The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute
More informationIowa Health Information Network BUSINESS ASSOCIATE AGREEMENT
Iowa Health Information Network BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is made entered into and effective on the day of, 201_ ( Effective Date ) by and between
More informationMedical Society of Virginia 2924 Emerywood Parkway, Ste 300 Richmond, VA 23294 Fax: 804-355-6189
RE: MSV and MSVIA Business Associate Agreement The HIPAA Privacy Rule requires that specific safeguards be implemented for sharing protected health information (PHI) among different entities. A medical
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is effective September 1, 2013 and made between Community Health Solutions of America, Inc., a Florida corporation ( CHS ) and ( Company ).
More informationADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT
ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is effective as of (the Effective Date ) and is entered into by and between, with an address of (the Covered Entity
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
More informationBUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
More informationBusiness Associates Policy HS 9430
BUSINESS ASSOCIATES PURPOSE To establish guidelines for UCLA Health to comply with the Privacy & Security Rule requirements relating to business associate relationships, including the entering into of
More informationSaaS. Business Associate Agreement
SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered
More informationBUSINESS ASSOCIATE AGREEMENT. Emory University and/or Emory Healthcare, Inc. ( Emory ) ( Covered Entity ) and
BUSINESS ASSOCIATE AGREEMENT Emory University and/or Emory Healthcare, Inc. ( Emory ) ( Covered Entity ) and Associate ) ( Business This Business Associate Agreement (this Agreement ) effective as of (the
More information