I. Purpose. Applicability of Policies. NATE-Policy #3.c.1

Size: px
Start display at page:

Download "I. Purpose. Applicability of Policies. NATE-Policy #3.c.1"

Transcription

1 Subject: NATE-QE Eligibility Criteria for: Policy #: 3.c.1 Provider to Provider for Treatment Trust Profile (P2P4Tx) Status: Approved Approved/Authorized By: NATE Board of Directors Date Approved: 10/29/2013 Effective Date:10/29/2013 Version: 1.1 Pages: 9 I. Purpose This Policy defines the Provider to Provider for Treatment Purposes (P2P4Tx) eligibility criteria for inclusion of a NATE-Qualified Entity (NATE-QE) into this NATE Trust Profile. II. Applicability of Policies This profile applies to the following: Member states responsible for promoting HIOs that implement Direct (HISPs) in their state that satisfy the criteria of the P2P4Tx profile. HIOs (HISPs) that implement Direct as a mode of exchange interested in being promoted to the NATE P2P4Tx Trust Bundle. The NATE Trust Bundle Coordinator and others involved in related functions. III. Policy NATE-QE (P2P4Tx) eligibility criteria are grouped into two sets: The first set are found in section A Policies for Trust Profiles using Direct ; and The second set are found in section B Obligations of the Parties to the NATE-QE s (P2P4Tx) Participant Agreement A Member State shall confirm that candidate NATE-QEs satisfy each and all Eligibility Criteria of both sets A & B prior to causing the NATE-QE to be added to the NATE Trust Community conforming to this Trust Profile. Page 1

2 A. Policies for Trust Profiles using Direct 1 1) Conform to all of the Direct Project requirements specified in Direct Project s Applicability Statement for Secure Health Transport version Rationale This is the authoritative reference for the Direct Mode of exchange. Method of Verification Several methods of testing for compliance to the applicability have been made available by federal agencies. 3 A method of conformance testing is recommended to Member States to verify that the NATE-QE s Direct Implementation conforms to the technical specifications. In addition to evidence of conformance testing the NATE Board of Directors 4 currently permits self-attestation as sufficient evidence to be added to this Trust Bundle. 2) Implement a Business Associate Agreement 5 as a component of contracting with their Participant Organizations. Verify that the applicant HISP implements a Business Associate Agreement as a component of their contract with a Participant Organization. Rationale Required based on applicable law and evidentiary that the HISP holds itself to the provisions of the HIPAA Security Rule. Method of Verification Collect from HISP as component of Application Package. Noteworthy: If the Applicant provides exchange services to any non-covered Entities the Applicant s Participants Agreement must require that such Participant Organizations comply with the terms and conditions of HIPAA as if they were in fact a Covered Entity to be eligible to participate in NATE 6. 3) Have contractually binding legal agreements with their Participant Organizations. 1 These criteria were originally derived from the State HIE Implementation Guidelines for Direct Security and Trust published by the ONC. See: Implementation-Guidelines-for-Direct-Security-and-Trust_ pdf 2 See: direct_project/ See and 4 It is anticipated as more Member States leverage these conformance testing tools that the NATE Board of Directors may update this obligation to no longer permit self-attestation. 5 If the candidate NATE-QE is a Conduit model the Governance Body may elect to exempt the HISP from the requirement to implement a BAA. The NATE Board of Directors will evaluate this consideration in the future if a NATE-QE that is a true Conduit model HISP is identified by a Member State. 6 It is outside the scope of NATE to determine a verification method to test the ability of an Applicant to selectively exclude non-covered Entities from use of the Trust Bundle and Directory Services. Page 2

3 The Participants Agreement of a NATE Qualified-Entity should include all of the terms and conditions required in a Business Associates Agreement per item # 2 above and the terms and conditions necessary to effect the obligations identified in section B below. Rationale The obligations of the parties to a HISP s Participants Agreement are a critical component of a Trust Profile Method of Verification Collect from HISP as component of Application Package and verify that the obligations are satisfied contractually. Noteworthy: The analysis to be performed by the Member State may require clarification with the candidate. Best practices in performing this verification need to be developed and may include guidelines in how to collaborate with the candidate to index the obligations against the HISP s Participants Agreement. 4) Demonstrate conformance with industry standard practices related to meeting privacy and security regulations in terms of both technical performance and business processes. Through either availability of a written security audit report or formal third party accreditation provided by an established, independent third-party. Rationale HISPs operate services on behalf of many Participant Organizations and on a risk basis should provide sufficient evidence to justify trust. Method of Verification There is more to learn about the method by which this component shall be verified and what evidence will suffice for a candidate NATE-QE to demonstrate conformance. Candidate methods include: Formal accreditation provided by an established, independent third-party entity or, Availability of a written security audit report or, Completed EHNAC self-assessment tool. Noteworthy: HISPs that manage private keys should perform specific risk assessment mitigation to ensure that the private keys have the strongest protection from unauthorized use. HISPs that manage trust anchors on behalf of their customers should have well defined, publicly available policies that permit customers and other parties to evaluate the certificate issuance policies of those trust anchors. 5) Minimize data collection, use, retention and disclosure. Page 3

4 The HISP should only collect the minimum required to meet the level of service required. To the extent that HISPs support multiple functions with different requirements for data use, they must separate those functions such that more extensive data use or disclosure is not required for more basic (direct) exchange models. Rationale This component encompasses at least two obligations. o That the HISP should only collect, use, retain or support the disclosure of the minimum data necessary based on the Purpose of Use; and o If the HIO offers services in addition to its HISP service, when an Authorized User is using the Direct Project offering the functions of the HIO with regards to that use should be separated from those of other modes of exchange that may have more extensive disclosure requirements (such as query retrieve where the Patient s Data may be accessible by Authorized Users without the Decision of a Provider with an existing Patient relationship asserting that the disclosure is appropriate). Method of Verification Attestation Data received via Direct Project shall not be captured and made accessible by any party other than the one that the sender addressed the message to. 6) HISP shall encrypt all edge protocol communications: that enable last mile exchange between end-users systems and an STA/HISP s Direct Project infrastructure by using SSL/TLS or similar industry standard. Rationale For HISPs that enable messages to be transported across the Internet on behalf of Participant Organizations that do not encrypt data content prior to transporting messages to the HISP the pipe between the Participant Organization and the HISP must be secured. Method of Verification Self-Attestation HISP shall ensure data in motion and at rest is properly encrypted. Noteworthy: In the future as evidence is acquired demonstrating that alternative technologies or methods satisfy the objectives of this component the NATE Board of Directors OF DIRECTORS may approve the new alternatives. 7) HISP shall have a process to manage digital certificates. The process for issuing and managing digital certificates shall only facilitate Direct messages which 7 : o Utilize X509 v3 digital certificates. 7 NATE removed the requirement that HISPs Have been cross-certified to the Federal Bridge Certification Authority (FBCA). Page 4

5 o Meet or exceed NIST level 3 level of assurance and FBCA basic (or equivalent) policies and practices for certificates. o Do not have the non-repudiation flag set 8. o Conform to other requirements set forth in the Direct Project s Applicability Statement for Secure Health Transport. o Have been issued to a health care related organization or more granular component of an organization (e.g., department, individual). The HISP will obligate the Participant Organization to safeguard the integrity of the Authorized User Maintenance Process. Rationale All NATE-QEs must meet or exceed this minimum in order to be part of the NATE Trust Community. The NATE Board of Directors has established this minimum. Method of Verification Self-Attestation Member State s shall document NATE-QE attestation. Noteworthy: The NATE Board of Directors may modify this component as regulations change or new technologies emerge that are equivalent or exceed the protections of the method described. B. Obligations of the Parties to the NATE-QE s (P2P4Tx) The following section outlines the relationships between the parties and attempts to identify the Obligations or responsibilities of the parties to one another established by the NATE-QE s Participants Agreement that the NATE Trust Profile has identified to date as being instrumental to establishing trust for the Direct Mode of Exchange. It is the intention of the NATE Member States to refine the Eligibility Criteria described in this section, updating the specifics that follow based on future experience. The Obligations described below are to be evidenced by the terms and conditions found in the Participants Agreement of the candidate NATE-QE. As there are many ways that the obligations of the parties to the Participants Agreement may be drafted in contract the description of obligations have been mapped to the hierarchical framework that follows to facilitate indexing of the NATE-QE s Participant Agreement to the obligations. The contract language and framework of specific NATE-QE s Participants Agreement addressing these obligations will vary. For example, some PAs may implement an End Users Agreement that all authorized users are required to sign as part of creating the Authorized End Users account which would simplify this identification by the Member State - while other Participant Agreements may require additional analysis to verify conformance of the Obligations of Authorized End Users. 1) Obligations of the HISP 8 Because the certificate is at the Organization level the question of which individual actually signed the payload cannot be answered, therefore it is not sufficient to satisfy a digital signature legal requirement but it still ensures the integrity and privacy of the content. Page 5

6 i. Obligations of the HISP NATE Facing a. The HISP shall commit to complying with all applicable federal and state laws and regulations in their Participants Agreement. b. All Participant Organizations of the HISP that are given access to the NATE Offering will be required to be signatories to the HISP s Participants Agreement. c. It is an obligation of the HISP to ensure that Participant Organizations that have been terminated are no longer able to use the services of NATE. d. HISP s shall not make PHI exchanged as part of NATE accessible to anyone other than the specified recipient in the Direct message. For example: The HISP shall not make it part of a portal that is accessible to other Participant Organizations. The HISP shall not de-identify the data and make it available. The HISP shall not allow the data to be used for marketing purposes. e. Material Changes to HISP s Participants Agreement must be submitted to the Member- State. The Member State shall evaluate if the change would result in the HISP NATE- Qualified Entity status being changed. f. The HISP shall maintain appropriate auditing of its usage of NATE service offerings. g. The HISP shall use reasonable efforts to ensure that its connection to and use of NATE offerings do not introduce malware which will disrupt the proper operation of NATE services or any part thereof. h. A HISP shall notify the Member State that approved it for inclusion in NATE of a breach if the HISP (or one of its Participant Organizations) is required to make notification of a breach pursuant to applicable state and/or federal law. i. A HISP shall Monitor NATE Trust Certificate expiration date, and ensure that the Trust Bundle Coordinator receives a new NATE Trust Certificate prior to expiration. j. The HISP shall continue to satisfy the requirements of NATE s Policy #3.c Policy for Trust Profiles using Direct for the duration of their participation in the Trust Bundle; and k. The HISP shall acknowledge that the NATE Member States may modify these requirements as the needs of NATE change and acknowledge that a condition of ongoing Qualified Entity Status may depend on submitting additional information or evidence that the HISP satisfies eligibility criteria of NATE as approved by the governance body. ii. Obligations of the HISP Participant Organization Facing a. The Participant Agreement of the HISP shall disclose how governance decisions are made to its Participant Organizations in its Participants Agreement regarding but not limited to: Remedies of the Participant Organization when changes to the Participants Agreement are approved. Page 6

7 What are the types of parties that are eligible to use the service? Dispute management process. The process by which the HISP safeguards compliance of Participant Organizations to the terms of the Participants Agreement. The process by which the HISP terminates Participant Organizations. b. The Participant Agreement of the HISP shall have terms that survive beyond termination of the contract including: Participant Organization shall continue to safeguard the Privacy and Security of Patient Data received even after termination of the PA. Participant Organization shall continue to be responsible for the Conduct of Participant Organization and its Authorized End Users. Those T&Cs that are required to survive of a Business Associates Agreement. c. HISP shall obligate the Participant Organization to prohibit non-authorized users access to the system. d. HISP shall make appropriate training materials regarding Participant Organization s rights and obligations and the proper access and use of the system available to each Participant Organization and its Authorized End Users. e. HISP shall make its monitoring of Participant Organizations transparent to the Participant Organization. f. HISP shall have a process to terminate Participant Organizations who fail to satisfy the Participant obligations described below. 2) Obligations of the Participant Organization a. The Participant Organization shall comply with all applicable federal and state laws and regulations. b. The Participant Organization shall maintain sufficient safeguards and procedures to maintain the security and privacy of data received through the HISP. c. The Participant Organization shall use best and reasonable efforts to ensure appropriate security measures are in place to protect PHI. d. Participant Organization s Authorized Representative of the Participating Organization or his/her designee shall be responsible for the accounts created for the Participant Organizations Authorized End Users and ensuring that all of them meet the following criteria: Participant Organizations shall only create Authorized End User Accounts for users permitted to handle PHI according to the local policy of the Organization. Participant Organization shall have a policy prohibiting the sharing of account information among permitted users. Page 7

8 Participant Organization shall not permit non-authorized users to access the HISP s system. e. The Participant Organization shall use best and reasonable efforts to ensure that Authorized Users are trained in the secure and appropriate use of the HISP s System. f. A Participant Organization shall notify its HISP of any breach notifications that the Participant Organization must report to comply with applicable state or federal law. g. In the event of a termination of the Participants Agreement, Participant Organization shall use best and reasonable efforts to ensure that any Authorized User (in the role of sender or receiver) of the Participant Organization s will no longer share or acquire data through the HISP. 3) Obligations of Authorized End Users i. In role of Data Recipient a. The Authorized End User in the role of Data Receiver shall comply with all applicable federal and state laws and regulations. b. An Authorized End User in the role of Data Receiver shall use the HISP s service only for purposes of treatment as defined in HIPAA. c. An Authorized End User in the role of Data Receiver shall not provide data to third parties and shall only use data received by the system in the performance of its permitted purposes. d. An Authorized End User in the role of Data Receiver shall not use PHI received via the HISP in any manner prohibited by law. e. An Authorized End User in the role of Data Receiver shall not aggregate data to compare the performance or outcomes of Authorized Users not associated with the Participant Organization. f. An Authorized End User in the role of Data Receiver shall limit its use and disclosure of Patient Data acquired through the HISP to the extent permitted by applicable law. g. An Authorized End User in the role of Data Receiver shall not disclose data that they receive via the HISP without appropriate authority 9. ii. In role of Data Sender a. The Authorized End User in the role of Data Sender shall comply with all applicable federal and state laws and regulations. b. An Authorized End User in the role of Data Sender shall use the HISP s service only for purposes of treatment as defined in HIPAA This is to say if a consent is required to re-disclose data that the Authorized End User is obligated to have that consent in place prior to sharing data using the HISPs (or secondarily via NATE offerings). 10 At this time we are only permitting Authorized end-users from Participants that are a type = Provider so we don t anticipate that at this time the system will be utilized for Payment Purposes. Page 8

9 c. The Authorized End User in the role of Data Sender shall use the HISP s services to send only the amount of Patient Data that the data recipient is permitted to receive pursuant to applicable laws and regulations 11. d. The Authorized End User in the role of Data Sender shall use reasonable care with respect to the accuracy and completeness of the data sent. e. The Authorized End User in the role of Data Sender is obligated to only send data that they have the authority to send (if consent required sender attest that they have it). f. The Authorized End User in the role of Data Sender grants right to use data sent to a receiver for the permitted purpose it was intended to be use in a fully-paid, non-exclusive royalty free right and license of the Patient Data released to the recipient. g. The Authorized End User in the role of Data Sender will use best and reasonable efforts to ensure that they will maintain all appropriate consent to disclose data as required by applicable federal & state law 12. IV. Related Procedures NATE Procedure 3.d.1 V. Version History Date Author Comment 1 10/29/2013 Aaron Seib Approved version /27/14 Aaron Seib Corrected typo in bullet at top of page 5 11 For treatment purposes there are no minimum data use requirements. With regards to Payment and Operations there may be. It is the obligation of the Authorized user to decide if the data they are sending meets minimum data requirements when the intended receiver is for purposes of use related to Payment or Operations 12 The consent requirements that apply are based on the state in which the sender provides care. Page 9

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION This Agreement governs the provision of Protected Health Information ("PHI") (as defined in 45 C.F.R.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Addendum is made part of the agreement between Boston Medical Center ("Covered Entity ) and ( Business Associate"), dated [the Underlying Agreement ]. In connection with

More information

This form may not be modified without prior approval from the Department of Justice.

This form may not be modified without prior approval from the Department of Justice. This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate

More information

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS: BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project HIPAA Compliance And Participation in the National Oncologic Pet Registry Project Your facility has indicated its willingness to participate in the National Oncologic PET Registry Project (NOPR) sponsored

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement This HIPAA Business Associate Agreement (the Agreement ) is executed by the parties on the dates shown beneath their respective signature lines, but is effective as of,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY

More information

HIPAA COMPLIANCE AND THE EMPLOYMENT INDICATOR SYSTEM

HIPAA COMPLIANCE AND THE EMPLOYMENT INDICATOR SYSTEM HIPAA COMPLIANCE AND THE EMPLOYMENT INDICATOR SYSTEM January 26, 2010 Presented by: Sandra K. Mann, Esquire Devine, Millimet & Branch, P.A. 111 Amherst Street Manchester, NH 03101 603.695.8656 smann@devinemillimet.com

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

This is a "preview " of the BAA agreement. You'll be able to sign the BAA electronically after you upgrade to the Powerhouse Player plan.

This is a preview  of the BAA agreement. You'll be able to sign the BAA electronically after you upgrade to the Powerhouse Player plan. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into as of (the Effective Date ), by and between ("Covered Entity") and Acuity Scheduling, Inc. ("Business Associate").

More information

Check In Systems. Software Usage Agreement

Check In Systems. Software Usage Agreement Check In Systems Software Usage Agreement Usage of Check In Systems Inc. software shall constitute agreement with the following; You understand that you have the right to terminate or not use the software

More information

Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)

Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP) Arizona Health Information Exchange Marketplace Requirements and Specifications Health Information Service Provider (HISP) Table of Contents Table of Contents... 1 Introduction... 2 Purpose... 3 Scope...

More information

Definitions. Catch-all definition:

Definitions. Catch-all definition: BUSINESS ASSOCIATE AGREEMENT THESE PROVISIONS MAY STAND ALONE AS A BUSINESS ASSOCIATE AGREEMENT, OR MAY BE INCORPORATED INTO A LARGER, MORE COMPREHENSIVE CONTRACT WITH THE BUSINESS ASSOCIATE TO COVER OTHER

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between The Board of Trustees of the University of Alabama, on behalf of INTERMACS Registry ( Business Associate

More information

Sample Business Associate Agreement Provisions

Sample Business Associate Agreement Provisions Sample Business Associate Agreement Provisions Words or phrases contained in brackets are intended as either optional language or as instructions to the users of these sample provisions. Definitions Catch-all

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into as of ( Effective Date ) by and between ( Covered Entity ) and American Academy of Sleep Medicine ( Business Associate

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is entered into by and between the Board of Regents of the University of Wisconsin System on behalf of the [insert name

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( BAA ), effective as of, ( Effective Date ), is made by and between ( Covered Entity ) and da Vinci Motion Graphics, Inc. d/b/a

More information

Appendix : Business Associate Agreement

Appendix : Business Associate Agreement I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BAA ) is by and between the National Association of Boards of Pharmacy

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? The AMC Privacy & Security Conference Series Securely Connecting Communities for Improved Health

More information

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT TERMS BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),

More information

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules Professional Solutions Insurance Company Business Associate Agreement re HIPAA Rules I. Purpose of Agreement This Agreement reflects Professional Solutions Insurance Company s agreement to comply with

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

Model Business Associate Agreement

Model Business Associate Agreement Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated

More information

Business Associate and Other Agreements

Business Associate and Other Agreements Section 4.3 Implement Business Associate and Other Agreements This tool identifies the types of agreements that may be necessary for a community-based care coordination (CCC) program to have in place in

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their

More information

PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group. APPLICATION MD & DO Locum Tenens. 1. First Name: Middle Initial: Last Name:

PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group. APPLICATION MD & DO Locum Tenens. 1. First Name: Middle Initial: Last Name: PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group APPLICATION MD & DO Locum Tenens Applicant Information: 1. First Name: Middle Initial: Last Name: CA Medical License #: Expiration Date: Date

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf

More information

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is effective as of (the Effective Date ) and is entered into by and between, with an address of (the Covered Entity

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

INFORMATION EXCHANGE AGREEMENT BETWEEN THE SOCIAL SECURITY ADMINISTRATION AND THE STATE OF [NAME OF STATE], [NAME OF STATE AGENCY]

INFORMATION EXCHANGE AGREEMENT BETWEEN THE SOCIAL SECURITY ADMINISTRATION AND THE STATE OF [NAME OF STATE], [NAME OF STATE AGENCY] 2012 MODEL STC AGREEMENT INFORMATION EXCHANGE AGREEMENT BETWEEN THE SOCIAL SECURITY ADMINISTRATION AND THE STATE OF [NAME OF STATE], [NAME OF STATE AGENCY] AS THE STATE TRANSMISSION/TRANSFER COMPONENT

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate

More information

THIRD PARTIES HAVING ACCESS TO PHI

THIRD PARTIES HAVING ACCESS TO PHI Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates I. OVERVIEW The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM This Business Associate Addendum ( Addendum ), effective, 20 ( Effective Date ), is entered into by and between University of Southern California, ( University

More information

INTRODUCTION. The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment

INTRODUCTION. The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment INTRODUCTION This guidance is composed of a series of fact sheets that clarify how the HIPAA Privacy Rule applies to, and can be used to help structure the privacy policies behind, electronic health information

More information

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT H I P AA B U S I N E S S AS S O C I ATE AGREEMENT This HIPAA BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into by and between Opticare of Utah, Inc. ( Covered Entity ), and,( Business Associate ).

More information

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

HIPAA COMPLIANCE INFORMATION. HIPAA Policy HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

Business Associates Agreement

Business Associates Agreement Business Associates Agreement This Business Associate Agreement (the Agreement ) between Customer,( Covered Entity ) and Kareo ( Business Associate ) will be in effect during any such time period that

More information

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS PRIVACY 27.0 BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Talksoft is BA with Covered Entity BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is made this day of, and entered into between, ( Covered Entity ) having its principal place of

More information

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt.

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt. Re: Notice of Business Associate Agreement This Notice concerns the mutual obligations arising from the COBRA Administration Contract ( Contract ) between your company ( Covered Entity ) and Small Business

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is between you, a healthcare provider, its employees and agents ( Covered Entity ) and Doc Halo, LLC ( Business Associate ).

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy Title:

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

Kaiser Permanente Affiliate Link Provider Web Site Application

Kaiser Permanente Affiliate Link Provider Web Site Application Kaiser Foundation Health Plan of Colorado Kaiser Permanente Affiliate Link Provider Web Site Application FOR PROVIDERS CONTRACTED WITH KAISER IN THE COLORADO REGION ONLY Page 1 of 7 Kaiser Permanente Affiliate

More information

COLLECTION, USE, AND DISCLOSURE LIMITATION

COLLECTION, USE, AND DISCLOSURE LIMITATION COLLECTION, USE, AND DISCLOSURE LIMITATION This is one of a series of companion documents to The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

More information

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate? HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) is entered into this day of 2014. Perry Memorial Hospital ( Covered Entity ) and [ABC Company] ( Business Associate ) referred

More information

The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy

The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...

More information

a. Breach has the same meaning as the term Breach, as defined in 45 C.F.R

a. Breach has the same meaning as the term Breach, as defined in 45 C.F.R EXHIBIT A STANDARD BUSINESS ASSOCIATE AGREEMENT [Non-Covered Entity] In connection with the Underlying Contact (as defined below), which requires Western New York Clinical Information Exchange, Inc. d/b/a

More information

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule.

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Exhibit F - Business Associate Agreement HIPAA BAA HIPAA BAA, v1.3 Revised 8/15/2014 THIS AGREEMENT is made on between Centre Technologies, Inc., a Texas Corporation ( Company ) with its principal place

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement (the Agreement ), is made and is effective as of this day of, 2013 ( Effective Date ), between, located at ( Business Associate

More information

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions A. Business Associate. Business Associate shall have the meaning given to such term under the Privacy and Security Rules, including,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ("Agreement") is made and is effective as of the date of electronic signature("effective Date") between Name of Organization ("Covered

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This ( Agreement ) is entered into by and between DataMotion, Inc. ( DataMotion, or Business Associate ), having its offices at 200 Park Avenue, Suite 302, Florham Park, NJ

More information

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum; BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered between ("Covered Entity" or "CE") and, ("Business Associate" or "BA"), collectively the Parties, who agree as follows:

More information

Outline of Key Changes to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules

Outline of Key Changes to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules Outline of Key Changes to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules By Boris Segalis, CIPP/US Editor s Note: This content comes from the InfoLawGroup post New HIPAA/HITECH

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT Express Scripts, Inc. and one or more of its subsidiaries ( ESI ), and Sponsor or one of its affiliates ( Sponsor ), are parties to an agreement ( PBM Agreement ) whereby ESI

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule) BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule) This Business Associate Agreement (the Agreement ), dated September 9, 2013, is entered into by and between ( Covered Entity ) and Schuster

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) THIS AGREEMENT is entered into and made effective the day of, 2012 (the Effective Date ), by and between (a)

More information

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 12/8/15 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT [HIPAA, HITECH, RED FLAG RULES]

HIPAA BUSINESS ASSOCIATE AGREEMENT [HIPAA, HITECH, RED FLAG RULES] HIPAA BUSINESS ASSOCIATE AGREEMENT [HIPAA, HITECH, RED FLAG RULES] This HIPAA Business Associate Agreement ("Agreement") is entered into on this 1st day of July, 2016, between Denver Options, Inc., dba

More information

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com

More information

Business Associate and Data Use Agreement

Business Associate and Data Use Agreement Business Associate and Data Use Agreement This Business Associate and Data Use Agreement (the Agreement ) is entered into by and between ( Covered Entity ) and HealtHIE Nevada ( Business Associate ). W

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

Enclosure. Dear Vendor,

Enclosure. Dear Vendor, Dear Vendor, As you may be aware, the Omnibus Rule was finalized on January 25, 2013 and took effect on March 26, 2013. Under the Health Insurance Portability & Accountability Act (HIPAA) and the Omnibus

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES This agreement ("Agreement") is effective upon its execution and delivery to LCD SOLUTIONS, INC.

More information

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a

More information

BUSINESS ASSOCIATE AGREEMENT Tribal Contract

BUSINESS ASSOCIATE AGREEMENT Tribal Contract DEPARTMENT OF HEALTH SERVICES Division of Enterprise Services F-00714 (08/2013) STATE OF WISCONSIN BUSINESS ASSOCIATE AGREEMENT Tribal Contract This Business Associate Agreement is made between the Wisconsin

More information

Rutgers University HIPAA BUSINESS ASSOCIATE AGREEMENT

Rutgers University HIPAA BUSINESS ASSOCIATE AGREEMENT Rutgers University HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: School/Unit:

More information