HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT



Similar documents
BUSINESS ASSOCIATE AGREEMENT

This form may not be modified without prior approval from the Department of Justice.

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

AMWELL SERVICE PROVIDER SUBSCRIPTION AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Model Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Addendum

Online Statement Agreement and Disclosure

BUSINESS ASSOCIATE AGREEMENT

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

[FORM OF AGREEMENT FOR U.S.- PLEASE INSERT INFORMATION WHERE INDICATED] ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT THIS ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT

Agreement for Net Metering and Interconnection Services (Level 1, 2 and 3 Interconnection)

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

DATA USE AGREEMENT RECITALS

Business Associate and Data Use Agreement

Business Associate Agreement Washtenaw Community Health Organization Effective Date: insert date

SOFTWARE LICENSE AGREEMENT

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

Technical Help Desk Terms of Service

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATES CONTRACT FOR EYE CARE PROVIDERS 1 ST ADDENDUM

COMPUTER SERVICES AGREEMENT

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS

Kaiser Permanente Affiliate Link Provider Web Site Application

Service Agreement Hosted Dynamics GP

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

HIPAA Business Associate Agreement Instructions

ANTHEM INSURANCE COMPANIES, INC. ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT

BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT

Leads may be resubmitted within 4 months of the leads license renewal date.

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

Payroll Services Agreement

Companion Guide Benefit Enrollment and Maintenance 834

Iowa Health Information Network BUSINESS ASSOCIATE AGREEMENT

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

HIPAA BUSINESS ASSOCIATE AGREEMENT

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT THIS ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT

Master Software Purchase Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

INDEPENDENT CONTRACTOR AGREEMENT FOR HEALTH CARE PROVIDERS

ELECTRONIC FILER AGREEMENT [REVISED JANUARY 1, 2014]

If a Client and a Freelancer enter an independent contractor relationship, then this Freelancer Agreement ( Freelancer Agreement ) will apply.

COOPER US, INC. ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT

All travel must be booked in the applicable class of service for discounts to apply.

BUSINESS ASSOCIATE AGREEMENT

Burn Model Systems National Data and Statistical Center STANDARD OPERATING PROCEDURE 601. Data Use Agreement

Appendix : Business Associate Agreement

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT

Business Associate Agreement Involving the Access to Protected Health Information

WE RECOMMEND THAT YOU PRINT OUT AND KEEP A COPY OF THIS AGREEMENT FOR YOUR FUTURE REFERENCE.

Medical Society of Virginia 2924 Emerywood Parkway, Ste 300 Richmond, VA Fax:

BECKER COUNTY ENHANCED REMOTE ACCESS AGREEMENT

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

WellDyneRxWEST Customer (TPA, Broker, Consultant, Group Health Plan, and other).

Covered California. Terms and Conditions of Use

Electronic Data Interchange (EDI) Trading Partner Agreement

HIPAA Privacy and Business Associate Agreement

Disclaimer: Template Business Associate Agreement (45 C.F.R )

MISSOURI HIGHWAYS AND TRANSPORTATION COMMISSION ELECTRONIC SIGNATURE AGREEMENT

SERVICE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

POWER PURCHASE AND SALE AGREEMENT [NON-INCENTIVE]

HIPAA BUSINESS ASSOCIATE AGREEMENT

GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT

Business Associate Agreement

Services Agreement between Client and Provider

STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

HEALTH INSURANCE PLAN OF GREATER NEW YORK SELLING AGENT AGREEMENT

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

ELECTRONIC FILER AGREEMENT. United States Mineral Products Company Asbestos Personal Injury Settlement Trust

LIMITED DATA USE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

NRBN VOICE SERVICES RETAIL AGREEMENT. (9-1-1 VoIP Emergency Calling) NIAGARA REGIONAL BROADBAND NETWORK LIMITED ( NRBN ) - and -

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

MARYLAND ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT RECITALS. Section 1. Prerequisites

HIPAA Business Associate Agreement

COMPUTER SOFTWARE AS A SERVICE LICENSE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork,

MOBILE MED MANAGEMENT, INC. DBA MOBILE MED PRO BUSINESS ASSOCIATE AGREEMENT

Transcription:

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT THIS PRIVACY AND SECURITY AGREEMENT ( Agreement ) is made effective as of, 20 (the Effective Date ) by and between Harvard Pilgrim Health Care, Inc., a Massachusetts corporation with a place of business at 93 Worcester Street, Wellesley, MA (hereinafter HPHC ) and, a [insert type of entity] with a place of business at (hereinafter Contractor ) RECITALS WHEREAS, the parties recognize their legal obligation to protect the privacy and security of health information concerning individual persons; WHEREAS, the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ( HIPAA ) and regulations promulgated thereunder in Title 45, Parts 160 and 164 of the Code of Federal Regulations contemplate that payors, providers, providers Business Partners and others given access to such health information will enter into agreements with each other to maintain information security and protect the privacy of such health information; WHEREAS, the parties will be accessing or sharing such information in conjunction with a number of aspects of HPHC s relationship with providers, including without limitation claims submission and payment activities; and WHEREAS, the parties to this agreement will be accessing or sharing such information through a number of media, including without limitation electronic data interchange via secure File Transfer Protocol (FTP), Virtual Private Network (VPN), secure modems or various other electronic channels, and the Contractor will be responsible for managing and monitoring its user access. NOW THEREFORE, the parties, intending to be legally bound, agree as follows: 1. DEFINITIONS 1.1 Authorized Employees or Agents shall mean Contractor s employees and agents with a need to know Protected Information and who have been authorized by Contractor to have access to Protected Information. 1.2 Business Partner or Business Associate shall mean a person or entity (other than an employee of Contractor) that performs, or assists in the performance of a function or activity involving the use or disclosure of Protected Information, including without limitation claims processing or administration, data analysis, processing or administration, billing, or practice management, or a person or entity (other than an employee of Contractor) that provides legal, actuarial, accounting, consulting, management, administrative, or financial services to or for Contractor, where the provision of the service involves the disclosure of Protected Information. 1.3 Protected Information shall mean information obtained from HPHC, whether oral or 1 Posted 10/28/13

recorded in any form or medium, that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual, including demographic information collected from an individual, which information either identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Protected Information shall also include but not be limited to (whether or not specifically designated as confidential by HPHC) enrollment information, claims data, demographic data and any and all patient specific information and rate information or specific utilization information relating to clinical practices. 2. CONFIDENTIALITY AND SECURITY 2.1 Maintaining Confidentiality of Protected Information. Contractor shall not, without the prior written consent of HPHC: i. use or access any Protected Information except (i) in the conduct of its business as a provider of health care or (ii) as a Business Partner or Business Associate of a health care provider, and as provided herein; or ii. disclose any portion of the Protected Information to any persons or entities other than to Contractor s Authorized Employees, Business Partners, or Business Associates as provided herein. 2.2 Confidentiality Safeguards. Contractor shall use its best efforts, including employment of all reasonable safeguards, to prevent any use, access or disclosure of the Protected Information not authorized by this Agreement. Such safeguards shall include, but not be limited to: i. limiting Authorized Employees to those having a need to know such information, ii. limiting the number of Authorized Employees, iii. ensuring that access to such information of any Authorized Employee who is no longer employed by Contractor is terminated immediately upon their departure, iv. ensuring that Authorized Employees understand the obligations of Contractor under this Agreement, v. establishing a disciplinary policy for breach of confidentiality, vi. instituting appropriate password controls, vii. immediately notifying HPHC in the event Contractor has knowledge that any employee or agent has breached this Agreement. Contractor shall immediately notify HPHC of the identity of such individuals, the nature of the breach, and the action taken by Contractor. 2 Posted 10/28/13

2.3 Security Standards. Contractor further agrees that it shall employ all reasonable safeguards, including those safeguards Contractor takes to protect its own confidential information, to prevent any use, access or disclosure of the Protected Information that would result in a breach of this Agreement. With respect to Contractor s facilities where it creates, receives, maintains or transmits Protected Information, Contractor shall implement the administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of such Protected Information as required by, and as more specifically set forth in, the Final Security Regulations issued under HIPAA. Contractor will provide to HPHC copies of its confidentiality and information security policies upon the request of HPHC. In addition, Contractor will report in writing to HPHC, and to any state or federal authority as required by law, any security incident of which it becomes aware relating to a breach of security and/or privacy of the Protected Information including, but not limited to, any attempted or successful unauthorized use or disclosure of the Protected Information. 2.4 Practices for Information Security. HPHC has developed a list of security and confidentiality practices which Contractor may use to develop confidentiality and security procedures. You can find the list of security and confidentiality practices in the Requirements for EDI and Online Solutions chapter in the Harvard Pilgrim Provider Manual at www.harvardpilgrim.org/providers. 2.5 Return or Destruction of Protected Information. Protected Information shall remain the property of HPHC and shall, at HPHC's request (which may be at any time), be returned forthwith to HPHC or be destroyed if so directed by HPHC together with all copies made by Contractor and by anyone to whom such Protected Information has been made available by Contractor. Upon request, Contractor shall provide to HPHC a certificate as to the return or destruction of such Protected Information. 2.6 Compliance with Policy and Laws. Contractor agrees to comply with all applicable and effective state and federal regulatory and statutory requirements related to the confidentiality of Protected Information, including but not limited to, the Massachusetts privacy statute (M.G.L. ch. 214 1B), the Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00), New Hampshire Revised Statutes Chapter 359-C, Maine Revised Statutes Chapter 210-B, and Connecticut General Statutes, Chapters 669 (section 36A-701B) and 743dd (hereinafter the applicable state laws ). 2.7 Required Disclosure. Notwithstanding the foregoing, if Contractor is requested or required in a judicial, administrative or governmental proceeding to disclose any Protected Information, Contractor will notify HPHC as promptly as practicable so that HPHC may either seek an appropriate protective order or waive the provisions of this Agreement. If HPHC promptly seeks and is unable to obtain a protective order or waiver, and Contractor, in the opinion of its counsel, is required to disclose Protected Information in any court, governmental agency or tribunal or else stand liable for contempt under penalty, Contractor may disclose such Protected Information without liability hereunder. 2.8 Costs. Contractor, at its own expense, shall provide and maintain the personnel, 3 Posted 10/28/13

equipment, software, services and testing necessary to effectively and reliably implement the confidentiality and security standards contemplated by this Agreement. Contractor shall be responsible for all equipment necessary to maintain the security of Protected Information, including hardware, software and telecommunication services. 2.9 Certification. Contractor shall upon request certify to HPHC that it complies with the terms of this Agreement, which may be in the form of self-certification. 2.10 Business Partners/Business Associates. (i) Direct access. If Contractor engages any Business Partners or Business Associates, and such Business Partner or Business Associate has a need to know and will have access to Protected Information directly from HPHC, then any such Business Partner will be required to execute a Privacy and Security Agreement with HPHC prior to being given such access, and any such Business Associate will be required to execute a Business Associate Agreement with Contractor prior to being given such access by HPHC. (ii) Other. If Contractor engages any other Business Partner or Business Associate who has a need to know and will have access to Protected Information from Contractor, then Contractor shall be responsible for ensuring that each such Business Partner complies with the terms of this Agreement and that each such Business Associate complies with the terms of HIPAA to the same extent as if they were covered entities. 2.11 Prior Confidentiality. The parties may have previously entered into a confidentiality agreement with respect to the Protected Information or other HPHC confidential information. Such agreements shall continue in full force and effect, provided, however, that to the extent the terms of such previous agreement conflict with this Agreement as to the Protected Information, the terms of this Agreement will govern. 2.12 Contractor Responsibility for Employees and Agents. In connection with access to HPHC s secured provider web portal (HPHConnect), Contractor shall be responsible for assuring that its employees and agents fully comply with all of the obligations of Contractor under this Agreement, including the User Agreement, as set forth in the Provider Manual, in the Chapter captioned Requirements for EDI and Online Solutions. Any violations by Contractor s employees or agents shall be considered violations by the Contractor. 3.0 MISCELLANEOUS TERMS 3.1 Term and Termination. The term of this Agreement shall commence upon the Effective Date and shall continue until Contractor no longer receives Protected Information from HPHC ( Term ). HPHC shall have the right to stop providing Protected Information at any time. Any termination will not alter the rights or duties of the parties with respect to Protected Information received before the effective date of the termination. 3.2 Severability. Any provision of this Agreement, which is determined to be invalid or 4 Posted 10/28/13

unenforceable, will be ineffective to the extent of such determination without invalidating the remaining provisions of this Agreement or affecting the validity or enforceability of such remaining provisions. 3.3 Entire Agreement. This Agreement constitutes the complete agreement of the parties relating to the matters specified in this Agreement and, except as otherwise provided herein, supersedes all prior representations or agreements, whether oral or written, with respect to such matters. This Agreement may be amended only by a written instrument signed by HPHC and Contractor. This Agreement is for the benefit of, and shall be binding upon, the parties and their respective successors and assigns. 3.4 Governing Laws. This Agreement shall be governed by and interpreted in accordance with the laws of the Commonwealth of Massachusetts, without regard to its conflict of laws provisions, and the Commonwealth of Massachusetts shall be the sole forum for resolution of disputes regarding this Agreement or the subject matter thereof. 3.5 Specific Performance. The parties hereby agree and affirm that the subject matter of this Agreement is unique, and that it may be impossible to measure the damages, which would result to HPHC from violations by Contractor of the agreements set forth herein. Accordingly, in addition to any other remedies which HPHC may have at law or in equity, the parties hereby agree that HPHC shall have the right to have all obligations and other provisions of this Agreement specifically performed by the Contractor, as applicable, and that HPHC shall have the right to seek preliminary and permanent injunctive relief to secure specific performance, and to prevent a breach or contemplated breach, of this Agreement, without, in any case, proof of actual damages. 3.6 Audit. HPHC shall have the right, at its own expense, to conduct an audit of Contractor at any time during normal working hours upon reasonable notice to Contractor to determine if Contractor is in compliance with the terms of this Agreement. 3.7 Limitation of Liability. To the full extent allowed by applicable law, HPHC and its directors, officers and employees, affiliates, subsidiaries, successors and assigns, and third-party agents will not be liable, directly or indirectly, for any incidental, punitive, exemplary, special, indirect or consequential damages, for any reason arising from or relating to Contractor s use of or access to any HPHC Protected Information, or any provision of this agreement, even if advised of the possibility of such damages, whether arising under theory of contract, tort (including negligence), strict liability or otherwise. To the full extent allowed by applicable law, in no event will HPHC and its directors, officers and employees, affiliates, subsidiaries, successors and assigns, and third-party agents have any liability for any damages arising from or relating to this agreement or Contractor s use of the any Protected Information except for damages arising solely from HPHC s gross negligence or willful misconduct. 3.8.1 Contractor Agreements. If Contractor is representing another entity for claims submission and payment activities, then Contractor shall have an agreement with such entity. Contractor also agrees to inform HPHC of the addition or deletion of entities 5 Posted 10/28/13

which it is representing. 3.8.2 Contractor Privacy Officer. The Contractor s Privacy Officer s name and contact information is as follows: Name: Mailing Address: Phone Number: Email Address: Contractor agrees to inform HPHC of any change in its Privacy Officer information. IN WITNESS WHEREOF, the parties or their authorized representatives have caused this Agreement to be executed under seal as of the Effective Date. HARVARD PILGRIM HEALTH CARE, INC. By: Name: Title: Date: [CONTRACTOR] By: Name: Title: Date: 6 Posted 10/28/13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information