Exhibit 2. Business Associate Addendum



Similar documents
HIPAA Business Associate Contract. Definitions

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT ( BAA )

SaaS. Business Associate Agreement

Business Associate Agreement

SAMPLE BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

The Institute of Professional Practice, Inc. Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

BUSINESS ASSOCIATE AGREEMENT

HIPAA Privacy and Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Sample Business Associate Agreement Provisions

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM

Louisiana State University System

BUSINESS ASSOCIATE AGREEMENT

BAC to the Basics: Business Associate Contracts Made Easy

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

BUSINESS ASSOCIATE AGREEMENT. Recitals

DRAFT BUSINESS ASSOCIATES AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

FirstCarolinaCare Insurance Company Business Associate Agreement

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

This form may not be modified without prior approval from the Department of Justice.

SAMPLE BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

BUSINESS ASSOCIATE AGREEMENT Tribal Contract

HIPAA BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

Business Associate Agreement (BAA) Guidance

MMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE*

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

BUSINESS ASSOCIATE AGREEMENT

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

BUSINESS ASSOCIATE ADDENDUM

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Business Associate and Data Use Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

AMWELL SERVICE PROVIDER SUBSCRIPTION AGREEMENT

MaxMD 2200 Fletcher Ave. 5 th Floor Fort Lee, NJ (201) support@max.md Page 1of 10

BUSINESS ASSOCIATE AGREEMENT

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE SUBCONTRACTOR AGREEMENT

BUSINESS ASSOCIATE AGREEMENT RECITALS

HIPAA Privacy Rule Policies

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

ABOM Business Associate Agreement

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

Transcription:

Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing services described in the Participation Agreement for a Participant that is a Covered Entity. EOHHS is sometimes referred to as Business Associate and Participant is referred to as Covered Entity. 1. Definitions The following capitalized terms, as used in this Addendum, shall have the meanings set forth below. Terms used, but not otherwise defined in this Addendum, shall have the same meaning as used in the Privacy or Security Rules, or shall have the meaning ascribed to them in the Participant Agreement. Privacy Rule shall mean the Standards of Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164. Protected Health Information shall have the same meaning as used in the Privacy Rule. Required by Law shall have the same meaning as used in the Privacy Rule. Secretary shall mean the Secretary of the U.S. Department of Health and Human Services or his or her designee. Security Incident shall have the same meaning as used in the Security Rule. Security Rule shall mean the Security Standards for the Protection of Electronic Protected Health Information, at 45 CFR Parts 160 and 164. 2. Permitted uses and disclosures of protected health information 2.1 Services. Except as otherwise specified herein, Business Associate may make any and all uses and disclosures of Protected Health Information necessary to perform its obligations under the Participant Agreement. All other uses and disclosures not authorized by this Addendum are prohibited, unless Required by Law. Moreover, Business Associate may disclose Protected Health Information for the purposes authorized by this Addendum only: (a) to its employees, subcontractors and agents, in accordance with Section 3.1(d); (b) as directed by Covered Entity; or (c) as otherwise permitted by the terms of this Addendum including, but not limited to, Section 2.2 below. -1-

2.2 Other Activities of Business Associate. Unless otherwise limited herein, the Business Associate may: (a) Use the Protected Health Information for the proper management and administration of Business Associate and to fulfill any present or future legal responsibilities of Business Associate provided that such uses are permitted under state and federal confidentiality law. (b) Disclose the Protected Health Information to third parties for the proper management and administration of Business Associate or to fulfill any present or future legal responsibilities of Business Associate, provided that: (i) the disclosures are Required by Law, or (ii) Business Associate has received from the third party assurances that the information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that the third party promptly will notify Business Associate of any instances of which it is aware in which the confidentiality of the Protected Health Information has been breached; and that the third party will implement reasonable and appropriate information security safeguards to protect such information. 3. Obligations of the parties with respect to protected health information 3.1 Obligations of Business Associate. With regard to the use and/or disclosure of Protected Health Information, Business Associate hereby agrees to do the following: (a) Use and/or disclose the Protected Health Information only as permitted or required by this Addendum or as otherwise Required by Law. (b) Report promptly to the designated Privacy Official of Covered Entity any use and/or disclosure of the Protected Health Information that is not permitted or required by this Addendum of which Business Associate becomes aware. Oral reports shall be made within five (5) business days, and shall be followed by a written report based on subsequently developed information. (c) Use appropriate administrative, physical, and technical safeguards to maintain the security of the Protected Health Information and to prevent unauthorized use and/or disclosure of such Protected Health Information. (d) Require all of its subcontractors and agents, not considered Workforce under the Privacy Rule, that receive or use, or have access to, Protected Health Information under this Addendum to agree, in writing, to adhere to the same restrictions and -2-

conditions on the use and/or disclosure of Protected Health Information that apply to Business Associate. (e) Make available all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to Covered Entity or the Secretary, in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity s compliance with the Privacy Rule, subject to attorney-client and other applicable legal privileges. (f) Business Associate shall track its access to, and use, and disclosure of, Protected Health Information, and shall provide Participant with a log of such access, use, and disclosure, within 7 business days of Participant s request. (g) On termination of this Agreement, destroy or continue to protect all Protected Health Information as set forth in Section 4.3. (h) Disclose to its subcontractors, agents or other third parties, and request from Covered Entity, only the minimum Protected Health Information necessary to perform or fulfill a specific function permitted hereunder. (i) Establish and follow procedures for mitigating, to the extent practicable, any deleterious effects actually known to Business Associate from any improper use and/or disclosure of Protected Health Information that Business Associate reports to Covered Entity provided Business Associate does not need the assistance of Covered Entity to plan or implement such procedures. (j) Report promptly to the designated Privacy Official of the Covered Entity any Security Incident of which Business Associate becomes aware. Oral reports shall be made within one (1) business day, and shall be followed by a written report based on subsequently developed information. 3.2 Obligations of the Covered Entity. With regard to the use and/or disclosure of Protected Health Information by Business Associate, Covered Entity hereby agrees to notify, in writing, Business Associate of any arrangements permitted or required of Covered Entity under the Privacy Rule, including for example its Privacy Notice or changes in any authorization or restrictions on the use or disclosure of any individuals Protect Health Information, that may impact in any manner the use and/or disclosure of Protected Health Information by Business Associate under this Addendum or the Participant Agreement, prior to the effective date of such arrangement or if impossible because of the nature of the arrangement within one business day of such effective date. Given Business Associate s limited access to Protected Health Information and Participant s responsibilities for audit trails and access logs under section 4.7(b) of the Participation Agreement, Participant is responsible for all obligations under 45 CFR 164.524, 164.526, and 164.528, except to the extent Business Associate shall track its access, use and disclosure to Protected Health Information, as noted in section 3.1(f) above. -3-

Covered Entity shall notify Business Associate in writing of the name and contact information of its Privacy Official within five business days of execution of the Participation Agreement. 4.0 Term and termination 4.1 Term. This Addendum shall become effective on the Effective Date of the Participant Agreement and shall continue in effect until all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity is destroyed as set forth in Section 4.3. 4.2 Termination for Cause. As provided in 45 C.F.R. 164.504(e)(2)(iii), Covered Entity may terminate this Addendum and the Participant Agreement on thirty (30) days written notice to Business Associate, if Covered Entity makes the determination that Business Associate has breached a material term of this Addendum and Business Associate has failed to cure such breach within a 30 day the notice period. 4.3 Effect of Termination. (a) Except as provided in Section 4.3(b) below, upon termination of this Addendum for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. (b) In the event that Business Associate determines that returning or destroying the Protected Health Information is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of Protected Health Information is not feasible, Business Associate shall extend the protections of this Addendum to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction not feasible, for so long as Business Associate maintains such Protected Health Information. -4-

5. Miscellaneous 5.1 Amendments; Waiver. The Parties agree to take such action as is necessary to amend this Addendum from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy Rule and the Security Rule. 5.2 Interpretation; Regulatory References. Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy Rule and the Security Rule. Any reference in this Addendum to a section in the Privacy or Security Rules or other regulation or law refers to that section as in effect and as amended from time to time. -5-

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information