BUSINESS ASSOCIATE AGREEMENT



Similar documents
BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

HIPAA BUSINESS ASSOCIATES CONTRACT FOR EYE CARE PROVIDERS 1 ST ADDENDUM

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES

HIPAA BUSINESS ASSOCIATE SUBCONTRACTOR AGREEMENT

BUSINESS ASSOCIATE AGREEMENT TERMS

SAMPLE BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS)

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA Business Associate Contract. Definitions

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

HIPAA BUSINESS ASSOCIATE ADDENDUM

HIPAA Business Associate Agreement

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group. APPLICATION MD & DO Locum Tenens. 1. First Name: Middle Initial: Last Name:

Sample Business Associate Agreement Provisions

DRAFT BUSINESS ASSOCIATES AGREEMENT

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

Business Associate Agreement

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Disclaimer: Template Business Associate Agreement (45 C.F.R )

SaaS. Business Associate Agreement

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement

Preferred Professional Insurance Company Subcontractor Business Associate Agreement

MMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE*

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Exhibit 2. Business Associate Addendum

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT RECITALS

BUSINESS ASSOCIATE AGREEMENT ( BAA )

HIPAA Privacy and Business Associate Agreement

Business Associate Agreement

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. Recitals

HIPAA BUSINESS ASSOCIATE AGREEMENT

AMWELL SERVICE PROVIDER SUBSCRIPTION AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

The Institute of Professional Practice, Inc. Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

Business Associate and Data Use Agreement

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

FirstCarolinaCare Insurance Company Business Associate Agreement

This form may not be modified without prior approval from the Department of Justice.

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230

Business Associate Agreement (BAA) Guidance

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

University Healthcare Physicians Compliance and Privacy Policy

Business Associate Agreement Washtenaw Community Health Organization Effective Date: insert date

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Tribal Contract

BUSINESS ASSOCIATE AGREEMENT

Note to Users: Page 1 of 5

HIPAA Business Associate Agreement Instructions

BUSINESS ASSOCIATE AGREEMENT

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

Enclosure. Dear Vendor,

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Addendum

Transcription:

THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY WITH MORE RESTRICTIVE, APPLICABLE STATE LAW. Where indicated below, Option 1 provisions are for use when this business associate agreement will be an amendment, addendum or rider to an existing services agreement and Option 2 provisions are for use when this business associate agreement will be the only written agreement between the parties regarding the business associate services to be provided. All other provisions of the agreement can be included in both options. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this B.A. Agreement ), dated, 200_, is entered into by and between, with an address at (the Business Associate ) and, with an address at (the Covered Entity ) (each a Party and collectively the Parties ). [Required: Choose one option as appropriate.] [OPTION 1 The Parties have entered into a prior agreement entitled dated (the Underlying Agreement ). Performance of the Underlying Agreement may involve Protected Health Information (as defined in 45 C.F.R. 164.501) that is subject to the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) and codified at 45 C.F.R. parts 160 and 164 (the Privacy Rule ). The purpose of this B.A. Agreement is to amend the Underlying Agreement to the extent and only to the extent necessary to allow for Covered Entity s compliance with the Privacy Rule with respect to this Underlying Agreement.] [OPTION 2 The Parties have agreed that Business Associate will perform the following functions and provide the following services for or on behalf of the Covered Entity: [list functions or services which are permitted by the Privacy Rule and require a Business Associate Agreement under the Privacy Rule (see 45 C.F.R. 164.501)]. Performance of such functions and provision of such services by the Business Associate may involve Protected Health Information (as defined in 45 C.F.R. 164.501) that is subject to the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) and codified at 45 C.F.R. parts 160 and 164 (the Privacy Rule ). The purpose of this B.A. Agreement is to set forth the obligations of the Parties with respect to such Protected Health Information.] The Parties hereby agrees as follows:

1. DEFINITIONS [Required provisions] 1.1 Unless otherwise specified in this B.A. Agreement, all capitalized terms used in this B.A. Agreement not otherwise defined have the meaning established for purposes of Title 45 parts 160 and 164 of the United States Code of Federal Regulations, as amended from time to time. 1.2 PHI shall mean Protected Health Information, as defined in 45 C.F.R. 164.501, limited to the information received from or created or received on behalf of Covered Entity. 2. RESPONSIBILITIES OF BUSINESS ASSOCIATE [Required provisions] 2.1 Except as otherwise specified herein, Business Associate may make any and all uses and disclosures of PHI necessary to perform [OPTION 1 its obligations under the Underlying Agreement.] [OPTION 2 the functions and provide the services set forth above.] With regard to its use and/or disclosure of PHI, Business Associate agrees to: (a) use and/or disclose PHI only as permitted or required by this B.A. Agreement or required by law; (b) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted or required by this B.A. Agreement; (c) report to Covered Entity any use or disclosure of PHI of which it becomes aware that is not permitted or required by this B.A. Agreement; (d) require all its subcontractors and agents that create, receive, use, disclose or have access to PHI to agree, in writing, to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate; (e) make available its internal practices, books, and records relating to the use and disclosure of PHI to the Secretary of the Department of Health and Human Services ( HHS ) for purposes of determining Covered Entity s compliance with the Privacy Rule; (f) within days [Must be less than 60 days] of receiving a written request from Covered Entity, make available information necessary for Covered Entity to make an accounting of disclosures of PHI about an individual; and 2

(g) mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this B.A. Agreement. [Required: choose one as appropriate.] 2.2 [Option A: The Parties agree that the information in Business Associate s possession does not constitute a Designated Record Set.] [Option B: The Parties agree that the PHI in Business Associate s possession constitutes a Designated Record Set. With regard to PHI maintained in a Designated Record Set, Business Associate agrees to: (a) within days [Must be less than 30 days] of receiving a written request from Covered Entity, make available PHI necessary for Covered Entity to respond to individuals requests for access to PHI about them; and (b) within days [Must be less than 60 days] of receiving a written request from Covered Entity, incorporate any amendments or corrections to the PHI in accordance with the Privacy Regulation.] 3. PERMITTED USES AND DISCLOSURES OF PHI [Optional: as appropriate to the relationship.] 3.1 Unless otherwise limited herein, in addition to any other uses and/or disclosures permitted or required by this B.A. Agreement or required by law, Business Associate may: (a) use the PHI in its possession for its proper management and administration and to fulfill any legal responsibilities of Business Associate; (b) disclose the PHI in its possession to a third party for the purpose of Business Associate s proper management and administration or to fulfill any legal responsibilities of Business Associate; provided, however, that the disclosures are required by law or Business Associate has received from the third party written assurances that (i) the information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party; and (ii) the third party will notify Business Associate of any instances of which it becomes aware in which the confidentiality of the information has been breached; 3

(c) perform Data Aggregation for the Health Care Operations of Covered Entity; (d) de-identify any and all PHI created or received by Business Associate under this B.A. Agreement; provided, however, that the deidentification conforms to the requirements of the Privacy Rule. Such resulting de-identified information would not be subject to the terms of this B.A. Agreement; and (e) create a Limited Data Set and use such Limited Data Set pursuant to a Data Use Agreement that meets the requirements of the Privacy Rule. 4. RESPONSIBILITIES OF COVERED ENTITY [Important to comply with HIPAA] 4.1 With regard to the use and/or disclosure of PHI by Business Associate, Covered Entity agrees: (a) to obtain any consent, authorization or permission that may be required by the Privacy Rule or applicable state laws and/or regulations prior to furnishing Business Associate the PHI pertaining to an individual; and (b) that it will inform Business Associate of any PHI that is subject to any arrangements permitted or required of Covered Entity under the Privacy Rule that may materially impact in any manner the use and/or disclosure of PHI by Business Associate under this B.A. Agreement, including, but not limited to, restrictions on the use and/or disclosure of PHI as provided for in 45 C.F.R. 164.522 and agreed to by Covered Entity. 5. B.A. AGREEMENT EFFECTIVE DATE 5.1 Each term and condition of this B.A. Agreement shall be effective on the compliance date applicable to Covered Entity under the Privacy Rule ( B.A. Effective Date ). 6. TERM AND TERMINATION [Required provisions] 6.1 Termination by the Covered Entity. Upon Covered Entity s determination of a breach of a material term of this B.A. Agreement by Business Associate, Covered Entity shall provide Business Associate written notice of that breach in sufficient detail to enable Business Associate to understand the specific nature of that breach and afford Business Associate 4

an opportunity to cure the breach; provided, however, that if Business Associate fails to cure the breach within a reasonable time specified by Covered Entity, Covered Entity may terminate this B.A. Agreement [OPTION 1 and the Underlying Agreement to the extent that the Underlying Agreement requires Business Associate to create or receive PHI]. 6.2 Effect of Termination or Expiration. Within days of the termination or expiration of this B.A. Agreement, Business Associate agrees to return or destroy all PHI, including such information in possession of Business Associate s subcontractors, if feasible to do so. If return or destruction of said PHI is not feasible, Business Associate agrees to extend any and all protections, limitations and restrictions contained in this B.A. Agreement to Business Associate s use and/or disclosure of any PHI retained after the termination or expiration of this B.A. Agreement, and to limit any further uses and/or disclosures to the purposes that make return or destruction of the PHI infeasible. This Section 6.2 shall survive any termination or expiration of this B.A. Agreement. 7. MISCELLANEOUS [Important for legal purposes and clarity] 7.1 Change in Law. The Parties agree to negotiate to amend this B.A. Agreement as necessary to comply with any amendment to any provision of HIPAA or its implementing regulations set forth at 45 C.F.R. parts 160 and 164, including, but not limited to, the Privacy Regulation, which materially alters either Party or both Parties obligations under this B.A. Agreement. 7.2 Construction of Terms. The terms of this B.A. Agreement shall be construed in light of any applicable interpretation or guidance on HIPAA and/or the Privacy Regulation issued by HHS or the Office of Civil Rights ( OCR ) from time to time. 7.3 No Third Party Beneficiaries. Nothing in this B.A. Agreement shall confer upon any person other than the parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever. [OPTION 1 7.4 Contradictory Terms. Any provision of the Underlying Agreement that is directly contradictory to one or more terms of this B.A. Agreement ( Contradictory Term ) shall be superceded by the terms of this B.A. Agreement as of the Amendment Effective Date to the extent and only to the extent of the contradiction, only for the purpose of Covered Entity s compliance with the Privacy Rule and only to the extent that it is reasonably impossible to comply with both the Contradictory Term and the terms of this B.A. Agreement.] 5

IN WITNESS WHEREOF, each of the undersigned has caused this B.A. Agreement to be duly executed in its name and on its behalf effective as of, 200_. COVERED ENTITY ASSOCIATE BUSINESS By: Print Name: Print Title: Date: By: Print Name: Print Title: Date: 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information