BUSINESS ASSOCIATE AGREEMENT ( BAA )



Similar documents
BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

HIPAA BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT

HIPAA Privacy and Business Associate Agreement

Business Associate Agreement

HIPAA Business Associate Contract. Definitions

The Institute of Professional Practice, Inc. Business Associate Agreement

Business Associate Agreement Involving the Access to Protected Health Information

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Louisiana State University System

BUSINESS ASSOCIATE AGREEMENT

This form may not be modified without prior approval from the Department of Justice.

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

Sample Business Associate Agreement Provisions

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

FirstCarolinaCare Insurance Company Business Associate Agreement

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)

University Healthcare Physicians Compliance and Privacy Policy

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM

HIPAA BUSINESS ASSOCIATE AGREEMENT

SaaS. Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Disclaimer: Template Business Associate Agreement (45 C.F.R )

Exhibit 2. Business Associate Addendum

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

Appendix : Business Associate Agreement

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT

Enclosure. Dear Vendor,

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

BUSINESS ASSOCIATE AGREEMENT

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

BUSINESS ASSOCIATE ADDENDUM

Business Associate Contract

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

Business Associate Agreement (BAA) Guidance

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE SUBCONTRACTOR AGREEMENT

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS)

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

BUSINESS ASSOCIATE AGREEMENT

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT TERMS

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt.

HIPAA BUSINESS ASSOCIATE AGREEMENT

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE ADDENDUM

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

WellDyneRxWEST Customer (TPA, Broker, Consultant, Group Health Plan, and other).

BUSINESS ASSOCIATE AGREEMENT

Transcription:

BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor (as defined in the Agreement), this Business Associate Agreement is hereby incorporated by reference into the Agreement. 1. Definitions 1.1. Agreement means the Master Subcontract Agreement or Subcontractor Services Agreement, as applicable, between EMC and Subcontractor to which the BAA relates. 1.2. Business Associate means Subcontractor as defined in the Agreement, to the extent Subcontractor is a Business Associate subject to the HIPAA Standards in connection with its performance under the Agreement with EMC. 1.3. HIPAA means the Health Insurance Portability and Accountability Act of 1996, as amended by the American Recovery and Investment Act of 2009. 1.4. HIPAA Standards means, collectively, HIPAA and its implementing regulations codified at 45 C.F.R. Parts 160, 162, and 164, as such regulations may be amended from time to time and to the extent such regulations (i) are in effect and are being enforced by the Department of Health and Human Services, and (ii) are applicable to the performance of the parties respective functions, activities, services, or obligations under the Agreement. 1.5. Protected Health Information or PHI has the meaning set forth in the HIPAA Standards, but is limited to the PHI created, received, maintained, or transmitted by Business Associate from or on behalf of EMC. All capitalized terms used but not defined in this BAA or the Agreement shall have the meaning set forth in the HIPAA Standards. 2. Permitted Uses and Disclosures by Business Associate a) Except as otherwise limited in this Business Associate Agreement or the Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, EMC as specified in the Agreement, provided that such use or disclosure would not violate the HIPAA Standards if done by EMC. b) Except as otherwise limited in this Business Associate Agreement or the accompanying Agreement, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. c) Except as otherwise limited in this Business Associate Agreement or the accompanying Agreement, Business Associate may disclose PHI for the performance of the functions, activities, or services described in the Agreement, or for the proper management and administration of Business Associate, provided that such disclosures are Required by Law, or Business Associate ensures by contract that any subcontractor of Business Associate (e.g., an organization that provides data transmission, or a vendor that offers personal health records) to whom it discloses PHI agrees to the same restrictions,

conditions, and requirements that apply through this Business Associate Agreement and/or the Agreement to Business Associate with respect to such PHI. d) Unless requested in writing by EMC, Business Associate may not use PHI to provide Data Aggregation services. 3. Obligations of EMC a) EMC shall notify Business Associate of any changes of which it becomes aware in, or revocation of, permission by an Individual to use or disclose the Individual s PHI, if such change or revocation affects Business Associate s permitted or required uses and disclosures of PHI under this Business Associate Agreement. b) EMC shall notify Business Associate of any restriction to the use or disclosure of PHI that EMC or another relevant party has agreed to in accordance with 45 C.F.R. 164.522, if such restriction affects Business Associate s permitted or required uses or disclosures of PHI under this Business Associate Agreement. c) EMC shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by EMC, except as otherwise provided herein. d) EMC shall undertake commercially reasonable efforts to assist Business Associate with responding to an investigation or compliance audit by the Secretary, or an action by an attorney general having jurisdiction. 4. Obligations and Activities of Business Associate a) Business Associate shall not use or further disclose PHI other than as permitted or required by this Business Associate Agreement or as Required by Law. Business Associate shall limit, to the extent practicable, the disclosure of PHI to the limited data set (as defined in 45 C.F.R. 164.514(e)(2)) or the minimum necessary to accomplish the intended purpose of the use or disclosure of the PHI or as required pursuant to the Agreement. Business Associate shall restrict disclosures or communicate confidentially with Individuals as required by the HIPAA Standards and as requested by EMC. b) Business Associate shall report to EMC (i) any use or disclosure of PHI by Business Associate not provided for by this Business Associate Agreement, or (ii) any Security Incident (as defined in the Agreement) involving PHI in Business Associate s possession or control, of which Business Associate becomes aware. For any Security Incident, Business Associate shall comply with the requirements of the Agreement, including in particular Exhibit B. c) If Business Associate maintains PHI in a Designated Record Set, Business Associate shall: (1) provide access to such PHI to EMC in the time and manner designated by EMC; (2) make any amendment(s) in the time and manner designated by EMC; and

(3) provide access to, or a copy of, such PHI to a requesting Individual as directed by EMC and consistent with Exhibit B of the Agreement. Business Associate shall not charge any fee greater than the lesser of the amount permitted by State law or Business Associate s actual cost of labor for complying with the request. d) Business Associate shall make internal practices, books, and records relating to its use and disclosure of PHI available to EMC or the Secretary, in a time and manner reasonably designated by EMC or the Secretary, for purposes of the Secretary determining EMC s or Business Associate s compliance with the HIPAA Standards. e) Business Associate shall document such disclosures of PHI and information related to such disclosures as would be required for EMC under the HIPAA Standards to respond to a request by an Individual for an accounting of disclosures of PHI. Business Associate shall provide to EMC or an Individual, in the time and manner reasonably designated by EMC, an accounting of disclosures required by the HIPAA Standards made by Business Associate. f) Business Associate shall use appropriate safeguards and comply with the HIPAA Standards (including, without limitation, Subpart C of 45 C.F.R. Part 164) with respect to electronic PHI to prevent use or disclosure of PHI other than as provided for by this Business Associate Agreement. Business Associate agrees to assess potential risks and vulnerabilities to PHI in its possession and to develop, implement, and maintain appropriate administrative, physical, and technical safeguards, consistent with applicable HIPAA Standards (including, without limitation, the HIPAA Security Rule ) and the accompanying Agreement, to protect the confidentiality, availability, and integrity of, and to prevent the unauthorized use or disclosure of, any PHI that Business Associate accesses, receives, creates, maintains, or transmits on behalf of EMC. These measures must be documented and kept current, and must include, at a minimum, those measures that fulfill the requirements outlined in the HIPAA Standards and all guidance issued by the Secretary, as well as the requirements of the accompanying Agreement, to the extent such requirements and guidance are applicable to Business Associate s performance of its functions, activities, services, or obligations under the Agreement. g) Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such PHI. h) Business Associate recognizes that violation of any HIPAA Standard by Business Associate may subject Business Associate to civil and criminal penalties, including those set forth in 42 U.S.C. 1320d-5 and 1320d-6. i) Business Associate shall not directly or indirectly receive any remuneration in exchange for any PHI unless approved in advance in writing by EMC in accordance with the HIPAA Standards. j) Business Associate shall not engage in any Marketing or fundraising that uses or discloses PHI.

k) Business Associate shall undertake commercially reasonable efforts to respond to and assist EMC with responding to an investigation or compliance audit by the Secretary, or an action by an attorney general having jurisdiction. l) To the extent Business Associate is to carry out EMC s obligations under the HIPAA Standards (including, without limitation, the HIPAA Privacy Rule ), Business Associate must comply with the requirements of the HIPAA Standards (including, without limitation, the HIPAA Privacy Rule ) that apply to EMC in the performance of such obligations. 5. Term and Termination a) Term. The Term of this Business Associate Agreement shall be effective as of the Effective Date and shall terminate upon termination of the Agreement; provided, however, that to the extent any PHI is maintained by Business Associate on behalf of EMC, then prior to the Term of this Business Associate Agreement terminating, such PHI must be properly and completely Destroyed (as defined in the Agreement) or returned to EMC, or, if it is infeasible to return or Destroy the PHI, protections must be extended to such PHI in accordance with the termination provisions in this section. b) Termination for Cause. Upon EMC's knowledge of a material breach of this Business Associate Agreement by Business Associate, EMC shall provide a reasonable opportunity for Business Associate to cure the breach or end the violation -- but in no event less than thirty (30) calendar days from the notification of the breach -- and EMC may terminate this Business Associate Agreement and the Agreement if Business Associate does not cure the breach or end the violation within the time period specified by EMC. EMC may immediately terminate this Business Associate Agreement and the Agreement if Business Associate has breached a material term of this Business Associate Agreement and cure is not possible, as determined by EMC in its reasonable discretion after consultation with Business Associate. c) Effect of Termination. (1) Except as provided in subparagraph (2) of this subsection (c), upon termination of the Agreement or this Business Associate Agreement, for any reason, Business Associate shall return or Destroy any PHI maintained by Business Associate on behalf of EMC. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the PHI. Upon EMC s request, Business Associate shall promptly certify in writing to EMC that it has Destroyed or returned, as applicable, all PHI. (2) In the event that Business Associate determines that returning or Destroying the PHI is infeasible, Business Associate shall (i) provide to EMC notification of the conditions that make return or destruction infeasible, and (ii) extend the protections of this Business Associate Agreement and the Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.

6. Miscellaneous (3) The parties hereto understand and agree that the terms of this Business Associate Agreement are reasonable and necessary to protect the interests of EMC and Business Associate. The parties further agree that EMC would suffer irreparable harm if Business Associate breached this Business Associate Agreement. Thus, in addition to any other rights or remedies, all of which shall be deemed cumulative, EMC shall be entitled to obtain equitable relief (including a restraining order, injunctive relief, specific performance, and any other relief that may be available from any court) to enforce the terms of this Business Associate Agreement. a) Interpretation. Any ambiguity in this Business Associate Agreement shall be resolved in favor of a meaning that permits EMC to comply with the HIPAA Standards. b) Application of State Law. Where any applicable provision of State law relates to the privacy or security of health information and is not preempted by HIPAA, as determined by application of the HIPAA Standards, the parties shall comply with the applicable provisions of such State law. c) No Private Cause of Action. This Business Associate Agreement is not intended to and does not create a private cause of action for or by any individual, other than the parties to this Business Associate Agreement, as a result of any claim arising out of the breach of this Business Associate Agreement, the Agreement, the HIPAA Standards, or any other State or Federal law or regulation.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information