BUSINESS ASSOCIATE AGREEMENT. Recitals

Similar documents
BUSINESS ASSOCIATE AGREEMENT

Sample Business Associate Agreement Provisions

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

SAMPLE BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM

HIPAA Business Associate Contract. Definitions

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

Business Associate Agreement

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

BUSINESS ASSOCIATE AGREEMENT

SaaS. Business Associate Agreement

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

HIPAA Business Associate Agreement

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT

MMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE*

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement (BAA) Guidance

HIPAA BUSINESS ASSOCIATE AGREEMENT

FirstCarolinaCare Insurance Company Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

Disclaimer: Template Business Associate Agreement (45 C.F.R )

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Tribal Contract

HIPAA BUSINESS ASSOCIATE AGREEMENT

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

Enclosure. Dear Vendor,

HIPAA BUSINESS ASSOCIATE AGREEMENT

DRAFT BUSINESS ASSOCIATES AGREEMENT

BUSINESS ASSOCIATE AGREEMENT RECITALS

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Louisiana State University System

HIPAA Privacy and Business Associate Agreement

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement

Exhibit 2. Business Associate Addendum

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:

BUSINESS ASSOCIATE AGREEMENT

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

How To Write A Community Based Care Coordination Program Agreement

The Accreditation Association for Ambulatory Health Care (AAAHC) is a Business Associate as defined in the HIPAA Privacy Rule:

Business Associate and Data Use Agreement

The Institute of Professional Practice, Inc. Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement Involving the Access to Protected Health Information

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

University Healthcare Physicians Compliance and Privacy Policy

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

HIPAA BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT ( BAA )

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

This form may not be modified without prior approval from the Department of Justice.

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

Transcription:

BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and Health Providers Insurance Reciprocal, RRG (HealthPro). BETARMA provides professional liability coverage and risk management services to members pursuant to professional liability coverage contracts issued by BETARMA. HealthPro provides professional liability insurance and risk management services to insureds pursuant to professional liability insurance policies issued by HealthPro. BETARMA and HealthPro (hereinafter collectively referred to as BETA ) are committed to complying with the Standards for Privacy of Individually Identifiable Health Information (the "Privacy Regulations") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Under the Privacy Regulations, each member/insured covered by BETA is a Covered Entity, as defined by 45 CFR 164.502(e) and 45 CFR 164.504(e). BETA is a Business Associate of the member/insured (hereinafter collectively referred to as Covered Entity ). BETA must use and/or disclose Protected Health Information in its performance of services under its coverage contracts and insurance policies (hereinafter collectively referred to as Contracts ). The Covered Entity and BETA are required by the Privacy Rule and the Security Rule issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HIPAA Amendments issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, and the 2013 Omnibus Rule to protect the privacy and provide for the security of Protected Health Information. BETA agrees to abide by the assurances, terms, and conditions contained herein in the performance of its obligations. This Agreement sets forth the manner in which Protected Health Information that is provided to, or received by, BETA from, or on behalf of, the Covered Entity will be handled. BETA agrees as follows: Section 1 Definitions 1.1 Breach: Breach shall have the same meaning as the term breach in 45 CFR 164.402. 1.2 Business Associate: "Business Associate" shall mean BETA Healthcare Group (BETA), and shall have the same meaning as in 45 CFR 160.103. 1.3 Covered Entity: "Covered Entity" shall mean the member/insured. 1.4 Designated Record Set: "Designated Record Set" shall have the same meaning as the term "Designated Record Set" in 45 CFR 164.501. 1.5 Electronic Protected Health Information (EPHI): Electronic Protected Health Information shall mean Protected Health Information that is transmitted or maintained in electronic format or by electronic media. Page 1 of 5

1.6 Individual: "Individual" shall have the same meaning as the term "Individual" in 45 CFR 164.501 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g). 1.7 Privacy Rule: "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR parts 160 and 164, subparts A and E. 1.8 Protected Health Information (PHI): "Protected Health Information" (PHI) shall have the same meaning as the term "Protected Health Information" in 45 CFR 164.501, limited to the information received by BETA from, or on behalf of, Covered Entity. 1.9 Secretary: "Secretary" shall mean the Secretary of the Department of Health and Human Services or his/her designee. 1.10 Security Incident: Security Incident shall have the same meaning as the term Security Incident in 45 CFR 164.304. 1.11 Security Rule: Security Rule shall mean the Standards for Security of Electronic Protected Health Information at 45 CFR 160 and 164, subparts A and C. 1.12 Unsecured Protected Health Information or Unsecured PHI: Unsecured PHI shall mean protected health information that is not secured through the use of technology or methodology specified by the Secretary in the guidance issued under section 13402(h)(2) of the HITECH Act on the HHS website. Section 2 Obligations of BETA 2.1 Limit PHI Use and Disclosure: BETA agrees not to use, or further disclose, Protected Health Information other than as permitted or required by the Agreement or as required or allowed by law. 2.2 Use Safeguards: BETA agrees to use reasonable safeguards to prevent use or disclosure of PHI other than as allowed by this Agreement, or as otherwise required or allowed by law. BETA will also implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of any EPHI that BETA creates, receives, maintains, or transmits on behalf of Covered Entity. 2.3 Mitigate Harmful Effects: BETA agrees to mitigate, to the extent practicable, any harmful effect known to BETA of a use or disclosure of PHI by BETA in violation of the requirements of this Agreement. 2.4 Report Inappropriate Disclosures of PHI: BETA agrees to report to Covered Entity any discovery of a Breach or any use or disclosure of PHI not permitted or required by this Agreement, including occurrences reported to BETA by its subcontractors or agents, without reasonable delay, after becoming aware of such use or disclosure. BETA also agrees to report to Covered Entity any Security Incident related to EPHI of which BETA becomes aware. 2.5 Report Breaches of Unsecured PHI: In the case of a Breach of Unsecured PHI, BETA will immediately notify Covered Entity as required under HITECH 13402 and 45 CFR 164.410. Page 2 of 5

2.6 Require Compliance of Agents: BETA agrees to require any agents, including subcontractors, to agree to the same restrictions and conditions that apply to BETA through this Agreement, provided such agents perform a service that BETA agreed to perform for, or on behalf of, the Covered Entity under the Contract and, to whom BETA provides PHI. BETA also agrees to ensure that any agent or subcontractor to whom it provides EPHI agrees to implement reasonable and appropriate safeguards to protect it. 2.7 Provide Access to Information: To the extent BETA maintains the Designated Record Set, BETA agrees to provide access to PHI in the original Designated Record Set, during normal business hours, provided the Covered Entity delivers prior written notice to BETA, at least five business days in advance, requesting such access but only to the extent required by 45 CFR 164.524. 2.8 Incorporate Amendments: To the extent BETA maintains the Designated Record Set, BETA agrees to incorporate any amendment(s) to PHI into the original Designated Record Set that the Covered Entity directs, pursuant to 45 CFR 164.526. 2.9 Disclosure of Practices, Books, and Records: Unless otherwise protected or prohibited from discovery or disclosure by law, BETA agrees to make internal practices, books, and records available to the Covered Entity or to the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule, or the Security Rule, but only to the extent such access is related to the use and disclosure of PHI received from the Covered Entity, or created or received by BETA on behalf of Covered Entity. BETA shall have a reasonable time within which to comply with such requests. In no case shall BETA be required to provide access in less than five business days after BETA s receipt of such request. 2.10 Maintain Accounting of Disclosures: BETA agrees to maintain sufficient documentation to allow it to provide to Covered Entity a list of any disclosures of Protected Health Information by BETA or its agents so as to allow the Covered Entity, or BETA on its behalf, to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. 2.11 Provide Accounting of Disclosures: BETA agrees to provide to Covered Entity, or as directed by Covered Entity to Individual, information collected in accordance with Section 2.9 of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. BETA shall have a reasonable time within which to comply with such a request. In no case shall BETA be required to provide access less than five business days after receipt of such request. Section 3 Permitted Uses and Disclosures by BETA 3.1 Purpose: Under the Contract, BETA provides the Covered Entity with professional liability coverage and risk management services (hereinafter "Services ) that involve the use and disclosure of Protected Health Information as defined by the Privacy Regulations. These Services may include, but are not limited to, providing professional liability coverage; receiving and evaluating incidents, claims, and lawsuits; providing risk management services; evaluating outcomes; assisting in development of protocols and clinical Page 3 of 5

guidelines; reviewing the competence or qualifications of health care professionals; evaluating provider performance; conducting training programs to improve the skills of health care providers; credentialing, conducting or arranging for medical review; arranging for legal services; conducting or arranging for audits to improve compliance; assisting in the resolution of internal grievances; placing reinsurance coverage and other functions necessary to perform these Services. Except as otherwise specified herein, BETA may make any uses of Protected Health Information necessary to perform its obligations under this Agreement and under the Contract. Moreover, BETA may disclose Protected Health Information for the purposes authorized by this Agreement: (i) to its employees, subcontractors, and agents, in accordance with paragraphs Section 3.2 through 3.4 of this Section below; or (ii) as otherwise permitted by the terms of this Agreement. All other uses not authorized by this Agreement are prohibited. 3.2 Receipt and Use of PHI: BETA may use Protected Health Information for the proper management and administration of BETA or to carry out BETA s legal responsibilities. 3.3 Disclosure of PHI: BETA may disclose Protected Health Information for the proper management and administration of BETA and to carry out its legal responsibilities, provided such disclosures are required by law, or provided that BETA obtains the following reasonable assurances from the person or entity to whom the PHI is disclosed: 1) the PHI will remain confidential; 2) the PHI will be used or further disclosed only as required by law or for the purposes for which it was disclosed; and, 3) the person or entity will notify BETA of any instances of which the person or entity is aware in which the confidentiality of the information has been breached. 3.4 Use of PHI for Administrative and Legal Responsibilities: BETA may disclose PHI to third parties, such as copy services, defense counsel, consultants, outside counsel, auditors, reinsurers, licensing boards and the National Practitioner Data Bank to carry out management and administrative duties and to fulfill legal obligations. 3.5 Data Aggregation Services: BETA may use PHI to provide data aggregation services to Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B). 3.6 De-Identification: BETA may use PHI to create de-identified information consistent with the standards set forth in 45 CFR 164.514. Section 4 Impermissible Requests by Covered Entity BETA understands that the Covered Entity shall not request that BETA use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by the Covered Entity, except that, despite this Section 4, BETA may use or disclose PHI for data aggregation or management and administrative activities of BETA as is otherwise permitted by this Agreement. Section 5 Term and Termination 5.1 Term: This Agreement shall be effective during the term of the underlying Contract between BETA and the Covered Entity and shall terminate when all of the Protected Health Information provided by Covered Entity to BETA, or created or received by BETA on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is not feasible to return Page 4 of 5

or destroy PHI, protections are extended to such information, in accordance with the termination provisions in this section. 5.2 Termination for Cause: Upon Covered Entity's knowledge of a material breach by BETA of this Agreement, Covered Entity shall provide an opportunity for BETA to cure the breach or end the violation. Covered Entity may terminate this Agreement, and BETA agrees to such immediate termination if BETA has breached a material term of this Agreement and cure is not possible. 5.3 Effect of Termination: Upon termination of the Contract, the protections of this Agreement will remain in force and BETA shall make no further uses and disclosures of Protected Health Information except for the proper management and administration of its business or to carry out its legal responsibilities or obligations. Section 6 Miscellaneous Provisions 6.1 Regulatory References: A reference in this Agreement to a section in the Privacy Rule or the Security Rule means the Section in effect or as amended, and for which compliance is required. 6.2 Amendment: BETA agrees to take action as is necessary to amend this Agreement from time to time as is necessary, as determined by BETA, for compliance with the requirements of the Privacy Rule, the Security Rule and the Health Insurance Portability and Accountability Act, Public Law 104-191 as determined by BETA. 6.3 Survival: The rights and obligations of BETA under this Agreement shall survive the termination of this Agreement and the termination of the Contract. 6.4 Interpretation: Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy and Security Rules. BETA Healthcare Group ONE EXAMPLE Thomas J. Wander Chief Executive Officer Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information