Case KG Doc 142 Filed 09/23/15 Page 1 of 23 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE : : : : : : : : Chapter 11
|
|
- Ezra Stanley
- 6 years ago
- Views:
Transcription
1 Case KG Doc 142 Filed 09/23/15 Page 1 of 23 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: Haggen Holdings LLC, et al., 1 Debtors. : : : : : : : : Chapter 11 Case No (KG) Jointly Administered REPORT OF CONSUMER PRIVACY OMBUDSMAN Alan Chapell, Esq., CIPP Chapell & Associates, LLC 692 Greenwich Street, Suite 5 New York, NY Telephone: (917) achapell@chapellassociates.com Date: September 23, The Debtors in these chapter 11 cases, along with the last four digits of each Debtors federal tax identification number, are: Haggen Holdings, LLC (7558), Haggen Operations Holdings, LLC (6341), Haggen Opco South, LLC (7257), Haggen Opco North, LLC (5028), Haggen Acquisition, LLC (7687), and Haggen, Inc. (4583). The mailing address for each of the Debtors is 2211 Rimland Drive, Bellingham, WA
2 Case KG Doc 142 Filed 09/23/15 Page 2 of 23 TABLE OF CONTENTS Introduction... 1! Summary of Findings and Recommendation... 2! Data Points Collected by Debtor... 2! Debtors Privacy Representations... 3! Privacy Ombudsman s Recommendations... 3! Applicable Consumer Privacy and Data Protection Laws... 4! U.S. Laws... 5! Applicable State Laws... 11! Non-U.S. Laws... 12! The Debtors Website Privacy Policies and Practices... 12! Application of Law and Privacy Standards... 12! Additional Factors to Be Considered... 13! Recommendations... 14!
3 Case KG Doc 142 Filed 09/23/15 Page 3 of 23 TABLE OF EXHIBITS EXHIBIT A Haggen Notice of Privacy Practices (effective March 27, 2014).
4 Case KG Doc 142 Filed 09/23/15 Page 4 of 23 Alan Chapell, the Consumer Privacy Ombudsman, duly appointed pursuant to section 332 of the Bankruptcy Code, 2 respectfully submits this Report to the Court and states: Introduction 1. The United States Trustee filed the Notice of Appointment of Consumer Privacy Ombudsman on September 17, The Ombudsman has prepared this Report in accordance with Section 363(b)(1)(B) of the Bankruptcy Code to assist the Court in its consideration of the facts, circumstances, and conditions of the sale by Debtors of its customers Personally Identifiable Information ( PII ). 3. The purpose of this Report is to provide the Court with the information specified in section 332(b) of the Bankruptcy Code and to assist the Court in understanding the applicable nonbankruptcy law referenced in section 363(b)(1)(B)(ii) of the Bankruptcy Code In preparing this Report, the Ombudsman has, among other things: a. Reviewed Debtors Notice of Privacy Practices ( NPP ), attached as Exhibit A; b. Discussed, via and telephone with Debtors Counsel, Debtors privacy practices; and c. Researched applicable United States federal and state privacy laws U.S.C. 332 (2006). 3 Pursuant to the Bankruptcy Code, the Consumer Privacy Ombudsman may provide this Court with information relating to (1) the Debtors privacy policy; (2) the potential losses or gains of privacy to consumers if a sale or lease is approved by the Court; (3) the potential costs or benefits to consumers if a sale or lease is approved by the Court; and (4) the potential alternatives that would mitigate potential privacy losses or potential costs to consumers. 11 USC 332 (2006). 1
5 Case KG Doc 142 Filed 09/23/15 Page 5 of 23 Summary of Findings and Recommendation 5. It is the Consumer Privacy Ombudsman s understanding that Debtors Haggen Opco South, LLC, Haggen Opco North, LLC and Haggen, Inc. ( Debtors ) seek to transfer certain pharmaceutical prescription information (outlined below) to Albertson s LLC and Safeway Inc. (collectively, the Purchasers ). Data Points Collected by Debtor 6. It is the Consumer Privacy Ombudsman s understanding that Debtors collected the following information: a. Information that is either personally identifiable on its own, or is rendered personally identifiable when combined, including: name, mailing address, address, phone, birth date, payment and billing information; b. Information pertaining to an individual s medical prescription(s), including the name of the drug, dosage and physician; 7. Debtors collected personally identifiable information ( PII ) as defined by Section 101(41A) of the Bankruptcy Code The PII collected by Debtors also falls under the definition of protected health information ( PHI ) as stipulated by the Health Insurance Portability and Accountability Act 4 [P]ersonally identifiable information means (A) if provided by an individual to the debtor in connection with obtaining a product or a service from the debtor primarily for personal, family, or household purposes (i) the first name (or initial) and last name of such individual, whether given at birth or time of adoption, or resulting from a lawful change of name; (ii) the geographical address of a physical place of residence of such individual 11 U.S.C. 101(41A) (2006). 2
6 Case KG Doc 142 Filed 09/23/15 Page 6 of 23 of 1996 ("HIPAA"), and the regulations published pursuant hereto, as amended from time to time. 5 The Privacy Ombudsman will use the term PHI throughout this Report to refer to all personally identifiable customer prescription data that Debtors seek to transfer pursuant to this proceeding. Debtors Privacy Representations 9. Debtors collected, maintained and used the PHI collected pursuant to a written notice of privacy practices that limits or restricts the transfer of such assets. Privacy Ombudsman s Recommendations 10. The Privacy Ombudsman s recommendation hinges on whether Purchasers meet the definition of a Qualified Buyer. A Qualified Buyer means an entity that: (i) concentrates in the same business and market as Debtors; (ii) expressly agrees to be Debtors successor-in-interest as to the customer information; (iii) agrees to be responsible for any violation of that policy following the date of purchase; and (iv) shall not disclose, sell, or transfer customers PHI to any third party in a manner inconsistent with Debtors Privacy Policy. 11. Based on the foregoing, the Ombudsman respectfully submits the following recommendations to the Court: 12. If Purchasers agree in writing to meet the definition of Qualified Buyer, the Court should approve the transfer of consumer information, including Patient PHI from Debtors to 5 Pub. L As defined by HIPAA, PHI includes any individually identifiable health information. Identifiable refers not only to data that is explicitly linked to a particular individual (that's identified information). It also includes health information with data items that reasonably could be expected to allow individual identification. 45 C.F.R. Part 164, Subpart E Privacy of Individually Identifiable Health Information. 3
7 Case KG Doc 142 Filed 09/23/15 Page 7 of 23 that Purchaser, provided that; a. Purchaser agrees to be bound and meet the standards established by Debtors Privacy Policies (e.g., the NPP); b. Debtors and Purchasers agree to provide notice of the sale transaction on the Purchasers and Debtors respective Websites. c. Debtors agree to post a notice at each pharmacy involved in a sale transaction in accordance with applicable state law advising the individuals of the transfer of their prescriptions and their right to request the transfer of their prescriptions and PHI to a pharmacy of their choice; and d. Debtors further agree to include on their telephone answering systems a message to notify customers that the pharmacy is closing and their prescriptions are being transferred as of a certain date, advising them of the name, address and phone number of the receiving pharmacy, and advising them of their right to request the transfer of their prescriptions and PHI to a pharmacy of their choice. Applicable Consumer Privacy and Data Protection Laws 13. In the United States, the privacy of consumers personally identifiable information is primarily regulated by the Federal Trade Commission ( FTC ) under the FTC Act, the Children s Online Privacy Protection Act of 1998 ( COPPA ), and the Gramm- Leach-Bliley Act ( GLBA ). The privacy of consumers personally identifiable health information is regulated by the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ), the Health Information Technology for Economic and Clinical Health Act (the "HITECH Act") and various regulations promulgated under those laws. 4
8 Case KG Doc 142 Filed 09/23/15 Page 8 of 23 U.S. Laws 14. The Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) - HIPAA is the federal law that establishes standards for the privacy and security of health information, as well as standards for electronic data interchange of health information. 6 HIPAA was enacted to address a number of issues in the healthcare field, including the promulgation of rules to ensure the privacy and security of patient medical information. 15. The U.S. Department of Health and Human Services ( HHS ) issued the Privacy Rule to implement the requirements outlined in HIPAA. The information regulated by the Privacy Rule is individuals health information - called protected health information ( PHI ), and organizations subject to the Privacy Rule are referred to as Covered Entities. The Privacy Rule also sets standards to help individuals to understand and control how their health information is used. 16. Covered Entities are defined as health plans, health care providers, and health care clearinghouses. Debtors are health care providers and are accordingly a Covered Entity under HIPAA. 17. Under HIPAA, PHI includes any individually identifiable health information. 7 The term individually identifiable refers to data that is explicitly linked to a particular individual (including health information) with data that reasonably could be expected to allow individual identification. 6 Health Insurance Portability and Accountability Act of 1996, Pub. L. No C.F.R. Part 164, Subpart E Privacy of Individually Identifiable Health Information. HIPAA regulations define health information as "any information, whether oral or recorded in any form or medium created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual." 5
9 Case KG Doc 142 Filed 09/23/15 Page 9 of The HIPAA Privacy Rule requires that Covered Entities provide patients with a notice explaining the privacy practices of the Covered Entity. 8 Notice is made available by the Covered Entity and is intended to provide an explanation to patients regarding how the Covered Entity uses and discloses PHI in its possession. Debtors published Notice of Privacy Practices ( NPP ) is attached as Exhibit A. As disclosed in the notice, Covered Entities may use PHI, and in some cases disclose PHI, for three basic functions: (i) treatment, (ii) payment, (iii) and healthcare operations. 19. For example, a doctor may access a patient s hospital records in the course of providing medical care to the patient ( Treatment ); the doctor can send records to a health insurer to document a claim for payment ( Payment ); and the doctor can make patient records available to a quality assurance reviewer ( Healthcare Operations ), all based on the terms of the Notice of privacy practices provided by the doctor, but without a specific authorization from the patient Healthcare operations is perhaps the broadest of the three functions. Its definition includes specific examples of activities such as; conducting quality assessment and improvement, conducting peer review, engaging in underwriting and premium rating, and conducting credentialing and re-credentialing of health care providers. Interspersed among these specific examples are vague catchall phrases, such as related functions, and generalized categories such as business management and general administrative activities. 21. While HIPAA does not directly provide for the transfer of PHI pursuant to a bankruptcy proceeding, the HITECH Act (discussed below) does address such transfers C.F.R C.F.R
10 Case KG Doc 142 Filed 09/23/15 Page 10 of The HITECH Act - Title XIII of the American Recovery and Reinvestment Act of 2009, the Health Information Technology for Economic and Clinical Health Act (the "HITECH Act") 10 applies to Covered Entities, including pharmacies. Under the HITECH Act, a Covered Entity may not receive direct or indirect remuneration in exchange for the disclosure of PHI unless the Covered Entity had obtained an authorization consistent with The HITECH Act s Omnibus Rule permits the disclosure of PHI without a prior written authorization under certain circumstances. For example, when a Covered Entity seeks to transfer PHI pursuant to a sale, transfer, merger or consolidation with another Covered Entity, written consent of a consumer is not required. 11 The proposed sale of Debtors customer PHI is therefore permitted under applicable medical privacy law. 24. However, the analysis does not end there as the proposed sale raises an issue about whether the resulting transfer of PHI would violate Debtors Notice of Privacy Practices and by extension, violate Section 5 of the FTC Act. 25. The FTC Act - Section 5 of the FTC Act declares unfair or deceptive practices in commerce as unlawful. 12 To determine whether section 5 s prohibition against deception has been violated, the FTC will first identify what express claims, and implied claims, have been made by a company. 13 An express claim refers to a factual assertion made in an C.F.R C.F.R USC 45 (2006). 13 FTC Policy Statement on Deception, appended to Cliffdale Associates, Inc., 103 FTC 110, 174 (1984), available at (last viewed July 18, 2009). 7
11 Case KG Doc 142 Filed 09/23/15 Page 11 of 23 advertisement or promotion or other publicly available statement such as a corporate policy. An implied claim refers to the net impression conveyed by all elements of a company s policies or statements including an evaluation of such factors as the entire document, the juxtaposition of various phrases in the document, the nature of the claim, and the nature of the transactions. Section 5 is violated when an express or implied claim is likely to affect a consumer s choice of or conduct regarding a product and is likely to mislead reasonable consumers under the circumstances. 14 In addition, an act or practice may be considered unfair if it causes, or is likely to cause, substantial injury to consumers that is not outweighed by countervailing benefits to consumers or competition and is not reasonably avoidable by consumers The FTC has explicitly applied section 5 s prohibitions against deceptive acts and practices to corporate privacy statements made on the Internet and elsewhere in more than a dozen consent orders. 16 Debtors Notice of Privacy Practices promises that Debtors will not 14 Id. 15 See generally FTC Policy Statement on Unfairness, appended to International Harvester Co., 104 FTC 949, 1070 (1984) available at (last viewed July 18, 2009). 16 See, e.g., United States v. ChoicePoint, Inc., Stipulated Final Judgment and Order (N.D. Ga. 2006) available at (last viewed July 18, 2009); In the Matter of Vision I Properties d/b/a CartManager International, Agreement Containing Consent Order (FTC 2004) available at (last viewed July 18, 2009); In the Matter of Petco Animal Supplies, Inc., Decision and Order (FTC 2005) available at (last viewed July 18, 2009); In the Matter of Gateway Learning Corp., Decision and Order (FTC 2004) available at (last viewed July 18, 2009); In the Matter of Tower Records, Decision and Order (FTC 2004) available at (last viewed July 18, 2009); In the Matter of Guess?, Inc. and Guess.com, Inc., Decision and Order (FTC 2003) available at (last viewed July 18, 2009); In the Matter of Educational Research Center of America, Inc and Student Marketing Group, Inc., Decision and Order (FTC 2002) available at (last viewed July 18, 2009); In the Matter of the National Research Center for College and University Admissions, Inc., Decision and Order, (FTC 2003) available at (last viewed July 18, 2009); In the Matter of Microsoft Corporation, Decision and Order (FTC 2002); In the Matter of Eli Lilly and Company, Decision and Order (FTC 2002) available at (last viewed July 18, 2009); FTC v. 8
12 Case KG Doc 142 Filed 09/23/15 Page 12 of 23 sell the PHI of its customers without written authorization. Thus, while the proposed sale of information here is likely to be in accordance with HIPAA, it may violate Section 5 of the FTC Act. 27. Although it does not address consumer privacy in the context of the bankruptcy of a healthcare provider, The FTC s order against Toysmart may be helpful here, as it brought about the Privacy Policy Enforcement in Bankruptcy Act 17 ( PPEBA ) that now requires the appointment of the privacy ombudsman. 28. Toysmart - A casualty of the bursting of the Dot-Com bubble, Toysmart.com ( Toysmart ) had been engaged in the advertising, promotion, and sale of toys on the Internet. 18 In the course of doing business, Toysmart collected information from its customers, including, among other things, its customers names, addresses, billing information, and shopping preferences. Toysmart s website included a privacy policy which assured customers that Toysmart never shared [its customers PII] with a third party When Toysmart sought to sell the PII of its customers as part of its Plan of Liquidation, in direct contravention of its privacy policy, the FTC charged Toysmart with engaging in a deceptive trade practice, in violation of Section 5 of the FTC Act, 20 and with violating COPPA, because its customer data included the PII of children under the age of 13. Reverseauction.com, Inc., Decision and Order (FTC 2000) available at (last viewed July 18, 2009); In the Matter of Liberty Financial Co., Decision and Order (FTC 1999) available at (last viewed July 18, 2009); In the Matter of Geocities, Decision and Order (FTC 1999) available at (last viewed July 18, 2009) U.S.C. 332, 363(b) (2005). 18 See First Amended Complaint, Civil Action No at 6 (D. Mass. 2000) available at (last viewed July 18, 2009). 19 Id. at U.S.C. 45 et seq. 9
13 Case KG Doc 142 Filed 09/23/15 Page 13 of Although the FTC entered into a Stipulation and Settlement that would enable Toysmart to sell its customers PII under certain conditions, forty-six (46) States Attorneys General (and two of the FTC s own commissioners) objected, arguing that never (in Toysmart s privacy policy) should mean never and that Toysmart should not be permitted to sell its customers PII under any circumstances Ultimately, Toysmart withdrew the sale, and one of its equity owners, Disney, paid $50,000 for the data and had the data destroyed. Despite this unhappy conclusion for Toysmart, the terms of the Stipulation and Settlement into which it had entered with the FTC established the criteria to determine the propriety of the transfer of customer PII assets in a bankruptcy proceeding, where the privacy policy does not address that situation. 32. The Stipulation and Settlement provided that Toysmart s customers PII would be sold only to a Qualified Buyer, an entity that (a) concentrates in the same business and market as Toysmart; (b) expressly agrees to be Toysmart s successor-in-interest as to the customer information; (c) agrees to be responsible for any violation of that policy following the date of purchase; (d) will use the PII only to fulfill customer orders and to personalize customers experience on the website; and (e) shall not disclose, sell, or transfer customers PII to any third party without giving the customers notice and an opportunity to opt-in to the transfer Applicability of the Privacy Policy Enforcement in Bankruptcy Act ( PPEBA ) - Some have argued that the intent of Congress was for existing privacy law such as HIPAA, 21 The States objections rested primarily upon their own mini-ftc Acts, which prohibited deceptive acts or practices. 22 See Stipulation and [Proposed] Order Establishing Conditions on Sale of Customer Information, Civil Action No (Bkr. D. Mass. 2000) available at (last viewed July 18,
14 Case KG Doc 142 Filed 09/23/15 Page 14 of 23 rather than Section 332 of The Bankruptcy Code to address privacy issues pertaining to protected health information. 23 And it is certainly true that the initial impetus for Section 332 was to address privacy in sectors that were relatively unregulated. 34. However, the Privacy Ombudsman notes that HIPPA was enacted to set a minimum standard for privacy practices in the healthcare sector. Debtors Notice of Privacy Practices exceed those standards by further promising Debtors customers that Debtors would not sell its customer PHI without written authorization. 24 But for that promise, the contemplated transfer from one Covered Entity to another Covered Entity would be straightforward. However, an analysis of Debtors Notice of Privacy Practices raises issues under Section 5 of the FTC Act. Accordingly, the Privacy Ombudsman believes that the Court should utilize the guidelines created as a result of the Toysmart Stipulation and Settlement to evaluate Debtor s proposed sale of customer PHI. Applicable State Laws 35. The preemption provisions in HIPAA significantly impact many individual state medical privacy laws, including many of the laws of Arizona, California and Oregon. Both the HIPAA and HITECH preemption provisions generally provide that a Federal law standard will preempt a contrary state law relating to privacy of health information unless the state law is more stringent than the HIPAA, as the case may be. More stringent means that the state law is more restrictive as to a use or disclosure, or more expansive as to the 23 See RECURRENT AND DEVELOPING ISSUES ENCOUNTERED IN SALES PURSUANT TO SECTION 363 OF THE BANKRUPTCY CODE State Bar of Texas ADVANCED BUSINESS BANKRUPTCY CONFERENCE May 1-2, ( last visited on May 17, 2010.) 24 Section IV.B of Debtors Notice of Privacy Practices promises that Debtors will not make any disclosure of Protected Health Information that is a sale of Protected Health Information without your written authorization. (See Exhibit A). 11
15 Case KG Doc 142 Filed 09/23/15 Page 15 of 23 rights of individuals to access or amend their own information. 36. Neither Arizona, California, nor Oregon s medical privacy law specifically address the transfer of patient information pursuant to a bankruptcy proceeding. Accordingly, the laws of those states do not apply to the proposed transfer of Debtors customer PHI. Non-U.S. Laws 37. All PHI subject to transfer here was obtained in, and stored within the U.S. Accordingly, the applicable nonbankruptcy law 25 does not include the data protection laws of non-u.s. countries. The Debtors Website Privacy Policies and Practices 38. Debtors Notice of Privacy Practices ( NPP ) promised Debtors customers that Debtors will not make any disclosure of Protected Health Information that is a sale of Protected Health Information without your written authorization. 26 In other words, a reasonable person reading Debtors NPP would conclude that his PHI would not be sold without written consent. Application of Law and Privacy Standards 39. It is certainly true that the initial impetus for Section 332 was to address privacy in sectors that were relatively unregulated. 40. However, the Privacy Ombudsman notes that HIPPA was enacted to set a minimum standard for privacy practices in the healthcare sector. Debtors Notice of USC 363(b)(1)(B)(ii) (2006) 26 See Exhibit A, Section IV.B. 12
16 Case KG Doc 142 Filed 09/23/15 Page 16 of 23 Privacy Practices exceed those standards by further promising Debtors customers that Debtor would not sell its customer PHI without written authorization. 27 But for that promise, the contemplated transfer from one Covered Entity to another Covered Entity would be straightforward. However, an analysis of Debtors Notice of Privacy Practices raises issues under Section 5 of the FTC Act. Accordingly, the Privacy Ombudsman believes that the Court should utilize the guidelines created as a result of the Toysmart Stipulation and Settlement to evaluate Debtor s proposed sale of customer PHI. Additional Factors to Be Considered 41. In addition to the guidelines created as a result of the Toysmart Stipulation and Settlement, Bankruptcy Code Section 332 suggests at least four factors as to which the Ombudsman may inform the Court: (a) Debtors privacy policy; (b) potential losses or gains of privacy to consumers if a sale is approved; (c) the potential costs or benefits to consumers if such sale is approved; and (d) potential alternatives that would mitigate potential privacy losses or potential costs to consumers Debtors Privacy Policies - As discussed above, all of the PHI at issue here was collected pursuant to Debtors Notice of Privacy Practices which did restrict the transfer of information collected. 43. Potential Losses or Gains of Privacy if the Sale is Approved The Privacy Ombudsman does not want to understate the potential risk whenever PHI is transferred from one entity to another. However, such risk here is mitigated by the fact that Purchasers have 27 Section IV.B of Debtors Notice of Privacy Practices promises that Debtors will not make any disclosure of Protected Health Information that is a sale of Protected Health Information without your written authorization. (See Exhibit A) U.S.C
17 Case KG Doc 142 Filed 09/23/15 Page 17 of 23 stipulated to be a Qualified Buyer as defined under the Toysmart Stipulation and Settlement and would thus be subject to certain restrictions. 44. Potential Costs or Benefits to Consumers The Privacy Ombudsman strongly believes that providing ongoing medical treatment and maintaining access to prescription records are significant benefits. The responsible transfer of PHI from Debtors to Purchasers here will meet customer expectations, and provide the best possible chance of continued pharmacy service for Debtors customers. 45. Mitigating Potential Losses Debtors customers should be provided with multiple notices of the change in ownership and choice regarding how their PHI is utilized and where their prescriptions are filled going forward. The specific proposed requirements with respect to Debtors proposed transfer are set forth below. Recommendations 46. Based on the foregoing, the Ombudsman respectfully submits the following recommendations to the Court. 47. If Purchasers agree in writing to meet the definition of Qualified Buyer, the Court should approve the transfer of consumer information, including Patient PHI from Debtors to that Purchaser, provided that; a. Purchaser agrees to be bound and meet the standards established by Debtors Privacy Policies (e.g., the NPP); b. Debtors and Purchasers agree to provide notice of the sale transaction on the Purchasers and Debtors respective Websites. 14
18 Case KG Doc 142 Filed 09/23/15 Page 18 of 23 c. Debtors agree to post a notice at each pharmacy involved in a sale transaction in accordance with applicable state law advising the individuals of the transfer of their prescriptions and their right to request the transfer of their prescriptions and PHI to a pharmacy of their choice; and d. Debtors further agree to include on their telephone answering systems a message to notify customers that the pharmacy is closing and their prescriptions are being transferred as of a certain date, advising them of the name, address and phone number of the receiving pharmacy, and advising them of their right to request the transfer of their prescriptions and PHI to a pharmacy of their choice. Dated: September 23, s Alan Chapell ALAN CHAPELL 15
19 Case KG Doc 142 Filed 09/23/15 Page 19 of 23!! EXHIBIT!A!
20 Case KG Doc 142 Filed 09/23/15 Page 20 of 23
21 Case KG Doc 142 Filed 09/23/15 Page 21 of 23
22 Case KG Doc 142 Filed 09/23/15 Page 22 of 23
23 Case KG Doc 142 Filed 09/23/15 Page 23 of 23
Case LMI Doc 427 Filed 07/29/15 Page 1 of 53
Case 15-16885-LMI Doc 427 Filed 07/29/15 Page 1 of 53 UNITED STATES BANKRUPTCY COURT SOUTHERN DISTRICT OF FLORIDA MIAMI DIVISION www.flsb.uscourts.gov IN RE: CHAPTER 11 ADINATH CORP. SIMPLY FASHION STORES,
More informationARTICLE 1. Terms { ;1}
The parties agree that the following terms and conditions apply to the performance of their obligations under the Service Contract into which this Exhibit is being incorporated. Contractor is providing
More informationUSE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.
PRIVACY 3.0 USE AND DISCLOSURE REQUIRING AUTHORIZATION Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect
More informationNorth Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13
North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: HIPAA Marketing and Sale of Protected Health Information Policy ADMINISTRATIVE POLICY AND PROCEDURE MANUAL POLICY #: 800.43 System Approval
More informationLimited Data Set Data Use Agreement For Research
Limited Data Set Data Use Agreement For Research This Data Use Agreement is dated,, and is between the ( Recipient ) and University of Miami, ( Covered Entity ). This Data Use Agreement is made in accordance
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationSUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT
SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (Revised on March 1, 2016) THIS HIPAA SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into on (the Effective Date ), by and between ( EMR ),
More informationHIPAA AND LANGUAGE SERVICES IN HEALTH CARE 1
1101 14th St NW, Suite 405 Washington, DC 20005 (202) 289-7661 Fax (202) 289-7724 HIPAA AND LANGUAGE SERVICES IN HEALTH CARE 1 In 1996, the Health Insurance Portability and Accountability Act (HIPAA) became
More informationHIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017
HIPAA & HITECH Privacy & Security Volunteer Annual Review 2017 HIPAA In 1996, state and federal governments enacted protection for patient health information by signing into law the Health Insurance Portability
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into on the Effective Date of the Azalea Health Software as a Service Agreement and/or Billing Service Provider
More informationBUSINESS ASSOCIATE AGREEMENT
PREVIEW VERSION ONLY This Business Associate Agreement (BAA) is made available for preview purposes only. It is indicative of the BAA that will be presented through the online user interface for acceptance
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2018 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled
More informationPharmaceutical Regulatory and Compliance Congress
Pharmaceutical Regulatory and Compliance Congress Dean Forbes, Esq. Director of Corporate Privacy Global Compliance and Business Practices November 16, 2004 1 IPPC What is the IPPC? The International Pharmaceutical
More informationCase Doc 495 Filed 11/07/17 Entered 11/07/17 17:11:37 Desc Main Document Page 1 of 48 UNITED STATES BANKRUPTCY COURT DISTRICT OF NORTH DAKOTA
Document Page 1 of 48 UNITED STATES BANKRUPTCY COURT DISTRICT OF NORTH DAKOTA In re VANITY SHOP OF GRAND FORKS, INC., Case No.: 17-30112 Chapter 11 Debtor. / CONSUMER PRIVACY OMBUDSMAN S REPORT Luis Salazar
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS
HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS This HIPAA Business Associate Agreement ( BAA ) is entered into on this day of, 20 ( Effective Date ), by and between Allscripts
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, Inc., a clearinghouse Covered Entity under HIPAA, providing
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationEffective Date: 08/2013
POLICY/GUIDELINE TITLE: HIPAA Marketing and Sale of Protected Health Information Policy POLICY #: 800.43 System Approval Date: 5/18/18 Site Implementation Date: 6/17/18 Prepared by: ADMINISTRATIVE POLICY
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS
COVERYS RRG, INC. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS WHEREAS, the Administrative Simplification section of the Health Insurance Portability and
More informationCase KG Doc 265 Filed 10/03/15 Page 1 of 7 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE
Case 15-11874-KG Doc 265 Filed 10/03/15 Page 1 of 7 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: Chapter 11 HAGGEN HOLDINGS, LLC, et al., 1 Case No. 15-11874 (KG Debtors. (Jointly
More informationFACT Business Associate Agreement
Policy Document #: 2.1.003 Revision: 3 Valid Date: 27June2012 Page 1 of 2 Effective Date: 27Jun2012 FACT Business Associate Agreement 1.0 Purpose The purpose of this document is to establish terms for
More informationPRIVACY STANDARDS OVERVIEW
PRIVACY STANDARDS OVERVIEW Basic Requirements What Entities Are Covered Practical Effects BASIC REQUIREMENTS A Covered Entity may not use or disclose an individual s protected health information ( PHI
More informationCase KG Doc 3962 Filed 11/12/18 Page 1 of 5 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE
Case 15-11874-KG Doc 3962 Filed 11/12/18 Page 1 of 5 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: Chapter 11 HH Liquidation, LLC, et al., 1 Case No. 15-11874 (KG Debtors. (Jointly
More informationCase BLS Doc 2148 Filed 05/16/15 Page 1 of 52
Case 15-10197-BLS Doc 2148 Filed 05/16/15 Page 1 of 52 UNITED STATES BANKRUPTCY COURT DISTRICT OF DELAWARE : In re: : Chapter 11 : RADIOSHACK CORPORATION, et al., 1 : Case No. 15-10197 (BLS) : Debtors.
More informationCase BLS Doc 2187 Filed 05/20/15 Page 1 of 3 UNITED STATES BANKRUPTCY COURT DISTRICT OF DELAWARE : : : : : : : :
Case 15-10197-BLS Doc 2187 Filed 05/20/15 Page 1 of 3 UNITED STATES BANKRUPTCY COURT DISTRICT OF DELAWARE In re RADIOSHACK CORPORATION, et al., 1 Debtors. Chapter 11 Case No. 15-10197 (BLS) (Jointly Administered)
More informationCase: jtg Doc #:498 Filed: 07/19/17 Page 1 of 35 UNITED STATES BANKRUPTCY COURT FOR THE WESTERN DISTRICT OF MICHIGAN
Case:17-00612-jtg Doc #:498 Filed: 07/19/17 Page 1 of 35 UNITED STATES BANKRUPTCY COURT FOR THE WESTERN DISTRICT OF MICHIGAN In re MICHIGAN SPORTING GOODS DISTRIBUTORS, INC., Debtor. / Chapter 11 Bankruptcy
More informationHIPAA s Medical Privacy Standards:
HIPAA s Medical Privacy Standards: The Long and Really Winding Road Michael D. Bell, Esq. Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Washington, D.C. (202) 434-7481 mbell@mintz.com The Health
More informationOregon Healthcare Quality Reporting System Participating Provider Organization Portal Access Agreement
Oregon Healthcare Quality Reporting System Participating Provider Organization Portal Access Agreement Oregon Health Care Quality Corporation ( Quality Corp ) is the sponsoring organization for the Oregon
More informationThe American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again
ClientAdvisory The American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again February 26, 2009 On February 17, 2009, President Obama signed into
More informationGeorgia Health Information Network, Inc. Georgia ConnectedCare Policies
Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Version History Effective Date: August 28, 2013 Revision Date: August 2014 Originating Work Unit: Health Information Technology Health
More informationBusiness Associate Agreement RECITALS AGREEMENT
Business Associate Agreement Read the Business Associate Agreement and sign electronically or download, print, and sign. Completed form may be uploaded to Provider Portal, faxed to Janssen CarePath at
More informationPrivacy in Health Care
Privacy in Health Care Standards for Privacy of Individually Identifiable Health Information: Final Rule June, 2001 U.S. Department of Health and Human Services Section 264 of HIPAA Call for recommendations
More informationCase KG Doc 3794 Filed 08/20/18 Page 1 of 9 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE
Case 15-11874-KG Doc 3794 Filed 08/20/18 Page 1 of 9 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: Chapter 11 HH Liquidation, LLC, et al., 1 Case No. 15-11874 (KG Debtors. (Jointly
More informationOMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS
OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT Effective Date: September 23, 2013 RECITALS WHEREAS a relationship exists between the Covered Entity and the Business Associate that performs certain functions
More informationELECTRONIC MEDICAL RECORD ACCESS AGREEMENT
ELECTRONIC MEDICAL RECORD ACCESS AGREEMENT This Agreement is made this day of, 2018 ( Effective Date ), by and between Saint Elizabeth Medical Center, Inc. dba St. Elizabeth Healthcare, a Kentucky non-profit
More informationTEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement (this BA Agreement ) is made and entered into by ( Provider ), a, located at, and Texas Southern University, an agency and institution of higher education established
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT
Attachment G HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) Compliance This HIPAA Business Agreement
More informationTexas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300
Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More informationTHE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES
THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES Effective: November 8, 2012 Terms used, but not otherwise defined, in this Policy and Procedure have
More informationAGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION
AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION THIS AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION ( PHI ) ( Agreement ) is entered into between The Moses H. Cone Memorial Hospital Operating
More informationBusiness Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)
Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into by and between Washington Dental Service
More informationHIPAA and ProAssurance
HIPAA and ProAssurance The ProAssurance Companies, along with our legal counsel, have reviewed the Health Insurance Portability And Accountability Act of 1996, and its implementing regulations (collectively,
More informationBUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)
BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) This HIPAA Business Associate Agreement ( Agreement ) is entered into this day of, 20, by and between
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationSUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM
SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM This Subcontractor Business Associate Addendum (the Addendum ) is entered into this day of, 20, by and between the University of Maine System, acting through the
More informationBanks and the Privacy of Medical Information
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Health Policy Institute Georgetown University 202-687 687-0880 Public Concerns 95% adult Americans do not want banks
More informationTerms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and
This Business Associate Addendum, effective April 1, 2003, is entered into by and between Guilford County and/or Guilford County Department of Social Services and/or Guilford County Department of Public
More informationFifth National HIPAA Summit West
Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for
More informationImplementing the Obligations of the Gramm-Leach-Bliley Act The NAIC Model for State Privacy Regulation
Implementing the Obligations of the Gramm-Leach-Bliley Act The NAIC Model for State Privacy Regulation This memorandum provides an analysis of the provisions of the National Association of Insurance Commissioners
More information* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name
INVACARE CORPORATION New Customer Change of Ownership Customer Credit Application *Legal Name of Business Trade Name (DBA) *Billing Address: Shipping Address (if different): *Federal Tax ID # * # of Years
More informationNew HIPAA-HITECH Proposed Regulations Issued
July 2010 New HIPAA-HITECH Proposed Regulations Issued On Thursday July 14, 2010, the Department of Health and Human Services (HHS) published proposed regulations in the Federal Register on many provisions
More informationELA Settlement Services, LLC Data Collection Form
ELA Settlement Services, LLC Data Collection Form Complete the following forms, and mail, fax or email with any relevant documents to: ELA Settlement Services 1435 Morris Ave. P.O. Box 3137 Union, NJ 07083
More informationCase LSS Doc 412 Filed 10/28/16 Page 1 of 25 UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE : : : : : Debtors.
Case 16-12033-LSS Doc 412 Filed 10/28/16 Page 1 of 25 UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: GOLFSMITH INTERNATIONAL HOLDINGS INC. et al., Debtors. : : : : : Chapter 11 Case
More informationHIPAA Notice of Privacy Practices
HIPAA Notice of Privacy Practices THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This HIPAA Notice
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is by and between You, the Covered Entity ( Covered Entity ), and Paubox, Inc. ( Business Associate ). This BAA is effective
More informationCOVERED TRANSACTION means a Transaction for which the Secretary has adopted a standard under HIPAA.
UNIVERSITY OF MAINE SYSTEM HIPAA POLICY #1 DEFINITIONS Unless otherwise provided herein, capitalized terms shall have the same meaning as set forth in HIPAA, as amended, and its implementing regulations,
More informationSAFE DESTRUCTION OF DOCUMENTS
SAFE DESTRUCTION OF DOCUMENTS Federal and State Requirements for Proper Disposal of Information Contained in Consumer Reports OVERVIEW With the growth in popularity for organizations to utilize electronic
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationBUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( this Agreement ) is made and entered into as of this day of 2015, by and between TIDEWELL HOSPICE, INC., a Florida not-for-profit corporation,
More informationPATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS
PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationAlfred University Effective Date: January 1, 2019
Alfred University Effective Date: January 1, 2019 1 Saxon Drive, Alfred NY 14802 HIPAA Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Agreement is by and between The Health Plan ( Plan ) and Priority Health Managed Benefits, Inc., a Michigan Third Party Administrator ( Business Associate
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More informationCase KG Doc 426 Filed 10/14/15 Page 1 of 13 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE
Case 15-11874-KG Doc 426 Filed 10/14/15 Page 1 of 13 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: Chapter 11 HAGGEN HOLDINGS, LLC, et al., 1 Case No. 15-11874 (KG Debtors.
More informationAMWELL GROUP PRACTICE AGREEMENT
AMWELL GROUP PRACTICE AGREEMENT This Amwell Group Practice Agreement ( Agreement ) is a binding document between you (meaning the individual person or the entity that the individual represents that has
More informationThe Gramm-Leach-Bliley Act and its Impact on the Discovery of Customer Lists and Policyholder Files. By Edgar M. Elliott, IV
The Gramm-Leach-Bliley Act and its Impact on the Discovery of Customer Lists and Policyholder Files By Edgar M. Elliott, IV In November 1999, Congress enacted the Federal Financial Modernization Act, better
More informationEffective Date: March 23, 2016
AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revised: September 23, 2013 Version: 04142003.2 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
More informationOmnibus Rule: HIPAA 2.0 for Law Firms
Omnibus Rule: HIPAA 2.0 for Law Firms Introduction On January 25, 2013, the U.S. Department of Health and Human Services (HHS) issued the muchanticipated Omnibus Rule 1 finalizing changes to the HIPAA
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ), is between Birch Family Services, Inc., a New York not-for-profit corporation ( Covered Entity ) and ( Business Associate
More informationHIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationHIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school
ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes
More informationIHDE BUSINESS ASSOCIATE AGREEMENT (BAA)
IHDE BUSINESS ASSOCIATE AGREEMENT (BAA) This Business Associate Agreement (BAA) is entered into by and between the Covered Entity aka. Data Provider/User, (please enter name of organization) and the Business
More informationEmma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements
POLICY INFORMATION Document # 900 Revision # 1.0 Safeguard: Administrative Title: Business Associate Agreements Prepared by: J. Black Approved by: Dean Beth E. Foley Print Date: 8/29/2016 Date Prepared:
More informationGUIDE TO PATIENT PRIVACY AND SECURITY RULES
AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into this day of, 20, by and between ( Covered Entity ) and the University of Maine System, acting through the
More informationRecord Management & Retention Policy
POLICY TYPE: Corporate Divisional EFFECTIVE DATE: INITIAL APPROVAL DATE: NEXT REVIEW DATE: POLICY NUMBER: May 15, 2010 May - 2010 March 2015 REVISION APPROVAL DATE: 5/10, 3/11, 5/12, 9/13, 4/14, 11/14
More informationLICENSE AGREEMENT. Security Software Solutions
LICENSE AGREEMENT Security Software Solutions VERIS ACTIVE ID SERVICES AGREEMENT between Timothy J. Rollins DBA Security Software Solutions, having an office at 5215 Sabino Canyon Road and 4340 N Camino
More informationGROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT
GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT This Agreement, made between Group Health Inc., having its principal office at 55 Water Street, New York, NY 10041 ("GHI"), and, having its principal office
More informationNETWORK PARTICIPATION AGREEMENT
NETWORK PARTICIPATION AGREEMENT THIS NETWORK PARTICIPATION AGREEMENT ( Agreement ) is entered into on the date(s) indicated below, by and between the undersigned physician (hereinafter Physician ; and
More informationUNITED WORKERS HEALTH FUND 50 CHARLES LINDBERGH BLVD. SUITE 207 UNIONDALE, NY 11553
UNITED WORKERS HEALTH FUND 50 CHARLES LINDBERGH BLVD. SUITE 207 UNIONDALE, NY 11553 Tel: 516-740-5325 tnl@dickinsongrp.com Fax: 516-740-5326 REVISED NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW
More informationHIPAA BUSINESS ASSOCIATE ADDENDUM
HIPAA BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( BAA ) is made between Cognito, LLC., a South Carolina corporation ( Cognito Forms ) and {OrganizationLegalName} ( Covered Entity or
More informationUNITED STATES OF AMERICA BUREAU OF CONSUMER FINANCIAL PROTECTION
2019-BCFP-0002 Document 1 Filed 01/23/2019 Page 1 of 26 UNITED STATES OF AMERICA BUREAU OF CONSUMER FINANCIAL PROTECTION ADMINISTRATIVE PROCEEDING File No. 2019-BCFP-0002 In the Matter of: CONSENT ORDER
More informationCOMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM
APPENDIX J Rev dated 11/24/2014 COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM WHEREAS, the Pennsylvania Department of Human Services (Covered Entity) and Contractor (Business Associate) intend
More informationBREACH NOTIFICATION POLICY
PRIVACY 2.0 BREACH NOTIFICATION POLICY Scope: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities ( Facilities
More informationCOLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT
COLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT THIS COLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT ("Agreement") made and entered into this day of, 20 by and between [COVERED ENTITY/HEALTHCARE
More informationBusiness Associate Agreement For Protected Healthcare Information
Business Associate Agreement For Protected Healthcare Information This Business Associate Agreement ( Agreement ) is entered into this 24th day of February 2017, between PRACTICE-WEB, Inc., a California
More informationO n Jan. 25, 2013, the U.S. Department of Health
Life Sciences Law & Industry Report Reproduced with permission from Life Sciences Law & Industry Report, 07 LSLR 220, 02/22/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into this 22 nd day of September, 2014 ( Effective Date ), by and between Customer_Name with a place of business
More informationUNIVERSITY POLICY. Access of Individuals to Their Protected Health Information. Adopted: 01/23/2003 Reviewed: 3/11/2016
UNIVERSITY POLICY Policy Name: Access of Individuals to Their Protected Health Information Section #: 100.1.4 Section Title: HIPAA Policies Approval Authority: Responsible Executive: Responsible Office:
More informationPartnership & Corporation Professional Liability Application
Partnership & Corporation Professional Liability Application Producer Name Address Telephone Medical Professional Mutual Insurance Company ProSelect Insurance Company ProSelect National Insurance Company
More informationFEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.
FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) In the Matter of ) ) CONSENT ORDER, ORDER CROSS RIVER BANK ) FOR RESTITUTION, AND TEANECK, NEW JERSEY ) ORDER TO PAY ) CIVIL MONEY PENALTY ) (INSURED
More informationOmnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule
Office of the Secretary Office for Civil Rights () HIPAA/HITECH Omnibus Final Rule April 12, 2013 HHS Office for Civil Rights Omnibus Components Final Rule on HITECH Privacy, Security, & Enforcement Provisions
More informationNATIONAL INVITATIONAL CAMP, INC. AUTHORIZATION FOR USE AND DISCLOSURE OF RECORDS AND INFORMATION
ONLINE APPENDIX C: COMBINE WAIVERS NATIONAL INVITATIONAL CAMP, INC. AUTHORIZATION FOR USE AND DISCLOSURE OF RECORDS AND INFORMATION Name: D.O.B.: Address: City: State: Zip: 1. Persons/Entities Authorized
More information2016 Business Associate Workforce Member HIPAA Training Handbook
2016 Business Associate Workforce Member HIPAA Training Handbook Using the Training Handbook The material in this handbook is designed to deliver required initial, and/or annual HIPAA training for all
More informationManifest MedEx Participant Policies and Procedures TABLE OF CONTENTS
Manifest MedEx Participant Policies and Procedures 7-28-17 TABLE OF CONTENTS GLOSSARY OF DEFINED TERMS... 2 PP-1 MX POLICIES: OPENNESS, TRANSPARENCY AND PRIVACY... 8 PP-2 PARTICIPANT TYPE... 9 PP-3 PERMITTED
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this Agreement ) is made effective as of the of, (the Effective Date ), by and between day hereafter referred to as ( Business Associate
More information