Limited Data Set Data Use Agreement For Research

Similar documents
SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

UCLA Health System Data Use Agreement

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

HIPAA BUSINESS ASSOCIATE AGREEMENT

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HIPAA BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement Passport to Languages

Interpreters Associates Inc. Division of Intérpretes Brasil

BUSINESS ASSOCIATE AGREEMENT

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

HARVARD CATALYST DATA USE AGREEMENT FOR LIMITED DATA SETS

ARTICLE 1. Terms { ;1}

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES

BUSINESS ASSOCIATE AGREEMENT

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

BUSINESS ASSOCIATE AGREEMENT

UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1

BUSINESS ASSOCIATE AGREEMENT

North Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13

University of Mississippi Medical Center Data Use Agreement Protected Health Information

BUSINESS ASSOCIATE AGREEMENT

HIPAA ADDENDUM TO SERVICE AGREEMENT

ACGME BUSINESS ASSOCIATE AGREEMENT

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT

HIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

REGISTRY PARTICIPATION AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

SCHEDULE D HIPPA BUSINESS PARTNER AGREEMENT

ARTICLE 1 DEFINITIONS

HIPAA and ProAssurance

POLESTAR BENEFITS, INC. ADMINISTRATION AGREEMENT

Effective Date: 08/2013

BUSINESS ASSOCIATE AGREEMENT

Palliative Care Quality Network Membership Agreement

This form cannot act as an authorization to assign commissions. Appointment Form Only. Steps to obtain an Appointment:

Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and

HIPAA BUSINESS ASSOCIATE AGREEMENT

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

Business Associate Agreement For Protected Healthcare Information

HIPAA Business Associate Agreement

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

FACT Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

DATA TRANSMISSION SERVICES AGREEMENT

HIPAA STUDENT ASSOCIATE AGREEMENT

IHDE BUSINESS ASSOCIATE AGREEMENT (BAA)

AIUM Ultrasound Practice Accreditation Master Services Agreement & Business Associate Agreement (MSA/BAA)

HPHConnect for Providers Enrollment Form

NETWORK PARTICIPATION AGREEMENT

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name

Texas Tech University Health Sciences Center HIPAA Privacy Policies

PURCHASE ORDER TERMS AND CONDITIONS

VACCINATION SERVICES OF AMERICA, INC. D/B/A TOTALWELLNESS INDEPENDENT CONTRACTOR AND BUSINESS ASSOCIATE AGREEMENT

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement RECITALS AGREEMENT

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies

ELECTRONIC MEDICAL RECORD ACCESS AGREEMENT

AMWELL GROUP PRACTICE AGREEMENT

HIPAA BUSINESS ASSOCIATE ADDENDUM

CHRONIC CARE MANAGEMENT SERVICES AGREEMENT

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT WITH THE DOCTORS CLINIC, PART OF FRANCISCAN MEDICAL GROUP

UBMD Policy for HIPAA Compliant Subject Recruitment

2017 Copyright The Sequoia Project. All rights reserved.

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

Central Fabrication Accreditation Application

AGREEMENT TO PROVIDE ATHLETIC TRAINING SERVICES

COBRA Setup Fact Sheet for Oswald agent

Participation and HIPAA Compliance in the ACR National Radiology Data Registry

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

Producer Agreement DDWA Product means an Individual or Group dental benefits product offered by Delta Dental of Washington.

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

Privacy Regulations HIPAA-Administrative Simplification Internal Assessment

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

UPMC POLICY AND PROCEDURE MANUAL

COLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT

MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota

AGREEMENT FOR EVALUATION OF MEDICAL EQUIPMENT

UNIVERSITY OF TENNESSEE HEALTH SCIENCE CENTER INSTITUTIONAL REVIEW BOARD USE OF PROTECTED HEALTH INFORMATION WITHOUT SUBJECT AUTHORIZATION

National Water Company 2730 W Marina Dr. Moses Lake, WA AGENCY AGREEMENT

Hull & Company, LLC Tampa Bay Branch PRODUCER AGREEMENT

Payment Example 2

Human Research Protection Program (HRPP) HIPAA and Research at Brown

Transcription:

Limited Data Set Data Use Agreement For Research This Data Use Agreement is dated,, and is between the ( Recipient ) and University of Miami, ( Covered Entity ). This Data Use Agreement is made in accordance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ), the Health Information Technology for Economic and Clinical Health ( HITECH ) Act, and the final omnibus rule published in January 2013. Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in HIPAA. The parties agree as follows: 1. Background & Purpose. RECIPIENT has developed and owns a clinical data registry, containing information relating to patient treatment. The Covered Entity wishes to participate in the registry pursuant to RECIPIENT requirements with the purpose always limited to research, public health, and/or health care operations. 2. Term. The term of this Data Use Agreement will begin on the date that it is signed by both parties. RECIPIENT may use the limited data set until all of the Protected Health Information provided by Covered Entity to RECIPIENT is destroyed or returned to Covered Entity at the closure of the study by the institutional review board of record or at the termination of this Data Use Agreement, or, if it is infeasible to return or destroy such Protected Health Information, protections are extended to such information, in accordance with the termination provisions of section 7. 3. Definitions. Parties agree that the following terms, when used in this Agreement, shall have the following meanings, and that the terms set forth below shall be deemed to be modified to reflect any changes made hereafter to such terms by law or regulation. HIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191. HIPAA Regulations means the regulations promulgated under HIPAA by the United States Department of Health and Human Services, including, but not limited to, 45 C.F.R. Part 160 and 45 C.F.R. Part 164. Covered Entity means a health plan, a health care clearinghouse, or a health care provider (each as defined by HIPAA and the HIPAA Regulations) who transmits any health information in electronic form in connection with a transaction covered by the HIPAA Regulations. Individually Identifiable Health Information means information that is a subset of health information, including demographic information collected from an individual, that is; created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Protected Health Information or PHI means Individually Identifiable Health Information, except that Protected Health Information excludes Individually Identifiable Health Information in education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g, records described at 20 U.S.C. 1232g(a)(4)(B)(iv), and employment records held by a covered entity in its role as employer. 4. Preparation of the LDS. Covered Entity shall prepare and furnish to RECIPIENT a LDS in accord with the HIPAA Regulations or Covered Entity shall retain RECIPIENT as a Business Associate (pursuant to a separate Business Associate Agreement) and direct recipient, as its Business Associate, to prepare such LDS. NOTICE: This agreement is valid only if the Data do not include any of the following Prohibited Identifiers of the individual who is the subject of the Protected Health Information, or of relatives, employers or household members of the individual: names; postal address information, other than town or city, State, and zip code; telephone numbers; fax numbers; electronic mail addresses; social security numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; Web Universal Resource Locators (URLs); Internet Protocol (IP) address numbers; biometric identifiers, including finger and voice prints; and full face photographic images and any comparable images. Should any of the listed identifiers be listed, provided or otherwise disclosed, RECIPIENT shall become a Business Associate of Covered Entity and shall comply immediately with all attendant legal and regulatory requirements. 5. Obligations. A. RECIPIENT hereby agrees to fully comply with the requirements under HIPAA as applicable with respect to Limited Data Set information, including, without limitation, 45 C.F.R. 164.514, throughout the term of this Agreement. B. If Covered Entity is required by HIPAA to maintain a Notice of Privacy Policies, RECIPIENT acknowledges that it has received a copy of such notice, read and understands its terms, conditions, and hereby agrees, to the extent applicable, to comply and act in accordance with such Notice as it may be amended from time to time by Covered Entity. C. RECIPIENT shall not use or disclose individually identifiable health information ( protected health information or PHI ) other than as permitted or required by this Data Use Agreement or as required by law. D. RECIPIENT shall limit the use or receipt of the Limited Data Set to the following individuals or classes of individuals who need the Limited Data Set for the performance of the activities contemplated by this Data Use Agreement. 2

E. RECIPIENT shall use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by this Data Use Agreement. F. RECIPIENT shall report to Covered Entity any use or disclosure of protected health information not provided for by this Data Use Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware. G. RECIPIENT agrees it will fully comply with the requirements of HIPAA, any other applicable law and this Agreement with respect to such PHI; and, further, that every agent, employee, subsidiary, and affiliate of RECIPIENT to whom it provides PHI or Limited Data Set information received from, or created or received by RECIPIENT on behalf of, Covered Entity will be required to fully comply with HIPAA, and will be bound by written agreement to the same restrictions, terms and conditions as set forth in this Agreement. H. RECIPIENT shall not attempt to identify or contact any patient whose record is included in the limited data set. 6. Permitted Uses & Disclosures. A. RECIPIENT may use and disclose protected health information as necessary to carry out the Project. B. RECIPIENT may use or disclose protected health information as required by law. C. RECIPIENT may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by covered entity, except for the specific uses and disclosures set forth above. D. RECIPIENT may de-identify protected health information. 7. Termination. Covered Entity may terminate this Data Use Agreement by written notice to RECIPIENT if RECIPIENT violates this Data Use Agreement. Covered Entity shall not terminate this Data Use Agreement pursuant to this section unless Covered Entity has given RECIPIENT written notice identifying the violation, and A. Upon termination: i. RECIPIENT shall retain only that protected health information which is necessary for RECIPIENT to continue its proper management and administration or to carry out its legal responsibilities. 3

ii. RECIPIENT shall return to Covered Entity or, if agreed to by Covered Entity, destroy the remaining protected health information that RECIPIENT still maintains in any form. iii. RECIPIENT shall continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as RECIPIENT retains the protected health information. iv. RECIPIENT shall not use or disclose the protected health information retained by RECIPIENT other than for the purposes for which such protected health information was retained and subject to the same conditions set out in the section entitled Permitted Uses which applied prior to termination. v. RECIPIENT shall return to Covered Entity or, if agreed to by Covered Entity, destroy the protected health information retained by RECIPIENT when it is no longer needed by RECIPIENT for its proper management and administration or to carry out its legal responsibilities. B. The obligations of RECIPIENT under this Section entitled Termination will survive beyond the termination of this Data Use Agreement. 8. Use Or Disclosure As If Covered Entity. RECIPIENT may not use or disclose the Limited Data Set in any manner that would violate the requirements of HIPAA or the HIPAA Regulations if RECIPIENT were a Covered Entity. 9. Reporting to United States Department of Health and Human Services. If any breach or violation is not cured, and if termination of this Agreement is not feasible, Covered Entity shall report RECIPIENT s breach or violation to the Secretary of the United States Department of Health and Human Services, and RECIPIENT agrees that it shall not have or make any claim(s), whether at law, in equity, or under this Agreement, against Covered Entity with respect to such report(s). 10. Regulatory Changes. The parties agree to amend this Data Use Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law. 11. Interpretation. Any ambiguity in this Data Use Agreement shall be interpreted to permit compliance with the HIPAA Rules. 12. Injunctions. Covered Entity and RECIPIENT agree that any violation of the provisions of this Agreement may cause irreparable harm to Covered Entity. Accordingly, in addition to any other remedies available to Covered Entity at law, in equity, or under this Agreement, in the event of any violation by RECIPIENT of any of the provisions of this Agreement, or any explicit threat thereof, Covered Entity shall be entitled to an injunction or other decree of specific performance 4

with respect to such violation or explicit threat thereof, without any bond or other security being required and without the necessity of demonstrating actual damages. The parties respective rights and obligations under this Section 4.h. shall survive termination of the Agreement. 13. Indemnification. RECIPIENT shall indemnify, defend and hold harmless the Covered Entity and its respective trustees, officers, agents, employees, faculty, students or representatives from and against any and all claims, judgment, losses, penalties, fines, liabilities, actions, damages and expenses arising from any violation of this Agreement, including but not limited to the negligent or intentional act or omission of RECIPIENT, its employees, contractors, representatives, agents, or other members of its workforce with respect to their use and/or disclosure of PHI in the course of performing under this Agreement, even if the liability is not directly to the third party, but imposed as a penalty under the HIPAA Rules. The indemnification includes but is not limited to any costs to the Covered Entity based on RECIPIENT s conduct or other actions Covered Entity needs to take to avoid being penalized or to mitigate damages. Accordingly, on demand, RECIPIENT shall reimburse Covered Entity for any and all damages, losses, liabilities, lost profits, fines, penalties, credit monitoring costs, notification costs, audit costs, marketing costs, consultant fees, and other costs or expenses including attorney s fees which may be incurred by reason of any suit, claim, action, proceeding or demand by any third party or any governmental agency which results from RECIPIENT s breach hereunder. Nothing in any underlying agreement or any other agreement between the parties, terms of service or other instrument, warranties or any limitation of liability, shall be construed in any way to limit or exclude RECIPIENT s obligation to indemnify hereunder or its liability for damages caused by any acts in violation of this agreement and/or the negligence, willful misconduct or fraud on the part of RECIPIENT. This paragraph shall survive termination or expiration of this Agreement. 14. Intellectual Property Rights. A. It is agreed and acknowledged that all individual data submitted for inclusion in the Registry by or on behalf of Covered Entity are and shall remain Participant s proprietary information. Once submitted to the Registry, the return of the Participant s individual data, including protected health information as defined by the HIPAA Regulations ( PHI ), is infeasible, as it will have been integrated into the Registry. Covered Entity grants to RECIPIENT a right to use the data submitted by Covered Entity in any manner that is consistent with this Agreement and the HIPAA Regulations. B. This data remains the sole property of Covered Entity. The data is provided as is and Covered Entity makes no representation or warranty, express or implied, with respect to its quality or fitness for a particular purpose. C. Covered Entity agrees that all data submitted by or on behalf of Covered Entity to RECIPIENT or RECIPIENT s designee for purposes of inclusion in the Registry may be used by RECIPIENT as a part of the Registry and any subset thereof that RECIPIENT may choose to create and use as it sees fit for the purposes of promoting Participant s and other Registry participants health care operations, for medical research (as defined by HIPAA regulations) by RECIPIENT and others authorized by RECIPIENT, and the other interests of the Registry (including 5

publication of such data); provided, however, that no such data shall be used and disclosed in such a way as to identify Covered Entity or any individual physician or physician group, unless and until Covered Entity advises RECIPIENT in writing that it has authorized or secured appropriate consent for such disclosure. RECIPIENT will not share PHI with third-parties except as otherwise authorized under this Agreement, the BAA/DUA, and the HIPAA Regulations. 15. Sole Agreement. This document contains the entire agreement between the parties concerning the subject matter of this Data Use Agreement. It supersedes all prior and contemporaneous oral and written understandings but does not supersede the Accreditation Agreement and Business Associate Agreement between the parties. 16. Choice of Law and Forum. All disputes regarding the meaning, effect, force or validity of this Participation Agreement shall be determined according to federal law and the law of the State of Florida. The Parties expressly agree that the federal and state courts located in the State of Florida are the most reasonable and convenient forums for resolutions of any such disputes, and designate said courts as the exclusive forums in which all such disputes shall be litigated. 17. No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended or shall be deemed to confer upon any person other than Covered Entity and RECIPIENT, and their respective successors and assigns, any rights, obligations, remedies or liabilities. 18. Amendment. No amendment of this Data Use Agreement will be effective unless it is in writing and signed by both parties. In Witness Whereof, the parties are signing this Data Use Agreement effective as of the date of signature by both parties. ( RECIPIENT ) By: Name: Title: Date: University of Miami ( Covered Entity ) By: Name: Title: Date: 6

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback