Business Associate Agreement

Similar documents
Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

ACGME BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

ARTICLE 1 DEFINITIONS

ARTICLE 1. Terms { ;1}

Business Associate Agreement

Business Associate Agreement For Protected Healthcare Information

HIPAA ADDENDUM TO SERVICE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

FACT Business Associate Agreement

HIPAA Business Associate Agreement Passport to Languages

Interpreters Associates Inc. Division of Intérpretes Brasil

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

HIPAA and ProAssurance

HIPAA Business Associate Agreement

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

Limited Data Set Data Use Agreement For Research

IHDE BUSINESS ASSOCIATE AGREEMENT (BAA)

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

COLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

HIPAA BUSINESS ASSOCIATE ADDENDUM

UCLA Health System Data Use Agreement

Central Fabrication Accreditation Application

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

BUSINESS ASSOCIATE AGREEMENT

NETWORK PARTICIPATION AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

AMWELL GROUP PRACTICE AGREEMENT

HIPAA STUDENT ASSOCIATE AGREEMENT

GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT

Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

HIPAA BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement RECITALS AGREEMENT

PLAN SPONSOR CERTIFICATION TO THE GROUP HEALTH PLAN

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Microsoft Online Subscription Agreement/Open Program License Agreement Amendment for HIPAA and HITECH Act Amendment ID MOS13

SCHEDULE D HIPPA BUSINESS PARTNER AGREEMENT

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

LIMITED DATA SET REQUEST AND DATA USE AGREEMENT

Partnership & Corporation Professional Liability Application

COBRA Setup Fact Sheet for Oswald agent

REGISTRY PARTICIPATION AGREEMENT

HRA Administration - SummaCare Plan Getting Started Checklist

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)

RECITALS. NOW THEREFORE, in consideration of the terms, covenants and agreements set forth in this Agreement, the Parties agree as follows:

Check In Systems. Software Usage Agreement

AIUM Ultrasound Practice Accreditation Master Services Agreement & Business Associate Agreement (MSA/BAA)

Care Partners: Bridging Families, Clinics, and Communities to Advance Late-Life Depression Care Project, Phase 2

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

TERMS AND CONDITIONS to HIE PARTICIPATION AGREEMENTS

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

PURCHASE ORDER TERMS AND CONDITIONS

ENSPIRE QUALITY PARTNERS AGREEMENT FOR PARTICIPATION IN CLINICAL INTEGRATION PROGRAM

Central Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4

Washington Producer Application

MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota

Section 125 Flexible Spending Account Plan Client Setup & Document Checklist

HIPAA TRANSACTION 837 INSTITUTIONAL STANDARD COMPANION GUIDE

Partners Health Plan, NY Provider Electronic Transaction Enrollment Packet

POLESTAR BENEFITS, INC. ADMINISTRATION AGREEMENT

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

TERMS AND CONDITIONS FOR HEALTH INFORMATION EXCHANGE PARTICIPATION AGREEMENT

Vendor seeks to deliver Medication Therapy Management Services to Members of Clients pursuant to one or more Client Agreements.

This form cannot act as an authorization to assign commissions. Appointment Form Only. Steps to obtain an Appointment:

PHO Provider Professional Services Agreement

DATA TRANSMISSION SERVICES AGREEMENT

St. Jude Children's Research Hospital Terms and Conditions for Goods Purchased

MERANI CONSTRUCTION LLC CAFETERIA PLAN BASIC PLAN DOCUMENT #125

HIE NETWORKS HEALTH INFORMATION NETWORK TERMS OF USE RECITALS

S T A N D A R D C H I R O P R A C T O R A G R E E M E N T & S I G N A T U R E P A G E

VACCINATION SERVICES OF AMERICA, INC. D/B/A TOTALWELLNESS INDEPENDENT CONTRACTOR AND BUSINESS ASSOCIATE AGREEMENT

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE

BROKER AGREEMENT. Wherein it is mutually agreed as follows:

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners

Benefits Consultant' s Agreement

Transcription:

Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is effective by and between CRESTPOINT HEALTH INSURANCE COMPANY, on behalf of itself and its affiliates (collectively, Covered Entity ), and ( Business Associate ). W I T N E S S E T H: WHEREAS, Covered Entity is a Tennessee licensed insurance company that offers commercial health insurance products and is authorized by the Centers for Medicare and Medicaid Services to offer a Medicare Advantage health plan in Northeast Tennessee; WHEREAS, Covered Entity and Business Associate have entered into that certain Agent Agreement (the Agreement ), pursuant to which Business Associate performs sells and promotes certain health insurance products for Covered Entity; WHEREAS, the parties acknowledge that, pursuant to the Agreement, Covered Entity may disclose health and other personal information of certain individuals ( Patient Information ) to Business Associate; and WHEREAS, the parties have determined that this Business Associate Agreement is required in connection with Covered Entity s disclosure of Patient Information to Business Associate for purposes of compliance with HIPAA and the HITECH Act, as defined below. NOW, THEREFORE, premises considered, the parties agree as follows: 1. Definitions. a. HIPAA shall mean the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder, including those comprising 45 C.F.R. Parts 160 164, all as amended from time to time, including through the HITECH Act. b. HITECH Act shall mean the Health Information Technology for Economic and Clinical Health Act and the regulations promulgated thereunder. c. Protected Health Information shall mean such Patient Information defined above that is considered Protected Health Information under HIPAA. d. All other capitalized terms used but not defined herein shall have the same meaning as defined in HIPAA. 2. Use and Disclosure of Protected Health Information by Business Associate.

a. Use and Disclosure in Fulfillment of the Service Agreement. Provided the use or disclosure is not otherwise limited by this Agreement or by applicable law and would not violate HIPAA if done by the Covered Entity, Business Associate has the right to use and disclose Protected Health Information solely for the following purposes: i. as expressly permitted by the Agreement; ii. iii. as required by the Agreement; and as Required By Law. b. Use and Disclosure for Management and Administration. Business Associate may use Protected Health Information as necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. Business Associate may disclose Protected Health Information for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, but only if: i. the disclosure is Required By Law; or ii. Business Associate obtains reasonable assurances from the recipient of such information that the information will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed, and any confidentiality breach of which the recipient becomes aware will be reported to Business Associate. c. Appropriate Safeguards. Business Associate shall use appropriate safeguards to prevent the use or disclosure of Protected Health Information other than as provided in this Agreement. In addition, Business Associate shall use appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of Electronic Protected Health Information that it receives, maintains, or transmits on behalf of Covered Entity in accordance with the standards set forth in 45 C.F.R. Part 164, Subpart C. Without limiting the foregoing or any other term or condition of this Agreement, Business Associate acknowledges and agrees that, in accordance with the HITECH Act, certain portions of the security and privacy provisions of HIPAA apply directly to Business Associate, and accordingly, Business Associate shall comply with all requirements of HIPAA that are directly applicable to it. In the event of a conflict between any requirements of this Agreement and any requirements of HIPAA which are directly applicable to Business Associate, Business Associate may comply with the requirements of HIPAA that are directly applicable to it.

d. Reporting of Violations. Business Associate shall notify Covered Entity of any use or disclosure of Protected Health Information by Business Associate, its workforce, contractors, or agents of which it becomes aware that is in violation of the terms of this Agreement. Business Associate also shall notify Covered Entity of any Security Incident of which it becomes aware. Such notices shall be in writing and shall be provided within ten (10) business days after the date that Business Associate first discovers the Security Incident or unauthorized use or disclosure of Protected Health Information, as applicable. Without limiting the foregoing, in the event Business Associate discovers a Breach of Protected Health Information that is caused by Business Associate or its workforce, contractors, or agents Business Associate shall notify Covered Entity of such Breach as required by 45 C.F.R. 164.410. e. Contracts with Others. Business Associate shall ensure that any agent or subcontractor to whom it provides access to or discloses, in accordance with this Agreement, Protected Health Information received from Covered Entity agrees in writing to the same restrictions and conditions that apply to Business Associate under this Agreement with respect to said Protected Health Information. f. Right of Access by Individual. Business Associate shall provide access, within ten (10) business days of a request by Covered Entity, to Protected Health Information contained in a Designated Record Set. Said access shall be given to Covered Entity or, as directed by Covered Entity, to the Individual who is the subject of the Protected Health Information or who may otherwise be entitled to review said information under HIPAA as determined by Covered Entity, in a time and manner sufficient for Covered Entity to meet the provisions of 45 C.F.R. 164.524, and as applicable, any provisions relating to access to Protected Health Information contained in an electronic health record which are set forth in the HITECH Act. g. Right of Amendment. Business Associate shall make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. 164.526 or any provisions of the HITECH Act relating to amendment(s) to Protected Health Information in an electronic health record, and in the time and manner sufficient for Covered Entity to meet the provisions of 45 C.F.R. 164.526. h. Accounting of Disclosures. Business Associate shall document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. 164.528, and as applicable, any requirements relating to accounting of disclosures of

Protected Health Information through an electronic health record which are set forth in the HITECH Act. Within ten (10) business days of receiving a written request from Covered Entity, Business Associate shall provide to Covered Entity such information collected and documented in accordance with this Section to permit Covered Entity to respond to a request for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. 164.528 and any applicable requirements of the HITECH Act; i. Access by Secretary. Business Associate shall provide access to its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received on behalf of, Covered Entity. Said access shall be given to the Secretary for the purposes of the Secretary determining Covered Entity s compliance with HIPAA. j. Destruction of Protected Health Information at Termination. Business Associate agrees that this Agreement shall automatically terminate upon termination of the Agreement. Upon termination of this Agreement for any reason, whether as a result of termination of the Agreement or earlier if pursuant to Section 4c or 4d below, Business Associate shall return or destroy, if feasible, all Protected Health Information that it maintains or controls. If such return or destruction is not feasible, Business Associate shall (i) notify Covered Entity of the conditions or circumstances that make the return or destruction of such Protected Health Information infeasible; (ii) extend the protections of this Agreement to the retained Protected Health Information; and (iii) limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. 3. Obligations of Covered Entity. a. Notice of Privacy Practices. Covered Entity shall provide Business Associate a current copy of its Notice of Privacy Practices and any changes to such Notice to the extent the changes affect Business Associate s obligations under this Agreement. b. Agreed Upon Restriction. Covered Entity shall provide Business Associate with a copy of any restrictions on the use and disclosure of Protected Health Information that has been requested by an Individual and agreed to by Covered Entity, to the extent such restrictions affect Business Associate s obligations under this Agreement. c. Changes and Revocation by Individual. Covered Entity shall provide Business Associate with notice regarding any changes to, or revocation of, authorization by an Individual to use or disclose Protected Health

Information, to the extent such changes affect Business Associate s obligations under this Agreement. 4. Termination of this Agreement. a. Coordination of Terms. The terms of the Service Agreement and this Agreement shall be coordinated as follows: i. Term of Agreement. The obligations of Business Associate under this Agreement shall survive the early or natural termination of this Agreement, and shall remain in full effect and force pursuant to Section 2j above for so long as Business Associate maintains Protected Health Information in any form which it has received from Covered Entity. ii. Term of Agreement. Nothing contained in this Agreement, including the potential perpetual obligation of Business Associate under Section 2j of this Agreement, shall operate to extend the obligations of the parties under the Agreement beyond its early or natural termination except as may be specified in the Agreement. b. Natural Termination. This Agreement shall automatically terminate upon the termination of the Service Agreement, as described more fully in Section 2j above. c. Termination of Agreement by Covered Entity. Should Covered Entity become aware of a material breach of the terms and conditions of this Agreement by Business Associate, Covered Entity shall, in its sole and absolute discretion and at any time during an ongoing breach, either: (i) provide Business Associate a reasonable opportunity to cure the breach; or (ii) terminate this Agreement immediately; or (iii) report Business Associate to the Secretary. d. Termination of Agreement by Business Associate. In accordance with the HITECH Act and any regulations or rules promulgated in connection therewith, Business Associate may terminate this Agreement in the event of Covered Entity s material breach hereof or of HIPAA, or if termination is not feasible, may report Covered Entity s breach to the Secretary. 5. Coordination with Agreement. Where this Agreement is silent on any term, including, but not limited to the provision of notices, governing law or dispute resolution, said term shall be supplied, if included, by the Agreement. However, this Agreement shall control in the event of any conflict between its terms and the terms of the Agreement. 6. Miscellaneous. This Agreement may not be modified or amended, except in writing as agreed to by each party. The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered

Entity and Business Associate to comply with the requirements of HIPAA and the HITECH Act. IN WITNESS WHEREOF, the Covered Entity and Business Associate hereto have executed this Agreement as of the day and year first above written. Business Associate Covered Entity

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback