RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

Similar documents
HIPAA and ProAssurance

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

Business Associate Agreement RECITALS AGREEMENT

Oregon Healthcare Quality Reporting System Participating Provider Organization Portal Access Agreement

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Business Associate Agreement Passport to Languages

REGISTRY PARTICIPATION AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

PURCHASE ORDER TERMS AND CONDITIONS

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

Microsoft Online Subscription Agreement/Open Program License Agreement Amendment for HIPAA and HITECH Act Amendment ID MOS13

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

ARTICLE 1. Terms { ;1}

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HIPAA BUSINESS ASSOCIATE ADDENDUM

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

PLAN SPONSOR CERTIFICATION TO THE GROUP HEALTH PLAN

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

Limited Data Set Data Use Agreement For Research

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

Interpreters Associates Inc. Division of Intérpretes Brasil

SCHEDULE D HIPPA BUSINESS PARTNER AGREEMENT

IHDE BUSINESS ASSOCIATE AGREEMENT (BAA)

ARTICLE 1 DEFINITIONS

MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota

BUSINESS ASSOCIATE AGREEMENT

Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and

BUSINESS ASSOCIATE AGREEMENT

HIPAA ADDENDUM TO SERVICE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement

Producer Agreement DDWA Product means an Individual or Group dental benefits product offered by Delta Dental of Washington.

Business Associate Agreement For Protected Healthcare Information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

FACT Business Associate Agreement

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

AMWELL GROUP PRACTICE AGREEMENT

RECITALS. NOW THEREFORE, in consideration of the terms, covenants and agreements set forth in this Agreement, the Parties agree as follows:

UCLA Health System Data Use Agreement

BUSINESS ASSOCIATE AGREEMENT

Health Reimbursement Arrangement Plan Document

ACGME BUSINESS ASSOCIATE AGREEMENT

AIUM Ultrasound Practice Accreditation Master Services Agreement & Business Associate Agreement (MSA/BAA)

GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT

NETWORK PARTICIPATION AGREEMENT

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)

HIPAA BUSINESS ASSOCIATE AGREEMENT

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

HIPAA STUDENT ASSOCIATE AGREEMENT

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

BROKER AGREEMENT. Wherein it is mutually agreed as follows:

COLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT

DATA TRANSMISSION SERVICES AGREEMENT

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

POLESTAR BENEFITS, INC. ADMINISTRATION AGREEMENT

Care Partners: Bridging Families, Clinics, and Communities to Advance Late-Life Depression Care Project, Phase 2

Central Fabrication Accreditation Application

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

DATA SHARING AGREEMENT. Between LEO Pharma A/S and [insert name of Researcher]

Partnership & Corporation Professional Liability Application

HIPAA Business Associate Agreement

COBRA Setup Fact Sheet for Oswald agent

Vendor seeks to deliver Medication Therapy Management Services to Members of Clients pursuant to one or more Client Agreements.

B. Termination of Agreement. The Agreement may be terminated under any of the following circumstances:

AppLovin Data Processing Agreement

S T A N D A R D C H I R O P R A C T O R A G R E E M E N T & S I G N A T U R E P A G E

HPHConnect for Providers Enrollment Form

ELECTRONIC MEDICAL RECORD ACCESS AGREEMENT

MERANI CONSTRUCTION LLC CAFETERIA PLAN BASIC PLAN DOCUMENT #125

HIPAA Privacy Compliance Checklist

HIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures

Healthcaree. authority. and. former or. and. interface to. contained. the receipt. Definitions. Section 1. ADPH DSA, 5/1/17

MSSNG A Program of Autism Speaks Inc. 85 Devonshire St Boston, MA 02109, USA (617) MSSNG DATABASE ACCESS AGREEMENT (DAA) (VERSION 1.

Oregon Health & Science University STANDARD CONTRACT PROVISIONS PROFESSIONAL SERVICES CONTRACT

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

RECITALS. WHEREAS, this Amendment incorporates the various amendments, technical and conforming changes to HIPAA implemented by the Final Rule; and

Cook County Department of Public Health

ENERGY EFFICIENCY CONTRACTOR AGREEMENT

SCHOOL STAFFING AGREEMENT

ENSPIRE QUALITY PARTNERS AGREEMENT FOR PARTICIPATION IN CLINICAL INTEGRATION PROGRAM

DISTRICT SCHOOL BOARD OF PASCO COUNTY Health Reimbursement Arrangement

PRACTICE TRANSFORMATION NETWORK PROGRAM PARTICIPATION AGREEMENT

Transcription:

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC. THIS RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT (this Agreement ) is by and between as a participating physician organization ( Participating Organization ) and Milliman, Inc. ( Milliman ) (individually, a Party and, collectively, the Parties ). BACKGROUND The Oregon Healthcare Quality Reporting System is an initiative sponsored by the Oregon Health Care Quality Corporation, Quality Corp as a collaborative among patients, providers, health plans, and purchasers to measure and improve health care quality in Oregon. The primary purpose of the Oregon Healthcare Quality Reporting System is to improve the quality of care and treatment of patients of the participating data suppliers in Oregon. The Oregon Healthcare Quality Reporting System is an evolving initiative based on the commitment of participating health plans and data supplier organizations that are willing to merge, aggregate and analyze their claims data, encounter and other information. The Oregon Healthcare Quality Reporting System will provide clinics, practices, physicians and other service providers with consolidated information about their patients to facilitate treatment decisions and the Oregon Healthcare Quality Reporting System quality measures to facilitate quality improvement activities. The Oregon Healthcare Quality Reporting System will provide quality measurement and quality improvement information to each data supplier about their members and network providers. The Oregon Healthcare Quality Reporting System will provide information to the public about the quality measures by various provider organizations clinic sites. In furtherance of these goals, the Quality Corp has contracted with Milliman as the Oregon Healthcare Quality Reporting System data services vendor ( Data Services Vendor ) to receive, aggregate, and analyze specified data supplied by participating health plans and other data suppliers ( Data Suppliers ). Data Suppliers provide data to Milliman under the terms of Business Associate and Data Use Agreements between each Data Supplier and Milliman. The Participating Organization and the Quality Corp have entered into a Participating Physician Organization Agreement that enables clinics, practices, physicians and other service providers to access data about their patients consolidated from multiple health plans and other data suppliers under the Oregon Healthcare Quality Reporting System. The purpose of this Agreement is to facilitate the reciprocal exchange of data, including Protected Health Information ( PHI ) as that term is defined in 45 CFR Sec. 160.103, between the Participating Organization and Milliman regarding the patients of the Participating Organization for the purposes of validating and improving the accuracy of the Oregon Healthcare Quality Reporting System data and information in order to facilitate treatment decision making and facilitate quality improvement activities. Oregon Health Care Quality Corporation P (503) 241-3571 F (503) 972-0822 E info@q-corp.org 520 SW Sixth Avenue Suite 830 Portland, OR 97204 Q-Corp.org

RECITALS A. The Participating Organization is a covered entity and is subject to the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ( HIPAA ). B. Milliman is both a business associate of Participating Organization and an agent for the Data Suppliers which are each a covered entity and subject to the administrative simplification provisions of HIPAA. B. Under this Agreement, Milliman will be providing access to PHI related to patients of the Participating Organization and the Participating Organization may be providing PHI on Participating Organization's patients to Milliman. C. For purposes of the Agreement the party providing PHI to the other party is identified as the PHI Source. The party receiving the PHI from the PHI Source is the Business Associate. AGREEMENT In consideration of the Recitals, this Agreement, the Participating Organization s ability to comply with HIPAA, and other good and valuable consideration, the delivery and sufficiency of which is acknowledged, the Parties agree as follows: 1. General Confidentiality Obligation Business Associate shall comply with all applicable laws and regulations regarding the security, confidentiality, and privacy of information, including the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) and its implementing regulations ( HIPAA Regulations ). 2. Protected Health Information 2.1 Use or Disclosure. Business Associate shall not use or disclose Protected Health Information ( PHI ), as that term is defined in 45 CFR Sec. 160.103, that it receives from PHI Source, other than as permitted by this Agreement or required by law. Pursuant to this Agreement, Business Associate may do the following: 2.1.1 Use or disclose PHI only as necessary to perform its obligations to support the Oregon Healthcare Quality Reporting System initiative. 2.1.2 Use PHI or disclose PHI to third parties for Business Associate s proper management and administration, provided that: (i) Business Associate obtains reasonable assurances from the person to whom PHI is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person; and (ii) the person notifies Business Associate of any instances of which it is aware in which the confidentiality of PHI has been breached. Business Associate may also make disclosures that are required by law. 2.1.3 Aggregate the PHI with similar information of other entities properly in its possession in order to provide data analysis relating to Health Care Operations (as that term is defined in 45 CFR Sec. 164.501) of PHI Source. 2.1.4 De-identify PHI in accordance with the requirements of the HIPAA Regulations and maintain such de-identified health information indefinitely; provided that all identifiers are destroyed or returned in accordance with this Agreement. 2.1.5 Create Limited Data Sets for the purpose of providing the Services. 2 May 3, 2013

2.2 Responsibilities with Respect to PHI. Business Associate further agrees, with respect to PHI, that it shall: 2.2.1 Implement administrative, physical, and technical safeguards to protect the security and confidentiality, integrity, and availability, as those terms are defined at 45 CFR Sec. 164.304, of PHI that Business Associate creates, receives, maintains, or transmits on behalf of PHI Source, and prevent its unauthorized use or disclosure. 2.2.2 Make reasonable efforts to obtain, use and disclose only the minimum PHI necessary to perform a function permitted by this Agreement or required by law. 2.2.3 Notify PHI Source of any use or disclosure of PHI not permitted by this Agreement, or any security incident, as that term is defined at 45 CFR Sec. 164.304, within five (5) working days of becoming aware thereof; provided, however, that the parties acknowledge and agree that this section shall not require notice by Business Associate to PHI Source of the existence and occurrence of any and all attempted but unsuccessful Security Incidents arising during the term of this Agreement. Unsuccessful Security Incidents shall include, but not be limited to, pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as such incidents do not result in unauthorized access, use or disclosure of PHI Source's electronic PHI. 2.2.4 Establish procedures to mitigate to the extent practical, any improper use or disclosure of PHI. 2.2.5 Ensure that any agents or subcontractors who have access to PHI agree to the same restrictions and conditions as Business Associate, including without limitation, Section 2.2.1. 2.2.6 Disclose PHI to a third party, as permitted by this Agreement, only when required by law or after the third party provides written assurances regarding the confidential handling of PHI, except as otherwise permitted or required in Section 2.1.2. 2.2.7 Make available to PHI Source within ten (10) working days of a written request the information necessary for PHI Source to comply with patients' rights to access, and receive an accounting of the disclosures of, their PHI under federal or state law. 2.2.8 Make available to PHI Source or, at PHI Source s request, the Secretary of Health and Human Services, the Business Associate's internal practices, books and records relating to the use and disclosure of PHI in order to determine PHI Source s compliance with the HIPAA Regulations. 2.2.9 Make any amendment to the PHI that PHI Source directs within ten (10) days of a written request. 2.2.10 Upon termination or expiration of this Agreement, return or destroy all PHI, including but not limited to that in possession of third parties, if feasible. If it is not feasible to return or destroy any PHI, no other uses or disclosures may be made except for the purposes which prevented the return or destruction of the information. PHI Source 3 May 3, 2013

2.3 Obligations of PHI Source. hereby acknowledges and agrees that infeasibility includes Business Associate's need to retain PHI for purposes of complying with its work product documentation standards. 2.3.1 PHI Source shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Regulations if done by PHI Source. 2.3.2 PHI Source shall provide Business Associate with only that PHI which is minimally necessary for Business Associate to provide the Services. 3. Additional Provisions 3.1 Indemnification. Each of the parties hereto agrees to be liable for its own conduct, including but not limited to breach of this Agreement, and to indemnify the other party against any and all losses related to the indemnifying party s breach. In the event that such loss or damage results from the conduct of more than one party, each party agrees to be responsible for its own proportionate share of the claimant s damages under the laws of the state of Oregon. 3.2 Insurance. Business Associate shall maintain insurance that Business Associate deems sufficient to cover Business Associate s activities on behalf of PHI Source and under this Agreement, including without limitation, general commercial liability with limits not less than One Million Dollars ($1,000,000) per occurrence and professional liability or errors and omissions coverage, if applicable, with limits not less than One Million Dollars ($1,000,000) per claim, and Three Million Dollars ($3,000,000) in the aggregate as well as statutory workers compensation insurance. Business Associate shall provide PHI Source a certificate of insurance evidencing such coverage upon request. Business Associate may satisfy the above requirements through a policy of self-insurance. 3.3 Termination. PHI Source shall have the right to terminate its entire relationship with Business Associate immediately in the event that Business Associate fails to comply with the provisions of this Agreement. 3.4 Survival. The duties and responsibilities imposed upon Business Associate herein shall survive the termination or expiration of this Agreement with respect to any PHI that remains in the possession of Business Associate or any third party who received it from Business Associate. 3.5 Injunctive Relief. Notwithstanding any other right or remedies provided for in this Agreement, PHI Source shall have the right to seek injunctive relief to prevent or stop any unauthorized use or disclosure of PHI by Business Associate or any third party. 3.6 Choice of Law; Jurisdiction; Venue. This Agreement shall be governed by the laws of the state of Oregon, and Business Associate agrees that the courts of the state of Oregon shall have jurisdiction over this matter. 3.7 Superseding Effect. The terms of this Agreement, and the obligations imposed hereunder, shall supersede any terms imposed by any document construed as an agreement between the parties or inferred by any prior course of dealing between the parties related to the subject matter herein. Moreover, this Agreement shall be construed in a manner consistent with any applicable interpretation or guidance regarding HIPAA as now codified or hereinafter amended, 4 May 3, 2013

issued by the U.S. Department of Health and Human Services or the federal Office for Civil Rights. 3.8 Amendment; Waiver 3.8.1 This Agreement may be modified only by a written document signed by both parties. It cannot be modified by course of dealing. Waiver of any one breach of this Agreement shall not constitute waiver of any other breach. 3.8.2 The parties agree to negotiate in good faith regarding mutually acceptable and appropriate amendments to this Agreement as necessary to comply with or give effect to obligations imposed by any change to HIPAA or its implementing regulations. In the event the parties are unable to negotiate a mutually acceptable amendment within One Hundred Eighty (180) days of such a change, either party may terminate the Business Associate s provision of services to PHI Source. 3.9 Notices. Any and all notices required or permitted hereunder shall be sent by certified mail, return receipt requested, or by generally recognized electronic service, to the signatories to this Agreement as shown below. 3.10 Signature Authority. The individuals executing this Agreement represent and warrant that they are competent and capable of entering into a binding contract, and that they are authorized to execute this Agreement on behalf of the parties hereto. 3.11 No Third Party Beneficiaries. Nothing in this Agreement shall be construed to confer upon any person other than the parties and their respective successors or assigns any right, remedy, obligation or liability whatsoever, except as expressly set forth herein. This Agreement is executed in duplicate original as of the date of the last party to sign below. PARTICIPATING ORGANIZATION MILLIMAN, INC. Organization: By: By: Title: Signature: Date: Email: Signature: Date: Email: kent.sacia@milliman.com Address: Address: 1301 Fifth Ave #3800 City, State, Zip: City, State, Zip: Seattle, WA 98101 5 May 3, 2013

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback