BUSINESS ASSOCIATE AGREEMENT

Similar documents
HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

ACGME BUSINESS ASSOCIATE AGREEMENT

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

Business Associate Agreement

ARTICLE 1. Terms { ;1}

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Interpreters Associates Inc. Division of Intérpretes Brasil

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement Passport to Languages

Business Associate Agreement For Protected Healthcare Information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

FACT Business Associate Agreement

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT

ARTICLE 1 DEFINITIONS

IHDE BUSINESS ASSOCIATE AGREEMENT (BAA)

BUSINESS ASSOCIATE AGREEMENT

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

BUSINESS ASSOCIATE AGREEMENT

HIPAA and ProAssurance

NETWORK PARTICIPATION AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

COBRA Setup Fact Sheet for Oswald agent

BUSINESS ASSOCIATE AGREEMENT

HIPAA ADDENDUM TO SERVICE AGREEMENT

HIPAA Business Associate Agreement

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

Business Associate Agreement RECITALS AGREEMENT

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Limited Data Set Data Use Agreement For Research

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

REGISTRY PARTICIPATION AGREEMENT

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

HIPAA BUSINESS ASSOCIATE ADDENDUM

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Microsoft Online Subscription Agreement/Open Program License Agreement Amendment for HIPAA and HITECH Act Amendment ID MOS13

SCHEDULE D HIPPA BUSINESS PARTNER AGREEMENT

AIUM Ultrasound Practice Accreditation Master Services Agreement & Business Associate Agreement (MSA/BAA)

Washington Producer Application

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

HIPAA STUDENT ASSOCIATE AGREEMENT

AMWELL GROUP PRACTICE AGREEMENT

Care Partners: Bridging Families, Clinics, and Communities to Advance Late-Life Depression Care Project, Phase 2

Participation and HIPAA Compliance in the ACR National Radiology Data Registry

Section 125 Flexible Spending Account Plan Client Setup & Document Checklist

HRA Administration - SummaCare Plan Getting Started Checklist

MEDICARE NEXT GENERATION ACO PREFERRED PROVIDER AGREEMENT

Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and

UCLA Health System Data Use Agreement

DEPARTMENT OF VERMONT HEALTH ACCESS GENERAL PROVIDER AGREEMENT

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

PURCHASE ORDER TERMS AND CONDITIONS

Central Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4

Partnership & Corporation Professional Liability Application

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

BROKER AGREEMENT. Wherein it is mutually agreed as follows:

GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT

MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota

HIPAA TRANSACTION 837 INSTITUTIONAL STANDARD COMPANION GUIDE

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)

Texas Tech University Health Sciences Center HIPAA Privacy Policies

S T A N D A R D C H I R O P R A C T O R A G R E E M E N T & S I G N A T U R E P A G E

Benefits Consultant' s Agreement

B. Termination of Agreement. The Agreement may be terminated under any of the following circumstances:

RECITALS. NOW THEREFORE, in consideration of the terms, covenants and agreements set forth in this Agreement, the Parties agree as follows:

PLAN SPONSOR CERTIFICATION TO THE GROUP HEALTH PLAN

BREACH NOTIFICATION POLICY

POLESTAR BENEFITS, INC. ADMINISTRATION AGREEMENT

Producer Agreement DDWA Product means an Individual or Group dental benefits product offered by Delta Dental of Washington.

ENSPIRE QUALITY PARTNERS AGREEMENT FOR PARTICIPATION IN CLINICAL INTEGRATION PROGRAM

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies

VACCINATION SERVICES OF AMERICA, INC. D/B/A TOTALWELLNESS INDEPENDENT CONTRACTOR AND BUSINESS ASSOCIATE AGREEMENT

COLLECTION SERVICES AND BUSINESS ASSOCIATE AGREEMENT

Vendor seeks to deliver Medication Therapy Management Services to Members of Clients pursuant to one or more Client Agreements.

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

BASIC COBRA. Thank you for choosing BASIC for your COBRA Administration! Please read the information below before you proceed with implementation.

Oregon Health & Science University STANDARD CONTRACT PROVISIONS PROFESSIONAL SERVICES CONTRACT

St. Jude Children's Research Hospital Terms and Conditions for Goods Purchased

WARRANT AGREEMENT. Issue Date: April [ ], 2015 (the Effective Date )

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE

Issuer Appointment of an Investment Bank Designated Advisor for Disclosure

Producer Agreement. Submission Checklist. Please return the required documentation to: Or mail to:

DATA TRANSMISSION SERVICES AGREEMENT

Transcription:

BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into this 22 nd day of September, 2014 ( Effective Date ), by and between Customer_Name with a place of business at Address_Line1, Address_Line2, Address_Line3, Address_Line4, City, State, Postal_Code and COLLEGE OF AMERICAN PATHOLOGISTS ( CAP ) with its principal place of business at 325 Waukegan Road, Northfield, IL 60093. Individually, the CAP and Customer_Name shall be referred to as Party, and together, the CAP and Customer_Name shall be referred to as Parties. WHEREAS CAP (the Business Associate ) provides laboratory accreditation, inspection, and related services to Customer_Name (the Covered Entity ); WHEREAS the disclosure of certain PHI shall be regulated by the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ( HITECH Act ), and their implementing regulations at 45 C.F.R. Parts 160, 162 and 164 ( Regulations ); WHEREAS Covered Entity may from time to time disclose to Business Associate certain PHI that is subject to protection under HIPAA and the HITECH Act, and the Regulations; WHEREAS to the extent applicable, Business Associate and Covered Entity desire to comply with the applicable provisions of HIPAA, the HITECH Act, and the Regulations; and NOW THEREFORE, for and in consideration of the premises and other good and valuable consideration the receipt and sufficiency of which is hereby acknowledged, it is agreed by and between the Parties hereto that the terms listed below provide a full statement of their responsibilities under this Agreement. I. Definitions Terms used herein but not otherwise defined in this Agreement shall have the same meaning as the meaning ascribed to those terms in HIPAA, the HITECH Act, and the Regulations. (a) Breach of Unsecured PHI shall have the meaning set forth in 45 C.F.R. 164.402. (b) Business Associate shall have the same meaning as the term Business Associate under 45 C.F.R. 160.103, and in reference to the Party to this Agreement, shall mean CAP. Business Associate is limited to being construed as an independent contracting party and no other relationship shall be construed to exist between Business Associate and Covered Entity under this Agreement. Page 1 of 8

(c) Covered Entity shall have the same meaning as the term Covered Entity under 45 C.F.R. 160.103, and in reference to the Party to this Agreement, shall mean Customer_Name. (d) HIPAA shall mean the Health Insurance Portability and Accountability Act of 1996, as codified at 42 U.S.C. 1320d et seq. (e) HITECH Act shall mean the Health Information Technology for Economic and Clinical Health Act of 2009, as codified at 42 U.S.C. 17901 et seq. (f) Individual shall have the same meaning as the term Individual in 45 C.F.R. 164.501, and shall include a person who qualifies as a personal representative as set forth at 45 C.F.R. 164.502(g). (g) PHI shall have the same meaning as the protected health information as set forth at 45 C.F.R. 160.103 and includes genetic information as set forth in the Genetic Information Nondiscrimination Act of 2008. PHI is limited to the information created, received, maintained or transmitted by Business Associate on behalf of or from Covered Entity. (h) Privacy Rule shall mean the Standards for Privacy of Individually Identifiable Health Information as set forth at 45 C.F.R. Parts 160 and 164 (Subparts A, E). (i) Regulations shall mean any current and future regulations promulgated under either HIPAA or the HITECH Act, including but not limited those set forth at 45 C.F.R. Parts 160, 162 and 164. (j) Required by Law shall have the same meaning as the term required by law as set forth at 45 C.F.R. 164.103. (k) Secretary shall mean the Secretary of the United States Department of Health and Human Services or his or her designee. (l) Security Incident shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system as set forth at 45 C.F.R. 164.304. (m) Security Rule shall mean the portion of the Regulations regarding security of information technology in order to prevent unlawful use or disclosure of PHI as set forth at 45 C.F.R. Parts 160, 162, 164 (Subparts A and C). (n) Service Agreement shall mean any executed contract, agreement, memorandum of understanding, application for services, or similar legally binding agreement for any services provided by the Business Associate to the Covered Entity which would pertain to the subject matter of this Agreement. Page 2 of 8

(o) Standards for Privacy of Individually Identifiable Health Information shall mean the portion of the Regulations set forth at 45 C.F.R. 160, 164 (Subparts A, E). (p) Unsecured PHI shall mean PHI not secured by a technology standard that renders the information unusable, unreadable, or indecipherable according to standards developed by an organization that is accredited by the American National Standards Institute as set forth at 45 C.F.R. 164.402. II. Obligations and Activities of the Business Associate To the extent applicable, Business Associate agrees to: (a) not use or disclose PHI other than as permitted or required to perform services for the Covered Entity (the Services ), as permitted or required by this Agreement or as required by law; (b) use appropriate administrative, physical, and technical safeguards, and comply with Subpart C of 45 C.F.R. Part 164, with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement; (c) report to Covered Entity any use or disclosure of PHI not permitted by the Agreement of which it becomes aware, including a Breach of Unsecured PHI as required under 45 C.F.R. 164.410, and any Security Incident of which it becomes aware. The Business Associate agrees to promptly notify without unreasonable delay the Covered Entity of any Breach of Unsecured PHI after the Breach of Unsecured PHI is discovered by the Business Associate in accord with 45 C.F.R. 164.410; (d) in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 45 C.F.R. 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to restrictions, conditions, and requirements at least as stringent as those that apply to the Business Associate with respect to such information. Business Associate shall enter into agreements with any subcontractors, and the terms of such agreements shall incorporate the applicable requirements of, and otherwise comply with, the Regulations; (e) make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity s obligations under 45 C.F.R. 164.524. The Business Associate shall promptly furnish PHI in a Designated Record Set to the Covered Entity upon receiving a request to furnish such PHI to the Covered Entity. The Parties agree and acknowledge that it is the Covered Entity s responsibility to respond to all requests for access. Any request under 45 C.F.R. 164.524 from an Individual made directly to Business Associate will be referred to Covered Entity; (f) make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. 164.526 or take other measures as Page 3 of 8

necessary to satisfy Covered Entity s obligations under 45 C.F.R. 164.526. The Parties agree and acknowledge that it is Covered Entity s responsibility to respond to all requests for amendments. Any request under 45 C.F.R. 164.526 from an Individual made directly to Business Associate will be referred to Covered Entity; (g) to the extent Business Associate maintains PHI in a Designated Record Set, make available the information required to provide an accounting of disclosures to the Covered Entity as necessary for the Covered Entity to satisfy Covered Entity s obligations under 45 C.F.R. 164.528; (h) to the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under 45 C.F.R. Part 164 (Subpart E), comply with the requirements of 45 C.F.R. Part 164 (Subpart E) that apply to the Covered Entity in the performance of such obligation(s); and (i) make its internal practices, books, and records available to the Secretary for purposes of determining Covered Entity s compliance with HIPAA, the HITECH Act, and the Regulations. III. Permitted Uses and Disclosures by Business Associate (a) Business Associate may use and disclose PHI as permitted or required to perform Services for the Covered Entity as permitted or required by this Agreement, and as Required by Law. (b) Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that: 1. disclosures are Required By Law, or 2. Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and 3. the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (c) Business Associate may, but is not required to, use PHI to provide Data Aggregation Services to Covered Entity as permitted by 45 C.F.R. 164.504(e)(2)(i)(B). (d) Business Associate may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 C.F.R. 164.502(j)(1). Page 4 of 8

(e) Business Associate agrees to limit, to the extent practicable and except as permitted by 45 C.F.R. 164.502(b)(2), its use, disclosure and requests of PHI under the Agreement to a limited data set (as defined in 45 C.F.R. 164.514(e)(2)) or, if needed by Business Associate to the minimum necessary PHI to accomplish the intended purpose of such use, disclosure or request. (f) Business Associate may not use or disclose PHI in a manner that would violate 45 C.F.R. Part 164 (Subpart E) if such use or disclosure were to be done by Covered Entity, except as permitted by 45 C.F.R. 164.504(e)(4). (g) Business Associate may use PHI to create de-identified information or a limited data set consistent with the standards set forth at 45 C.F.R. 164.514. (h) Business Associate shall not sell PHI or use or disclose PHI for purposes of marketing, except as otherwise permitted by HIPAA, the HITECH Act, or the Regulations. IV. Obligations and Activities of the Covered Entity (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. 164.520, to the extent that such limitation may affect Business Associate s use or disclosure of PHI. (b) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate s use or disclosure of PHI. (c) Covered Entity shall notify Business Associate of any restrictions on the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. 164.522, to the extent that such changes may affect Business Associate s uses or disclosures of PHI. (d) Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under 45 C.F.R. Part 164 (Subpart E) if done by Covered Entity except as permitted by 45 C.F.R. 164.504(e)(4) of this Agreement. (e) Covered Entity agrees to limit, to the extent practicable and except as permitted by 45 C.F.R. 164.502(b)(2), its use, disclosure and requests of PHI under the Agreement to deidentified information (as defined in 45 C.F.R. 164.514(b)(2)) if requested by Business Associate, or a limited data set (as defined in 45 C.F.R. 164.514(e)(2) or, if needed by Covered Entity, to the minimum necessary PHI to accomplish the intended purpose of such use, disclosure or request. V. Term and Termination (a) Termination for Cause. Upon either Party s knowledge of a material breach by the other Party, the non-breaching Party shall: Page 5 of 8

1. provide an opportunity for the breaching Party to cure the breach within 30 (thirty) days but shall terminate this Agreement (and any underlying agreement) if the breaching Party does not cure the breach; 2. if cure is not possible, immediately terminate this Agreement and any underlying agreement; or 3. if neither termination nor cure are feasible, may report the breach to the Secretary. (b) Term. The Term of this Agreement shall be effective as of the Effective Date set forth above and shall terminate on the date either Party terminates for cause as authorized in paragraph (a) of this Section V, or the date any underlying Service Agreement terminates, whichever first occurs. (c) Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, Business Associate, with respect to PHI received from Covered Entity, or created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity, shall: 1. Retain that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities; 2. If feasible, return to Covered Entity or destroy the remaining PHI that the Business Associate still maintains in any form; 3. Continue to use appropriate safeguards and comply with 45 C.F.R. Part 164 (Subpart C) with respect to electronic PHI to prevent use or disclosure of the PHI, other than as provided for in this Section V, for as long as Business Associate retains the PHI; 4. Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set out at 45 C.F.R. 164.504(e)(4) which applied prior to termination; and 5. Return to Covered Entity or destroy the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities. (d) Survival. The obligations of Business Associate under this Section V(c) shall survive the termination of this Agreement. VI. Notices All notices, requests, consents and other communications hereunder will be: 1. in writing and addressed to the receiving Party s address set forth above or to such other address as a Party may designate by notice hereunder, Page 6 of 8

2. either delivered by hand, made by facsimile transmission, sent by overnight courier, or sent by registered/certified mail, return receipt requested, postage prepaid to the appropriate contacts. VII. Miscellaneous (a) Entire Agreement. This Agreement sets forth the entire understanding of the Parties with respect to the subject matter set forth herein and supersedes all prior Agreements, arrangements and communications, whether oral or written, pertaining to the subject matter hereof. (b) Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance by Covered Entity and Business Associate with HIPAA, the HITECH Act, and the Regulations. (c) Third Party Beneficiaries. This Agreement is not intended to benefit any person or entity not a party to this Agreement. (d) Amendment. The Parties agree to take reasonable step to negotiate an amendment to this Agreement from time to time as is necessary to comply with the applicable requirements of HIPAA, the HITECH Act, and the Regulations. [Signatures follow] Page 7 of 8

IN WITNESS WHEREOF, the Parties hereto have signed this Agreement the date and year first written above by the duly authorized representative. Facsimile or electronically scanned transmission of an executed copy of this Agreement or any amendments thereto shall be accepted as evidence of a party s execution of the Agreement or amendment. This Agreement may be executed in multiple counterparts, each of which shall be deemed to be an original. COLLEGE OF AMERICAN PATHOLOGISTS By: signature printed Title: Date: Customer_Name By: signature printed Title: Date: ACTIVE 203524648 Page 8 of 8

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback