IHDE BUSINESS ASSOCIATE AGREEMENT (BAA)

Similar documents
TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

ARTICLE 1. Terms { ;1}

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE AGREEMENT

HIPAA and ProAssurance

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

HIPAA Business Associate Agreement Passport to Languages

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement

Business Associate Agreement

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

ACGME BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

HIPAA ADDENDUM TO SERVICE AGREEMENT

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

BUSINESS ASSOCIATE AGREEMENT

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

SCHEDULE D HIPPA BUSINESS PARTNER AGREEMENT

Interpreters Associates Inc. Division of Intérpretes Brasil

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

Business Associate Agreement For Protected Healthcare Information

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement RECITALS AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

PLAN SPONSOR CERTIFICATION TO THE GROUP HEALTH PLAN

BUSINESS ASSOCIATE AGREEMENT

HIPAA STUDENT ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

HIPAA BUSINESS ASSOCIATE ADDENDUM

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

Limited Data Set Data Use Agreement For Research

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

FACT Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

AIUM Ultrasound Practice Accreditation Master Services Agreement & Business Associate Agreement (MSA/BAA)

LIMITED DATA SET REQUEST AND DATA USE AGREEMENT

MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota

ARTICLE 1 DEFINITIONS

* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)

Microsoft Online Subscription Agreement/Open Program License Agreement Amendment for HIPAA and HITECH Act Amendment ID MOS13

COBRA Setup Fact Sheet for Oswald agent

Central Fabrication Accreditation Application

NETWORK PARTICIPATION AGREEMENT

Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and

Check In Systems. Software Usage Agreement

HIPAA and Lawyers: Your stakes have just been raised

HIPAA Privacy Compliance Checklist

THIRD-PARTY MANAGEMENT OF INFORMATION RESOURCES

REGISTRY PARTICIPATION AGREEMENT

RECITALS. WHEREAS, this Amendment incorporates the various amendments, technical and conforming changes to HIPAA implemented by the Final Rule; and

GUIDANCE ON HIPAA & CLOUD COMPUTING

Section 125 Flexible Spending Account Plan Client Setup & Document Checklist

PURCHASE ORDER TERMS AND CONDITIONS

Care Partners: Bridging Families, Clinics, and Communities to Advance Late-Life Depression Care Project, Phase 2

UCLA Health System Data Use Agreement

Central Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4

POLESTAR BENEFITS, INC. ADMINISTRATION AGREEMENT

Texas Tech University Health Sciences Center HIPAA Privacy Policies

Vermont Department of Disabilities Aging and Independent Living (DAIL) Vermont Division of Vocational Rehabilitation (DVR) and Invest EAP (EAP)

University of Mississippi Medical Center Data Use Agreement Protected Health Information

HIPAA TRANSACTION 837 INSTITUTIONAL STANDARD COMPANION GUIDE

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies

Vendor seeks to deliver Medication Therapy Management Services to Members of Clients pursuant to one or more Client Agreements.

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

UNIVERSITY OF OKLAHOMA Purchasing Department 2750 Venture Drive Norman, Oklahoma 73069

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE

HIPAA PRIVACY MONITORING REQUIREMENTS

GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT

DATA TRANSMISSION SERVICES AGREEMENT

Partners Health Plan, NY Provider Electronic Transaction Enrollment Packet

SECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations

Participation and HIPAA Compliance in the ACR National Radiology Data Registry

AFTER THE OMNIBUS RULE

Benefits Consultant' s Agreement

Washington Producer Application

DEPARTMENT OF VERMONT HEALTH ACCESS GENERAL PROVIDER AGREEMENT

AMWELL GROUP PRACTICE AGREEMENT

Partnership & Corporation Professional Liability Application

Transcription:

IHDE BUSINESS ASSOCIATE AGREEMENT (BAA) This Business Associate Agreement (BAA) is entered into by and between the Covered Entity aka. Data Provider/User, (please enter name of organization) and the Business Associate (BA), Idaho Health Data Exchange, Inc. (IHDE), an Idaho nonprofit corporation. RECITALS A. The Covered Entity and the Business Associate agree that they may create, maintain, use or disclose Protected Health Information (PHI) on behalf of each other for the purpose of treatment, payment or operations for health care services. B. The Covered Entity and the Business Associate desire to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations (45 CFR Parts 160 and 164), (https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaasimplification-201303.pdf) and the requirements of all applicable insurance commissioner regulations implementing Title V of the Gramm-Leach-Bliley Act (15 USC 6801 et seq.) (https://www.law.cornell.edu/uscode/text/15/6801 ) that apply to a Participant s participation in the IHDE. Please refer to the internet links above for copies of the Acts listed. TERMS AND CONDITIONS 1. Definitions. Terms used, but not otherwise defined, in this BAA shall have the same meaning as those terms in 45 CFR 160.103, 164.103, and 164.501. A regulatory reference in this BAA means the section as in effect or as amended, and for which compliance is required. 1.1 Business Associate. Business Associate shall mean the Idaho Health Data Exchange. 1.2 Covered Entity. Covered Entity shall mean (please enter name of organization). 1.3 Individual. Individual shall have the same meaning as the term individual in 45 CFR 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g). 1.4 Party. Party shall mean the Business Associate or the Covered Entity entering this BAA.

1.5 Protected Health Information. Protected Health Information (PHI) means any information created for or received from a Participant under the Participation Agreement (PA) from which the identity of an Individual can reasonably be determined, and includes, but is not limited to, all information within the statutory meaning of Protected Health Information (45 CFR 160.103). Protected Health Information includes information maintained or transmitted in any form, electronic or otherwise. 1.5.1 Privacy Rule. Privacy Rule means the standards for privacy set forth in 45 CFR Parts 160 and 164, Subparts A and E. 1.6 Required by Law. Required by Law shall have the same meaning as the term required by law in 45 CFR 164.103. 1.7 Secretary. Secretary shall mean the Secretary of the Department of Health and Human Services or his or her designee. 2. Obligations and Activities of Business Associate and Covered Entity. 2.1 Permitted Uses and Disclosures. Business Associate shall not use or further disclose Protected Health Information other than as Required by Law or as permitted in this section as follows: 2.1.1 Use or disclose. Business Associate may use or disclose Protected Health Information (PHI) to perform functions, activities, or services for, or on behalf of, Covered Entity and participants in the IHDE as specified in the IHDE Participation Agreement, (PA), provided that such use or disclosure would, or does not violate the Privacy Rules of a HIPAA Covered Entity; 2.1.2 Use. Business Associate may use Protected Health Information for the proper medical management and administration of Business Associate or to carry out the legal medical responsibilities of the Business Associate; 2.2 Safeguards. Business Associate shall use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this BAA. 2.3 Mitigate Harmful Effects. Business Associate shall mitigate, to the extent practicable, any harmful effect that is known to a party of a use or disclosure of Protected Health Information in violation of the requirements of this BAA.

2.4 Reporting Requirements. 2.4.1 Non-Permitted Use or Disclosure. Business Associate shall promptly report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this BAA. 2.4.2 Security Incidents. Business Associate shall report any security incident involving electronic Protected Health Information ( P H I ) of which it becomes aware as specified herein. Security Incident means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system on which PHI is stored or resides. A successful Security Incident shall be reported to the Covered Entity immediately. An unsuccessful Security Incident shall be reported upon request by the Covered Entity or another IHDE participant. Reports of unsuccessful security incidents shall not be requested more often than once per month. 2.5 Business Associates and Subcontractors. Business Associate shall ensure that its agents, including a subcontractor, to whom the Business Associate provides Protected Health Information received from, or created or received by Covered Entity or other participants in the IHDE, shall agree to the same restrictions and conditions that apply through this BAA to the parties with respect to such information. 2.6 Inspection of Books and Records. Business Associate shall make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from or created or received by Business Associate on behalf of, the Covered Entity available to the Secretary of the U.S. Department of Health and Human Services ( Secretary ) for the Secretary to determine compliance with the Privacy Rule. 2.7 Access. To the extent that Business Associate maintains an unduplicated designated record set on behalf of the Covered Entity, Business Associate shall provide access to an Individual to that Individual s Protected Health Information in the time and manner necessary to meet the requirements under 45 CFR 164.524. 2.8 Amendment. To the extent that Business Associate maintains an unduplicated designated record set on behalf of the Covered Entity, Business Associate shall make any amendment(s) to Protected Health Information in a time and manner necessary to meet the requirements of 45 CFR 164.526.

2.9 Accountings. To the extent that Business Associate makes any accountable disclosures of Protected Health Information, Business Associate shall document such disclosures and information related to such disclosures that would be required to respond to a request by an Individual for an accounting of disclosures in accordance with 45 CFR 164.528. Business Associate shall provide a requested accounting to an Individual in time and manner necessary to meet the requirements of 45 CFR 164.528. 2.10 Security of Electronic Personal Information. Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity or another participant in the IHDE, as required under 45 CFR Part 164, Subpart C. 2.11 Restrictions to Personal Information. The Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that the Covered Entity has agreed to in accordance with 45 CFR 164.522 in the event such agreement will impact the use or disclosure of Protected Health Information by IHDE or another participant in the IHDE. 2.12 Permissible Requests. Neither IHDE nor the Covered Entity shall ask the other to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule. 3. Term and Termination. 3.1 Term. The term of this BAA shall be the same as the (PA). Upon termination of the PA, the terms of this BAA shall remain in effect until all the Protected Health Information (PHI) provided by Covered Entity is destroyed or returned or, if it is infeasible to return or destroy such Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section. 3.2 Termination for Cause. Upon knowledge of a material breach of this BAA by Business Associate, the Covered Entity will have the right to: 1) provide an opportunity for Business Associate to cure the breach or end the violation and terminate the PA if Business Associate does not cure the breach or end the violation within the time specified in writing; or 2) immediately terminate the PA if Business Associate has breached a material term of this BAA and cure is not possible.

3.3 Effect of Termination. Upon termination of the PA, for any reason, Business Associate shall return or destroy all Protected Health Information received from the Covered Entity or created or received by Business Associate on behalf of Covered Entity unless the Covered Entity agrees that the return or destruction of the Protected Health Information is infeasible. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. In the event that the Business Associate believes the return or destruction of the Protected Health Information is infeasible, Business Associate shall provide to the Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return, or destruction of the Protected Health Information is infeasible, Business Associate shall extend the protections of this BAA to such Protected Health Information and limit further uses and disclosures to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. If return or destruction is feasible or becomes feasible, Business Associate agrees to retain no copies of the Protected Health Information. 4. Amendment. The Parties agree to take such action to amend this BAA from time to time as is necessary to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (45 CFR Parts 160 and 164), and the applicable requirements of all insurance commissioner regulations implementing Title V of the Gramm-Leach-Bliley Act (15 USC 6801 et seq.). 5. Survival. The respective rights and obligations of the parties under Section 3 of this Agreement shall survive termination of the PA. 6. Supersedure. This BAA shall supersede any previous agreement between the parties that was entered i n t o for the purpose of protecting Protected Health Information. In the event of a conflict among the provisions of the PA and this BAA, the provisions of this BAA shall control. 7. Interpretation. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits IHDE to comply with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (45 CFR Parts 160 and 164), and the requirements of all insurance commissioner regulations implementing Title V of the Gramm-Leach-Bliley Act (15 USC 6801 et seq.). 8. Counterparts. This BAA may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.

Signature Page - IHDE Business Associates Agreement - BAA For Idaho Health Data Exchange, Inc. For the Data Provider/User - Covered Entity Covered Entity: Signed: Signed: Printed: Printed: Title: Title: Date: Date:

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback