Business Associate Agreement Form
If you are an employee and want to have an agreement with your employer regarding your health insurance, you have to use this form. Complete and send the form along with any required fees.
DownloadExtracted Text for Proper Search
\\\DC - 67908/0004 - 1678033 v1 THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY WITH MORE RESTRICTIVE, APPLICABLE STATE LAW. Where indicated below, Option 1 provisions are for use when this business associate agreement will be an amendment, addendum or rider to an existing services agreement and Option 2 provisions are for use when this business associate agreement will be the only written agreement between the parties regarding the business associate services to be provided. All other provisions of the agreement can be included in both options. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this “B.A. Agreement”), dated ______________, 200_, is entered into by and between _________________, with an address at _______________ (the “Business Associate”) and ________________, with an address at _____________________ (the “Covered Entity”) (each a “Party” and collectively the “Parties”). [Required: Choose one option as appropriate.] [OPTION 1 The Parties have entered into a prior agreement entitled _________ dated _________ (the “Underlying Agreement”). Performance of the Underlying Agreement may involve Protected Health Information (as defined in 45 C.F.R. § 164.501) that is subject to the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and codified at 45 C.F.R. parts 160 and 164 (the “Privacy Rule”). The purpose of this B.A. Agreement is to amend the Underlying Agreement to the extent and only to the extent necessary to allow for Covered Entity’s compliance with the Privacy Rule with respect to this Underlying Agreement.] [OPTION 2 The Parties have agreed that Business Associate will perform the following functions and provide the following services for or on behalf of the Covered Entity: __________ [list functions or services which are permitted by the Privacy Rule and require a Business Associate Agreement under the Privacy Rule (see 45 C.F.R. § 164.501)]. Performance of such functions and provision of such services by the Business Associate may involve Protected Health Information (as defined in 45 C.F.R. § 164.501) that is subject to the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and codified at 45 C.F.R. parts 160 and 164 (the “Privacy Rule”). The purpose of this B.A. Agreement is to set forth the obligations of the Parties with respect to such Protected Health Information.] The Parties hereby agrees as follows: 2 \\\DC - 67908/0004 - 1678033 v1 1. DEFINITIONS [Required provisions] 1.1 Unless otherwise specified in this B.A. Agreement, all capitalized terms used in this B.A. Agreement not otherwise defined have the meaning established for purposes of Title 45 parts 160 and 164 of the United States Code of Federal Regulations, as amended from time to time. 1.2 “PHI” shall mean Protected Health Information, as defined in 45 C.F.R. § 164.501, limited to the information received from or created or received on behalf of Covered Entity. 2. RESPONSIBILITIES OF BUSINESS ASSOCIATE [Required provisions] 2.1 Except as otherwise specified herein, Business Associate may make any and all uses and disclosures of PHI necessary to perform [OPTION 1 its obligations under the Underlying Agreement.] [OPTION 2 the functions and provide the services set forth above.] With regard to its use and/or disclosure of PHI, Business Associate agrees to: (a) use and/or disclose PHI only as permitted or required by this B.A. Agreement or required by law; (b) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted or required by this B.A. Agreement; (c) report to Covered Entity any use or disclosure of PHI of which it becomes aware that is not permitted or required by this B.A. Agreement; (d) require all its subcontractors and agents that create, receive, use, disclose or have access to PHI to agree, in writing, to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate; (e) make available its internal practices, books, and records relating to the use and disclosure of PHI to the Secretary of the Department of Health and Human Services (“HHS”) for purposes of determining Covered Entity’s compliance with the Privacy Rule; (f) within __ days [Must be less than 60 days] of receiving a written request from Covered Entity, make available information necessary for Covered Entity to make an accounting of disclosures of PHI about an individual; and 3 \\\DC - 67908/0004 - 1678033 v1 (g) mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this B.A. Agreement. [Required: choose one as appropriate.] 2.2 [Option A: The Parties agree that the information in Business Associate’s possession does not constitute a Designated Record Set.] [Option B: The Parties agree that the PHI in Business Associate’s possession constitutes a Designated Record Set. With regard to PHI maintained in a Designated Record Set, Business Associate agrees to: (a) within __ days [Must be less than 30 days] of receiving a written request from Covered Entity, make available PHI necessary for Covered Entity to respond to individuals’ requests for access to PHI about them; and (b) within __ days [Must be less than 60 days] of receiving a written request from Covered Entity, incorporate any amendments or corrections to the PHI in accordance with the Privacy Regulation.] 3. PERMITTED USES AND DISCLOSURES OF PHI [Optional: as appropriate to the relationship.] 3.1 Unless otherwise limited herein, in addition to any other uses and/or disclosures permitted or required by this B.A. Agreement or required by law, Business Associate may: (a) use the PHI in its possession for its proper management and administration and to fulfill any legal responsibilities of Business Associate; (b) disclose the PHI in its possession to a third party for the purpose of Business Associate’s proper management and administration or to fulfill any legal responsibilities of Business Associate; provided, however, that the disclosures are required by law or Business Associate has received from the third party written assurances that (i) the information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party; and (ii) the third party will notify Business Associate of any instances of which it becomes aware in which the confidentiality of the information has been breached; 4 \\\DC - 67908/0004 - 1678033 v1 (c) perform Data Aggregation for the Health Care Operations of Covered Entity; (d) de-identify any and all PHI created or received by Business Associate under this B.A. Agreement; provided, however, that the de- identification conforms to the requirements of the Privacy Rule. Such resulting de-identified information would not be subject to the terms of this B.A. Agreement; and (e) create a Limited Data Set and use such Limited Data Set pursuant to a Data Use Agreement that meets the requirements of the Privacy Rule. 4. RESPONSIBILITIES OF COVERED ENTITY [Important to comply with HIPAA] 4.1 With regard to the use and/or disclosure of PHI by Business Associate, Covered Entity agrees: (a) to obtain any consent, authorization or permission that may be required by the Privacy Rule or applicable state laws and/or regulations prior to furnishing Business Associate the PHI pertaining to an individual; and (b) that it will inform Business Associate of any PHI that is subject to any arrangements permitted or required of Covered Entity under the Privacy Rule that may materially impact in any manner the use and/or disclosure of PHI by Business Associate under this B.A. Agreement, including, but not limited to, restrictions on the use and/or disclosure of PHI as provided for in 45 C.F.R. § 164.522 and agreed to by Covered Entity. 5. B.A. AGREEMENT EFFECTIVE DATE 5.1 Each term and condition of this B.A. Agreement shall be effective on the compliance date applicable to Covered Entity under the Privacy Rule (“B.A. Effective Date”). 6. TERM AND TERMINATION [Required provisions] 6.1 Termination by the Covered Entity. Upon Covered Entity’s determination of a breach of a material term of this B.A. Agreement by Business Associate, Covered Entity shall provide Business Associate written notice of that breach in sufficient detail to enable Business Associate to understand the specific nature of that breach and afford Business Associate 5 \\\DC - 67908/0004 - 1678033 v1 an opportunity to cure the breach; provided, however, that if Business Associate fails to cure the breach within a reasonable time specified by Covered Entity, Covered Entity may terminate this B.A. Agreement [OPTION 1 and the Underlying Agreement to the extent that the Underlying Agreement requires Business Associate to create or receive PHI]. 6.2 Effect of Termination or Expiration. Within __ days of the termination or expiration of this B.A. Agreement, Business Associate agrees to return or destroy all PHI, including such information in possession of Business Associate’s subcontractors, if feasible to do so. If return or destruction of said PHI is not feasible, Business Associate agrees to extend any and all protections, limitations and restrictions contained in this B.A. Agreement to Business Associate’s use and/or disclosure of any PHI retained after the termination or expiration of this B.A. Agreement, and to limit any further uses and/or disclosures to the purposes that make return or destruction of the PHI infeasible. This Section 6.2 shall survive any termination or expiration of this B.A. Agreement. 7. MISCELLANEOUS [Important for legal purposes and clarity] 7.1 Change in Law. The Parties agree to negotiate to amend this B.A. Agreement as necessary to comply with any amendment to any provision of HIPAA or its implementing regulations set forth at 45 C.F.R. parts 160 and 164, including, but not limited to, the Privacy Regulation, which materially alters either Party or both Parties’ obligations under this B.A. Agreement. 7.2 Construction of Terms. The terms of this B.A. Agreement shall be construed in light of any applicable interpretation or guidance on HIPAA and/or the Privacy Regulation issued by HHS or the Office of Civil Rights (“OCR”) from time to time. 7.3 No Third Party Beneficiaries. Nothing in this B.A. Agreement shall confer upon any person other than the parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever. [OPTION 1 7.4 Contradictory Terms. Any provision of the Underlying Agreement that is directly contradictory to one or more terms of this B.A. Agreement (“Contradictory Term”) shall be superceded by the terms of this B.A. Agreement as of the Amendment Effective Date to the extent and only to the extent of the contradiction, only for the purpose of Covered Entity’s compliance with the Privacy Rule and only to the extent that it is reasonably impossible to comply with both the Contradictory Term and the terms of this B.A. Agreement.] 6 \\\DC - 67908/0004 - 1678033 v1 IN WITNESS WHEREOF, each of the undersigned has caused this B.A. Agreement to be duly executed in its name and on its behalf effective as of , 200_. COVERED ENTITY BUSINESS ASSOCIATE By: By: Print Name: Print Name: Print Title: Print Title: Date: Date:
If you want to remove Business Associate Agreement Form from this website please contact us providing the reasons together with this url: https://formsarchive.com/business-associate-agreement-form/