Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Law

[---- Company] ____________ Group Health Plan Master Business Associate Addendum

advertisement 
Policy Document 11
Master Business Associate Addendum
Human Resources
Health Insurance Portability and Accountability Act
[---- Company]
____________ Group Health Plan
Master Business Associate Addendum
This Addendum states additional terms and conditions to the _______________ Agreement
(“the Agreement”), dated ________, by and between [---- Company], a ___________corporation
(“Western Michigan University”) [or ____Plan, if the Plan is the contracting party], and
______________, a _____________ corporation (“second reference to name” or “Business
Associate”).
Recitals
Western Michigan University ___________ Group Health Plan is a Covered Entity within the
meaning of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
[Second Reference to name] provides [describe the services provided] services to [or performs
___________ functions on behalf of] the [Plan].
Providing those services [Performing those functions] requires [Second Reference to name] to
have access to, generate, use or disclose Protected Health Information (“PHI”). [Second
Reference to name] is, accordingly, a Business Associate of the [Plan].
This Business Associate Addendum is entered into in order to comply with the requirements of
the final privacy regulations issued pursuant to HIPAA (the Privacy Rule).
Terms of Addendum
1. Definition of Terms.
Addendum.
“Addendum” or “this Addendum” shall mean this document and the terms
contained herein.
Agreement.
“Agreement” shall mean the ______________ Agreement of ___________,
referred to above.
Individual. “Individual” shall have the same meaning as the term “individual” in CFR § 164.501
and shall include a person who qualifies as a personal representative in accordance with 45 CFR
§ 164.502(g).
Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable
Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.
Protected Health Information. “Protected Health Information” shall have the same meaning as
the term “protected health information” in 45 CFR § 164.501, limited to the information created
or received by Business Associate from or on behalf of Covered Entity.
1 of 6
Master Business Associate Addendum
Required By Law. “Required by law” shall have the same meaning as the term “required by law”
in 45 CFR § 164.501.
When any other term defined in the Privacy Rule is used in this Addendum, the term shall have
the same meaning as defined in the Privacy Rule as it exists from time to time.
2. Rights and Obligations of Business Associate.
A. In providing services pursuant to the Agreement, Business Associate shall:
1. Use or disclose Protected Health Information (“PHI”) only as necessary to perform
its obligations under the Agreement and as permitted or required by this Addendum
or required by Law.
2. Use reasonable and appropriate safeguards to prevent access, use or disclosures
except as allowed by this Addendum or required by law and develop such written
policies and procedures as are necessary to implement the requirements of this
Addendum.
3. Promptly report to ___________ [designate Western Michigan University or Plan]
any access, use or disclosure of PHI not permitted by this Addendum of which
Business Associate becomes aware.
4. Mitigate, to the extent practicable, any harmful effect that results from any use or
disclosure of PHI in violation of this Addendum.
5. Within _______ days of receiving a written request from [Western Michigan
University or Plan], grant access to PHI in a Designated Record Set in order to
comply with the inspection and copying requirements of the Privacy Rule.
6. Within ______ days or receiving a written request from [Western Michigan
University or Plan], make available PHI necessary to enable [Western Michigan
University or Plan], to respond to a request by an individual for access to PHI about
the individual in a Designated Record Set.
7. Within _______ days of receiving a written request from [Western Michigan
University or Plan], incorporate any amendments or corrections to PHI in a
designated record set accordance with the Privacy Rule.
8. Within ________ days of receiving a written request from [Western Michigan
University or Plan], comply with any restrictions on the use or disclosure of PHI
agreed to by [Western Michigan University or Plan], in response to an
individual’s request.
9. Make available to the Secretary of the Department of Health and Human Services
Business Associate’s internal practices, books, and records relating to the use and
disclosure of PHI so that the Secretary may determine [Western Michigan
University or Plan], compliance with the Privacy Rule.
10. Maintain records documenting disclosures of PHI, including such information related
to each disclosure as necessary to enable [Western Michigan University or Plan],
AALIB:384444.1\000000-00000
07/17/16 1:59 PM
2 of 6
Master Business Associate Addendum
to respond to a request by an Individual for an accounting of disclosures of PHI in
accordance with the Privacy Rule. Business Associate shall provide [Western
Michigan University or Plan] with this documentation and information upon
request by [Western Michigan University or Plan]. Business Associate will
provide all such documentation to [Western Michigan University or Plan] within
30 days of the termination of the Agreement.
11. Provide services [or perform functions] in accordance with Michigan laws that are
not pre-empted by the Privacy Rule.
12. Maintain the security of PHI as required by the Privacy Rule and, if applicable, by
the HIPAA Transactions and Code Sets Final Regulations and, when they are
promulgated, the Final Security Regulations.
13. Maintain the confidentiality of [Western Michigan University or Plan]’s
confidential information or proprietary information that does not include PHI if and
as required by the Agreement. Nothing in this Addendum shall be construed to affect
either party’s rights or obligations under the Agreement relating to such confidential
or proprietary information.
14. Require any subcontractor or other third party to whom it gives access or discloses
PHI to agree in writing to the same restrictions and other terms and conditions
contained in this Addendum. Business Associate shall provide [Western Michigan
University or Plan] with a copy of said written agreement promptly upon receipt of
a written request.
B. Except as otherwise limited in this Addendum, Business Associate may use or disclose
PHI to perform functions, activities, or services for, or on behalf of, [Western Michigan
University or Plan] as specified in the Agreement, provided that such use or disclosure
would not violate the Privacy Rule if done by [Plan].
3. Obligations of [Western Michigan University or Plan].
A. [Western Michigan University or Plan]’s Notice of Information Practices in effect
from time to time will state that [Western Michigan University or Plan] may disclose
PHI for health care treatment, payment and operations purposes. Before the Effective
Date of the Privacy Rule, [Western Michigan University or Plan] will provide Business
Associate with a copy of the Notice of Information Practices that [Western Michigan
University or Plan] provides to individuals. [Western Michigan University or Plan]
will also provide Business Associate with a copy of any amendment to the notice before
it goes into effect.
B. [Western Michigan University or Plan] will give Business Associate reasonable notice
of any restriction on the use or disclosure of PHI that [Western Michigan University or
Plan] agrees to at the request of an individual.
C. [Western Michigan University or Plan] will notify the Business Associate of any
changes in, or withdrawal of, a consent or authorization to use or disclosed PHI provided
to [Western Michigan University or Plan] by Individuals.
AALIB:384444.1\000000-00000
07/17/16 1:59 PM
3 of 6
Master Business Associate Addendum
D. [Western Michigan University or Plan] will not request Business Associate to use or
disclose PHI in anyway that would violate the Privacy Rule if done by a covered entity.
4. Representations and Warranties.
Each party represents to the other that all employees, agents, representatives, and members of its
workforce who may provide services or perform functions in connection with this Addendum will
be appropriate informed of the terms and conditions of this Addendum and trained as required by
the Privacy Rule to enable the party to comply with the terms and conditions of this Addendum.
5. Term and Termination.
A. The Effective date of this Business Associate Addendum shall be _____________. This
Addendum will remain in effect as long as the Agreement between the parties remains in
effect.
B. [Western Michigan University or Plan] may terminate the Agreement and this
Addendum upon a material breach of the terms of this Addendum by Business Associate.
Upon the occurrence of such a material breach, [Western Michigan University or Plan]
may, at its election:
1. Notify Business Associate of the breach and give Business Associate _______ days
to cure. If [Western Michigan University or Plan] determines that cure has not
been accomplished, [Western Michigan University of Plan] may terminate the
Agreement effective immediately or upon such other date as it specifies; or
2. Terminate the Agreement and this Addendum either immediately or on a later date so
specified.
C. Effect of Termination.
1. Except as otherwise provided in paragraph 5.C.2 below, upon termination of this
Addendum, Business Associate shall promptly either return or destroy all PHI
received, generated, used or maintained by Business Associate pursuant to the
Agreement between the parties as directed by [Western Michigan University or
Plan]. For purposes of this Addendum, “return” includes providing the services and
taking the actions, if any, specified in the Agreement to convert or transfer data
containing PHI to a successor vendor before destroying PHI remaining in Business
Associate’s possession. Business Associate shall retain no copies of PHI. Business
Associate shall promptly provide certification of destruction upon request by
[Western Michigan University or Plan].
2. If Business Associate believes that return or destruction of PHI by Business
Associate or a subcontractor or other third party to whom its has given access or
disclosed PHI is not feasible, Business Associate shall promptly notify [Western
Michigan University or Plan] of this and of the reasons why return or destruction is
not feasible. In this circumstance, Business Associate shall continue to be bound by
the terms and conditions of this Addendum, except that use and disclosure shall be
limited to those purposes that make the return or destruction not feasible. Provided:
Business Associate may not take the position that return is not feasible if Business
Associate is obligated to return PHI under the Agreement.
AALIB:384444.1\000000-00000
07/17/16 1:59 PM
4 of 6
Master Business Associate Addendum
3. Business Associate will comply with paragraph 2.A.10 and provide to [Western
Michigan University or Plan] all documentation of disclosure of PHI.
6. Indemnification.
Business Associate agrees to indemnify, defend and hold harmless [Western Michigan
University and Plan] and their respective boards of trustees, officers, employees, agents and
members of its workforce from and against any and all claims, demands, suits, actions, costs
(including reasonable attorney’s fees), loss, liability or expense incurred as a result of any breach
of its obligations under this Addendum. For purposes of this Section, “breach” includes, by way
of illustration only, negligence, intentional acts, errors or and omissions by Business Associate or
its officers and directors, employees or subcontractors and other agents. Each party shall
promptly notify the other of its receipt of written threat of or actual claim, demand, suit or action.
7. Injunctive Relief.
[Western Michigan University or Plan] and Business Associate agree that in the event of a
breach or threatened breach by Business Associate or one of its subcontractors or other agents of
its duties and obligations with respect to PHI, [Western Michigan University or Plan] will be
irreparably and substantially harmed and that remedies at law will not be adequate. Accordingly,
Business Associate agrees that [Western Michigan University or Plan] shall be entitled to
immediate injunctive relief against such breach or threatened breach and Business Associate
consents to the granting of such relief. Injunctive relief shall be in addition to, and not limitation
of, any other legal and equitable relief available to [Western Michigan University or Plan]
under applicable law.
8. General Provisions.
A. Conflict. In event of a conflict between the terms and conditions of this Addendum and
the Agreement between the parties, the terms and conditions of this Addendum shall
control.
B. Construction. If this Addendum contains any ambiguity, the ambiguity shall be
resolved in a manner that allows [Western Michigan University or Plan] to comply
with the Privacy Rule. The parties have both had the opportunity to be represented by
counsel and to negotiate the terms and conditions of this Addendum. Accordingly, this
Addendum shall not be construed against a party because the party or its counsel drafted
the Addendum or the provision of it that is at issue.
C. Amendment. This Addendum may be amended upon mutual agreement of the parties in
writing. The parties recognize and agree that HIPAA and the Privacy Rule and other
final regulations issued pursuant to HIPAA have not yet been enforced by agencies
within the U.S. Department of Health and Human Services or interpreted by the courts.
The parties also recognize that HIPAA itself may be amended and that the Privacy Rule
and other HIPAA final regulations may be amended from time to time. If [Western
Michigan University or Plan] determines that any such enforcement, interpretation,
enactment, or amendment requires an amendment to this Business Associate Addendum
[Western Michigan University or Plan] will so notify Business Associate and provide
a proposed amendment to be consistent with the new requirement. Business Associate
will notify [Western Michigan University or Plan] in writing within thirty (30) days of
AALIB:384444.1\000000-00000
07/17/16 1:59 PM
5 of 6
Master Business Associate Addendum
receipt of the proposed amendment if it objects to the amendment. If no written objection
is timely received, the amendment shall be deemed to have been agreed to by the
Business Associate. If Business Associate does timely object, the parties will negotiate
in good faith to agree upon an amendment for another thirty (30) days. If no agreement is
reached, [Western Michigan University or Plan] may terminate the Agreement and this
Addendum on a date specified by sending written notice to Business Associate, subject,
however, to the provisions of paragraph 5.C.
D. Notice. Notices or reports to [Western Michigan University or Plan] required by this
Addendum shall be sent to the Privacy Officer designated by [Western Michigan
University or Plan] in writing from time to time, with a copy to the person(s) named
and employed by Western Michigan University in the notice provision of the Agreement.
Notices or requests to Business Associate required by this Addendum shall be sent to the
____________ of Business Associate, with a copy to the person(s) named and employed
by Business Associate in the notice provision of the Agreement.
E. No Third Party Beneficiary. This Addendum is entered into for the benefit of the parties
hereto and does not and should not be construed to confer any right or benefit on any
third party, including but not limited to individuals. NOTE—IF PRINCIPAL
AGREEMENT IS WITH WESTERN MICHIGAN UNIVERSITY, WE’LL WANT
TO SPECIFY THAT THIS ADDENDUM IS FOR THE BENEFIT OF THE
GROUP HEALTH PLAN AS THE COVERED ENTITY
F. Survival. The provisions of paragraphs 2.A.1, 2.A.3, 2.A.4, and 2.A.9 through 2.A.14,
paragraph 5.C, paragraphs 6, 7 and 8 shall survive termination of the Agreement and this
Addendum.
G. Governing Law. Anything to the contrary in the Agreement between the parties
notwithstanding, this Addendum shall be governed by Michigan law and may be
enforced by a court of competent jurisdiction in Michigan.
H. Jurisdiction and Venue. For purposes of enforcement of this Addendum, exclusive
jurisdiction and venue shall lie in a court of competent jurisdiction in the State of
Michigan.
I.
Effect on Agreement. Except as modified by the terms and conditions of this Addendum,
the terms and conditions of the Agreement are hereby ratified and affirmed.
In witness whereof, the parties have signed this Addendum.
Western Michigan University ____________ [Business Associate]
_______________________________
Signature
_______________________________
Name Typed
_______________________________
Title
_______________________________
______________________________
Signature
______________________________
Name Typed
______________________________
Title
______________________________
Date
AALIB:384444.1\000000-00000
07/17/16 1:59 PM
Date
6 of 6
Related documents
Fire Science – Associate Degree Program Objectives
Fire Science – Associate Degree Program Objectives
Guidelines for writing Project Report
Guidelines for writing Project Report
This report was generated by ... Michigan University. It is primarily a record of a... DISCLAIMER
This report was generated by ... Michigan University. It is primarily a record of a... DISCLAIMER
Name of Grant Program: Fund Code: Century Community – Supporting Additional
Name of Grant Program: Fund Code: Century Community – Supporting Additional
Feb. 11, 2008.
Feb. 11, 2008.
WESTERN MICHIGAN UNIVERSITY School of Social Work Student Comments Form
WESTERN MICHIGAN UNIVERSITY School of Social Work Student Comments Form
Download
advertisement