BUSINESS ASSOCIATE AGREEMENT FOR HIPPA COMPLIANCE
Step
1
of
7
14%
BUSINESS ASSOCIATE AGREEMENT FOR HIPPA COMPLIANCE
This Business Associate Agreement ("Agreement") is made effective the on the day of execution of this contract, organized and existing under and by virtue of the laws of the State of MI, whose principal office is located at hereinafter referred to as "Covered Entity", and
RENAISSANCE INTERACTIVE MEDIA GROUP, LLC,
hereinafter referred to as "Business Associate") individually, a 'Party" and collectively, the "Parties").
WITNESSETH:
WHEREAS, Section 261 through 264 of the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, known as "the Administrative Simplification provisions," direct the Department of Health and Human Services to develop standards to protect the security, confidentiality and integrity of health information; and
WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and Human Services has issued regulations modifying the 45 CFT Parts 160 and 164 (the "HIPAA Security and Privacy Rule"); and
WHEREAS, the Parties have entered into an arrangement whereby Business Associate will provide certain services to Covered Entity, and, pursuant to such arrangement, Business Associate may be considered a "business associate" of Covered Entity as defined in the HIPAA Security and Privacy Rule (the agreement evidence such arrangement is reflected in a written agreement designated as 'Medical Services Agreement" dated as of
WHEREAS, the Health Information Technology for Economic and clinical Health Act ("HITECH ACT"), Title VIII of the American Recovery and Reinvestment Act of 209, Pub. L. 111-5, modified the HIPAA Security and Privacy Rule; and
WHEREAS, the Parties have entered into an arrangement whereby Business Associate will provide certain services to Covered Entity, and, pursuant to such arrangement, Business Associate may be considered a "business associate" of Covered Entity as defined in the HIPAA Security and Privacy Rule (the agreement evidence such arrangement is reflected in a written agreement designated as 'Medical
Services Agreement" dated as of
*
MM slash DD slash YYYY
, and is hereby referred to the ("Business Agreement"); and
WHEREAS, Business Associate may have access to Protected Health Information or Electronic Protected Health Information (as defied below) in fulfilling its responsibilities under the aforesaid Business Agreement;
THEREFORE, in consideration of the Parties' continuing obligations under the Business Agreement, compliance with the HIPAA Security and Privacy Rule as modified by the HITECH ACT, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the provisions of this Agreement in order to address the requirements of the HIPAA Security and Privacy Rule, as modified by the HITECH Act, and to protect the interests of both Parties.
I
DEFINITIONS
Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions set forth in the HIPAA Security and Privacy Rule, as modified by the HITECH Act.
The term "Protected Health Information" means individually identifiable health information including, without limitation, all information, data, documentation, and materials, including without limitation, demographic,, medical and financial information, that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual or with respect to which there is reasonable basis to believe the information can be used to identify the individual that is not public. "Protected Health Information" includes, without limitation, “Electronic Protected Health Information, “as defined below.
The Term "Electronic Protected Health Information" means Protected Health Information which is transmitted by Electronic Media (as defined in the HIPAA Security and Privacy Rule) or maintained in Electronic Media.
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
The term "Unsecured Protected Health Information" means Protected Health Information which has not been rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of technologies or methodologies identified by the U.S. Department of Health and Human Services ("DHHS").
II. COORDINATION WITH HIPAA SECURITY AND PRIVACY RULE
In the event of an inconsistency between the provisions of this Agreement and mandatory provisions of the HIPAA Security and Privacy Rule, as amended, the HIPAA Security and Privacy Rule in effect at the time shall control. Where provisions of this Agreement are different than those mandated in the HIPAA Security and Privacy Rule, but are nonetheless permitted by the HIPAA Security and Privacy Rule, the provisions of this Agreement shall control.
The Parties agree that, in the event that any documentation of the arrangement pursuant to which Business Associate provides services to Covered Entity contains provisions relating to the use or disclosure of Protected Health Information that are more restrictive than the provisions of this Agreement, the provisions of the more established the minimum requirements regarding Business Associate's use and disclosure of Protected Health Information.
III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
(a) Business Associate acknowledges and agrees that all Protected Health Information that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity's behalf shall be subject to this Agreement.
(b) Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by this Agreement or as required by law. Business Associate agrees to implement the administrative, physical, and technical safeguards set forth in Sections 164.308, 164.310, and 164.312 of the HIPAA Security Rule reasonably necessary to protect the confidentiality, security, integrity and availability of the Protected Health Information Business Associate receives, creates, maintains or transmits on behalf of Covered Entity. Business Associate further agrees to adopt and implement reasonable and appropriate policies and procedures pursuant to Section 164.316 of the HIPAA Security Rule to enable Business Associate to comply with the requirements of Sections 164.308, 164.310, and 164.312 of the HIPAA Security Rule.
(c) Until such time as DHHS issues final regulations pursuant to the HITECH Act defining what constitutes the "minimum necessary" for purposes of the HIPAA Security and Privacy Rule, Business Associate shall only use, access, request or disclose Protect Health Information contained in a limited data set (as defined in the HIPPA Security and Privacy Rule(, to the extent practical, unless the use, access to request for, or disclosure of additional Protected Health Information is necessary to accomplish the intend and permitted purpose of such use, access, request or disclosure. In the even Protected Health Information in excess of that contained in the limited data set is necessary to accomplish the intended purpose of the disclosure, Business Associate shall only disclose the minimum amount of Protected Health Information necessary to accomplish the intended purpose of the permitted use, access, request or disclosure. At such time as final regulations issued by DHHS pursuant to the HITECH Act defining what constitutes the "minimum necessary" for purposes of the HIPAA Security and Privacy Rule become effected, Business Associate shall only use, access, request or disclose Protect Health Information in accordance with such final regulations.
(d) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of Protected Health Information other than as provided for by this Agreement. Business Associate will implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of any Electronic Protected Health Information that is creates, receives, maintains, or transmits on behalf of Covered Entity as required by the HIPAA Security and Privacy Rule.
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
(e) Business Associate agrees to train its employees, agents, representatives, and subcontractors regarding the policies and procedures adopted and implemented pursuant to the HIPAA Security and Privacy Rule prior to allowing such employees, agents, representatives and subcontractors to have access to any Protected Health Information created, received, maintained, or transmitted on behalf of Covered Entity.
(f) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
(g) Business Associate agrees to report to Covered Entity's Privacy Officer, by telephone or in writing, any use or disclosure of Protected Health Information not provided for by this Agreement of which Business Associate becomes aware within two (2) business days of Business Associate becoming aware of such use or disclosure. Business Associate shall immediately report to Covered Entity any Security Incident of which is becomes aware within two (2) business days of Business Associate becoming aware of such Security Incident. For purposes of this Agreement, "Security Incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
(h) Business Associate agrees to ensure that any agent, including a subcontractor, to whim it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
(i) Business Associate agrees to comply with any requests for restrictions on disclosures of Protected Health Information to which Covered Entity has agreed pursuant to Section 164.522 of the HIPAA Security and Privacy Rule and of which agrees to comply with any individual's request, notwithstanding the provisions of Section 164.522(a)(1)(ii) of the HIPAA Security and Privacy Rule, to restrict disclosure of Protected Health Information to a health plan for purposes of carrying out payment or health care operations if the Protected Health Information pertains solely to an item or service for which the health care provider involved has been paid by the individual or the individual's representative out of pocket in full.
(j) If Business Associate maintains a designated record set on behalf of Covered Entity, Business Associate agrees to permit within 10 days of a request an individual to inspect or copy Protected Health Information contained in that set about the individual under conditions and limitations required under Section 164.524 of the HIPAA Privacy Rule, as it may be amended from time to time.
(k) If Business Associate maintains a designated record set on behalf of Covered Entity, Business Associate agrees to make Protected Health Information available for amendment and incorporate any amendments to Protected Health Information available for amendment and incorporate any amendments to Protected Health Information in accordance with the requirements of Section 164.526 of the HIPAA Privacy Rule, as it may be amended from time to time.
(l) Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of Protected Health Information receive from, or created or received by Business Associate on behalf of, Covered Entity, available to Covered Entity, or, at the request of Covered Entity, to the Secretary of Health and Human Services for purse of determining Covered Entity's compliance with the HIPAA Security and Privacy Rule, in a time and manner designated by Covered Entity or the Secretary.
(m) Business Associate agrees to document any disclosures of and make Protected Health Information available for purposes of accounting or disclosures, as required by Section 164.528 of the HIPAA Privacy Rule, as it may be amended form time to time.
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
IV. OBLIGATIONS OF COVERED ENTITY
(a) Upon request of Business Associate, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with Section 164.520 of the HIPAA Privacy Rule.
(b) Covered Entity shall notify Business Associate of any restrictions to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with Section 164.522 of the HIPAA Privacy Rule, and Covered Entity shall inform Business Associate of the termination of any such restriction, and the effect that such termination shall have, if any, upon Business Associate's use and disclosure of such Protected Health Information.
(c) Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, if such changes affect Business Associate's permitted or required use and disclosures.
V. TERM AND TERMINATION
(a)
Term
. The Term of this Agreement shall be effected as of the date first written above, and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions of this Section.
(b)
Termination for Cause.
Upon Covered Entity's knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall have the right to immediately terminate this Agreement and the Business Agreement. If termination is not feasible, Covered Entity shall report such violation to the Secretary of the Department of Health and Human Services.
(c)
Effect of Termination.
(i) Except as provided in paragraph (ii) of this subsection, upon termination of this Agreement, the Business Agreement or upon request of Covered Entity, whichever occurs first, Business Associate shall within 10 days return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Neither Business Associate nor its subcontractors or agents shall retain copies of the Protected Health Information.
(ii) In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide within 10 days to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.
Vl. MISCELLANEOUS
(a)
Indemnification
. Business Associate shall indemnify and hold the Covered Entity harmless from and against all claims, liabilities, judgments, fines, assessments, penalties, awards, or other expenses, of any kind or nature whatsoever, including, without limitations, attorneys' fees, expert witness fees, and costs of investigation, litigation or dispute resolution, relating to or arising out of any breach or alleged breach of this agreement by Business Associate or subcontractors or agents of Business Associate.
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
(b)
Disclaimer.
Covered Entity makes no warranty or representation that compliance by Business Associate with this Agreement or the HIPAA Security and Privacy Rule will be adequate or satisfactory for Business Associate's own purposes. Business Associate is solely responsible for all decisions made by Business Associate regarding the safeguarding of Protected Health Information.
(c)
Survival.
The obligations of Business Associate shall survive the expiration, termination, or cancellation of this Agreement, the Business Agreement and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors and assigns as set forth herein.
(d)
No rights in Third Parties.
Except as expressly stated herein or in the HIPAA Security and Privacy Rule, the Parties to this Agreement do not indent to create any rights in any third parties.
(e)
Amendment.
This Agreement may be amended or modified only in a writing signed by the Parties. The Parties agree that this Agreement will be automatically amended to conform to any changes in the HIPAA Security and Privacy Rule as in necessary for a Covered Entity to comply with the current requirements of the HIPAA Security and Privacy rule and the Health Insurance Portability and Accountability Act, Public Law 104-191.
(f)
Assignment.
No Party may assign its respective rights and obligations under this Agreement without the prior written consent of the other Party.
(g)
Independent Contractor.
None of the provisions of this Agreement are indented to create, nor will they be deemed to create, any relationship between the Parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Agreement and any other agreements between the Parties evidencing their business relationship.
(h)
Governing Law.
This Agreement will be governed by the laws of the State of Florida
(i)
No Waiver.
No change, waiver or discharge of any liability or obligation hereunder on any one or more occasions shall be deemed a waiver or performance of any continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion.
(j)
Interpretation.
Any ambiguity of this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Security and Privacy Rule.
(k)
Severability.
In the event that any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the remained of the provisions of this Agreement will remain in full force and effect.
(l)
Notice.
Any notification required in this Agreement shall be made in writing to the representative of the other Party who signed this Agreement or the person currently serving in that representative's position with the other Party.
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date hereof.
COVERED ENTITY:
Client Name
Red Spot Interactive
Print Name
Client Signature
*
Signature
*
Title
Name and Title: Jason Tuschman, CEO
Date
MM slash DD slash YYYY
Date
MM slash DD slash YYYY
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
CLIENT PRIMARY CONTACT INFORMATION
Contact Name:
Phone Number:
Address:
E-mail Address
City
State
AK
AL
AZ
AR
CA
CO
CT
DE
FL
GA
HI
ID
IL
IN
IA
KS
KY
LA
ME
MD
MA
MI
MN
MS
MO
MT
NE
NV
NH
NJ
NM
NY
NC
ND
OH
OK
OR
PA
RI
SC
SD
TN
TX
UT
VT
VA
WA
WV
WI
WY
Zip
Website
Fax Number
Client Initials
PAYMENT INFORMATION
Payment is accepted by Major Credit Card or Electronic Check Only
credit card information
Cardholder Name (as appears on card):
Credit Card Information:
Amex
Discovery
Visa
Master Card
Billing Address: (if different from above):
Card Number:
City
State
AK
AL
AZ
AR
CA
CO
CT
DE
FL
GA
HI
ID
IL
IN
IA
KS
KY
LA
ME
MD
MA
MI
MN
MS
MO
MT
NE
NV
NH
NJ
NM
NY
NC
ND
OH
OK
OR
PA
RI
SC
SD
TN
TX
UT
VT
VA
WA
WV
WI
WY
Zip
Phone:
CVV# (3-4 digits on front or back of card):
Expiration Date:
MM slash DD slash YYYY
E-CHECK INFORMATION
Name on Account
Account Number
Routing Number
Name of Bank
Checking
Savings
Renaissance Interactive Media Group, LLC., DBA Red Spot Interactive
1001 Jupiter Park Dr. Suite 124, Jupiter, Florida 33458
Fax: (866) 259-6162, Phone: (561) 277-8465
Client Initials
*
