Business Associate Agreement This Agreement may require the exchange of information covered by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). A Business Associate Agreement (“BAA”) executed by the Parties is attached as Appendix [Letter C/D/E etc.].
Business Associate Addendum The Parties acknowledge and agree that Medical Practice is a Covered Entity and Modernizing Medicine is a Business Associate under HIPAA and each Party shall comply with the Party’s respective obligations under HIPAA. Without limiting the foregoing, each Party shall comply with the Business Associate Addendum attached to these Terms and Conditions as Exhibit A (the “Business Associate Addendum”). The Business Associate Addendum is hereby incorporated into this Agreement.
ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (“Agreement”) is entered into by and between the State of Vermont Agency of Human Services, operating by and through its Department of Vermont Health Access (“Covered Entity”) and OptumInsight, Inc. (“Business Associate”) as of June 6, 2014 (“Effective Date”). This Agreement supplements and is made a part of the contract/grant to which it is attached. Covered Entity and Business Associate enter into this Agreement to comply with standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:
Business Associate Contract A. GENERAL PROVISIONS AND RECITALS
Business Associate’s Agents To ensure that any agents, including subcontractors, to whom Business Associate provides PHI received from or created or received by Business Associate on behalf of County, agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI, including implementation of reasonable and appropriate administrative, physical, and technical safeguards to protect such PHI; and to incorporate, when applicable, the relevant provisions of this Addendum into each subcontract or subaward to such agents or subcontractors.
Business Associate “Business Associate” shall have the same meaning as the term “business associate” at 45 C.F.R. 160.103, and shall refer to Contractor.
Business Associate Obligations Business Associate agrees to comply with applicable federal confidentiality and security laws, specifically the provisions of the HIPAA Rules and the HITECH Act applicable to business associates, including:
Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.
Permitted Uses and Disclosure by Business Associate (1) General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
Confidentiality Privacy FTIS shall keep the Confidential Information (as defined in Section 16(a) below) of the Investment Company in confidence and will not use or disclose or allow access to or use of such Confidential Information except (A) as appropriate in connection with activities contemplated by this Agreement; (B) as required pursuant to a court order, subpoena, governmental or regulatory or self-regulatory authority or agency, law, regulation, or binding discovery request in pending litigation (provided the receiving party will provide the other party written notice of such requirement, to the extent such notice is permitted, and subject to proper jurisdiction, if applicable); (C) as requested by a governmental, regulatory or self-regulatory authority or agency in connection with an inquiry, examination, audit or other review; or (D) the information or data is relevant and material to any claim or cause of action between the parties or the defense of any claim or cause of action asserted against FTIS.
