Common use of Business Associate Agreements and State Confidentiality Statues Clause in Contracts

Business Associate Agreements and State Confidentiality Statues. DHS is a covered entity pursuant to the Health Insurance Portability and Accountability of 1996, 42 U.S.C.A. §1320d et seq. (HIPAA); 45 CFR Parts 160 and 164. Before a Provider Agency obtains or is permitted to access to, create, maintain or store Protected Health Information (PHI) as part of its responsibility under this contract, the Provider Agency shall first execute a Department of Human Services Business Associate Agreement (BAA). A Provider Agency, whose work under this Contract does not involve PHI is not required to execute a BAA. DHS shall have the sole discretion to determine when a Provider Agency’s work will involve PHI. Protected Health Insurance shall have the same meaning as in 45 CFR 160.103. Provider Agencies that enter any subcontract where the work for the subcontract involves a Consumer’s PHI shall require its subcontractor to execute a BAA that meets all the requirements of HIPAA, including those in 45 CFR 164.504(e). A standard form of BAA is available for Provider Agency’s use from the Department. If the BAA is breached by the Provider Agency, or its subcontractor, the Provider Agency shall notify the Department within 24 hours of the breach. The Department may, in its sole discretion and at any time, request a BAA compliance audit or investigation of the Provider Agency or its subcontractor with which the Provider Agency has entered into a BAA. The Provider Agency shall cooperate with all Department requests for a BAA compliance audit and/or investigation and shall require that its subcontractor cooperate with all Departmental requests for BAA compliance audits and investigations. In addition to the confidentiality requirements of HIPAA if applicable, a Provider Agency shall maintain the confidentiality of all certificates, applications, records and reports (“Records”) that directly or indirectly identify any consumer and shall not disclose these records except where disclosure is consistent with applicable DHS regulations, the BAA, if any, and is:

Business Associate Agreements and State Confidentiality Statues. DHS DCF is a covered entity pursuant to the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C.A. §1320d et seq. (HIPAA); 45 CFR Parts 160 and 164. Before a Provider Agency obtains or is permitted to access toaccess, to create, maintain or store Protected Health Information (PHI) as part of its responsibility under this contractContract, the Provider Agency shall first execute a Department of Human Services Children and Families Business Associate Agreement (BAA). A Provider Agency, whose work under this Contract does not involve PHI is not required to execute a BAA. DHS DCF shall have the sole discretion to determine when a Provider Agency’s work will involve PHI. Protected Health Insurance shall have the same meaning as in 45 CFR 160.103. Provider Agencies that enter any subcontract where the work for the subcontract involves a Consumeran individual’s PHI shall require its subcontractor to execute a BAA that meets all the requirements of HIPAA, including those in 45 CFR 164.504(e). A standard form of BAA is available for a Provider Agency’s use from the Department. If the BAA is breached by the Provider Agency, or its subcontractor, the Provider Agency shall notify the Department within 24 hours of the breach. The Department may, in its sole discretion and at any time, request a BAA compliance audit or investigation of the Provider Agency or its subcontractor with which the Provider Agency has entered into a BAA. The Provider Agency shall cooperate with all Department requests for a BAA compliance audit and/or investigation and shall require that its subcontractor cooperate with all Departmental requests for BAA compliance audits and investigations. In addition to the confidentiality requirements of HIPAA HIPAA, if applicable, a Provider Agency shall maintain the confidentiality of all certificates, applications, records and reports (“Records”) that directly or indirectly identify any consumer individual and shall not disclose these records Records except where disclosure is consistent with applicable DHS regulations, Department statute and regulations and the BAA, if any, and is:.

Business Associate Agreements and State Confidentiality Statues. DHS is a covered entity pursuant to the Health Insurance Portability and Accountability of 1996, 42 U.S.C.A. §1320d et seq. (HIPAA); 45 CFR Parts 160 and 164. Before a Provider Agency obtains or is permitted to access to, create, maintain or store Protected Health Information (PHI) as part of its responsibility under P2.01 Attachment 1 this contract, the Provider Agency shall first execute a Department of Human Services Business Associate Agreement (BAA). A Provider Agency, whose work under this Contract does not involve PHI is not required to execute a BAA. DHS shall have the sole discretion to determine when a Provider Agency’s work will involve PHI. Protected Health Insurance shall have the same meaning as in 45 CFR 160.103. Provider Agencies that enter any subcontract where the work for the subcontract involves a Consumer’s PHI shall require its subcontractor to execute a BAA that meets all the requirements of HIPAA, including those in 45 CFR 164.504(e). A standard form of BAA is available for Provider Agency’s use from the Department. If the BAA is breached by the Provider Agency, or its subcontractor, the Provider Agency shall notify the Department within 24 hours of the breach. The Department may, in its sole discretion and at any time, request a BAA compliance audit or investigation of the Provider Agency or its subcontractor with which the Provider Agency has entered into a BAA. The Provider Agency shall cooperate with all Department requests for a BAA compliance audit and/or investigation and shall require that its subcontractor cooperate with all Departmental requests for BAA compliance audits and investigations. In addition to the confidentiality requirements of HIPAA if applicable, a Provider Agency shall maintain the confidentiality of all certificates, applications, records and reports (“Records”) that directly or indirectly identify any consumer and shall not disclose these records except where disclosure is consistent with applicable DHS regulations, the BAA, if any, and is: