Business Associate Agreement (Page 2 of 3) in pdf

(k) Incorporate any amendments or corrections to PHI when notified by Customer or

enter into a Business Associate Agreement or other necessary Agreements to comply

with HIPAA.

3. Termination Upon Breach of Provisions. Notwithstanding any other provision of this

Agreement, Covered Entity may immediately terminate this Agreement if it determines that

Business Associate breaches any term in this Agreement. Alternatively, Covered Entity may give

written notice to Business Associate in the event of a breach and give Business Associate five (5)

business days to cure such breach. Covered Entity shall also have the option to immediately stop

all further disclosures of PHI to Business Associate if Covered Entity reasonably determines that

Business Associate has breached its obligations under this Agreement. In the event that

termination of this Agreement and the Agreement is not feasible, Business Associate hereby

acknowledges that the Covered Entity shall be required to report the breach to the Secretary of

the U.S. Department of Health and Human Services, notwithstanding any other provision of this

Agreement or Agreement to the contrary.

4. Return or Destruction of Protected Health Information upon Termination. Upon the

termination of this Agreement, unless otherwise directed by Covered Entity, Business Associate

shall either return or destroy all PHI received from the Covered Entity or created or received by

Business Associate on behalf of the Covered Entity in which Business Associate maintains in

any form. Business Associate shall not retain any copies of such PHI. Notwithstanding the

foregoing, in the event that Business Associate determines that returning or destroying the

Protected Health Information is infeasible upon termination of this Agreement, Business

Associate shall provide to Covered Entity notification of the condition that makes return or

destruction infeasible. To the extent that it is not feasible for Business Associate to return or

destroy such PHI, the terms and provisions of this Agreement shall survive such termination or

expiration and such PHI shall be used or disclosed solely as permitted by law for so long as

Business Associate maintains such Protected Health Information.

5. No Third Party Beneficiaries. The parties agree that the terms of this Agreement shall apply

only to themselves and are not for the benefit of any third party beneficiaries.

6. De-Identified Data. Notwithstanding the provisions of this Agreement, Business Associate

and its subcontractors may disclose non-personally identifiable information provided that the

disclosed information does not include a key or other mechanism that would enable the

information to be identified.

7. Amendment. Business Associate and Covered Entity agree to amend this Agreement to the

extent necessary to allow either party to comply with the Privacy Standards, the Standards for

Electronic Transactions, the Security Standards, or other relevant state or federal laws or

regulations created or amended to protect the privacy of patient information. All such

amendments shall be made in a writing signed by both parties.

8. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that

permits Covered Entity to comply with the then most current version of HIPAA and the HIPAA

privacy regulations.

9. Definitions. Capitalized terms used in this Agreement shall have the meanings assigned to

them as outlined in HIPAA and its related regulations.

2 |

P a g e

Business Associate Agreement Page 2