Sample Business Associate Agreement - Agreement With Business Associate
ADVERTISEMENT
1
2
3
4
5ATTACHMENT 2
SAMPLE BUSINESS ASSOCIATE AGREEMENT
AGREEMENT WITH BUSINESS ASSOCIATE
This (“Agreement”) is effective upon full execution, by and between {Insert Operating Company
Name} _________________________________ (“Business Associate”) and {Insert Group Health Plan
Name} _________________________________ (“Group Health Plan”).
Group Health Plan and Business Associate mutually agree to comply with the requirements of the Health
Insurance Portability and Accountability Act of 1996 and its implementing regulations (45 C.F.R. Parts
160-164) and any applicable state privacy laws.
Privacy of Protected Health Information and Nonpublic Personal Financial Information.
Permitted Uses and Disclosures.
Business Associate (and any subcontractor or agent) is
1.
permitted or required to use or disclose Protected Health Information (“PHI") it creates for or receives
from Group Health Plan only as follows:
a) Functions and Activities on Group Health Plan’s Behalf. Business Associate is permitted to use
and disclose the minimum necessary PHI created for or received from Group Health Plan solely
as necessary to perform its obligations to Group Health Plan as set forth in the Agreement.
b) Business Associate’s Operations. Business Associate may use the minimum necessary PHI
created for or received from Group Health Plan solely as necessary for Business Associate’s
proper management and administration or to carry out Business Associate’s legal responsibilities
under the Agreement. Business Associate may disclose such minimum necessary PHI only as
necessary for Business Associate’s proper management and administration or to carry out
Business Associate’s legal responsibilities under the Agreement only if:
(i)
The disclosure is required by law; or
(ii)
Business Associate obtains reasonable assurance, evidenced by written contract, from
any person or organization to which Business Associate will disclose such PHI that the
person or organization will:
(aa) Hold such PHI in confidence and use or further disclose it only for the purpose for which
Business Associate disclosed it to the person or organization or as required by law; and
(bb) Notify Business Associate (who will in turn promptly notify Group Health Plan) of any
instance of which the person or organization becomes aware of any non-permitted use or
disclosure or [BJF Addition.] in which the confidentiality of such PHI was breached.
2. Prohibition on Unauthorized Use or Disclosure. Business Associate will neither use nor disclose
PHI it creates for or receives from Group Health Plan or from another Business Associate of Group
Health Plan, except as permitted or required by this Addendum or as required by law or as otherwise
permitted in writing by Group Health Plan.
3. Information Safeguards. Business Associate will use reasonable and appropriate [BJF addition]
,
administrative, technical and physical safeguards
in compliance with Social Security Act § 1173(d)
(42 U.S.C. § 1320d-2(d)), 45 C.F.R. § 164.530(c) and any other applicable implementing regulations
issued by the U.S. Department of Health and Human Services to preserve the integrity, confidentiality
and availability of and to prevent unauthorized or prohibited use or disclosure of PHI created for or
received from Group Health Plan.
4. Sub-Contractors and Agents. Business Associate will require its subcontractors and agents, to
which Business Associate is permitted by this Addendum or in writing by Group Health Plan to
disclose any of the PHI Business Associate creates for or receives from Group Health Plan, to
provide reasonable assurance, evidenced by a written contract, that subcontractor or agent will
1
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business