Business Associate Addendum For Healthcare Facilities

BUSINESS ASSOCIATE ADDENDUM

_____________________________ [insert client’s name] (“Covered Entity”) and Accounts Receiv-

able Management Systems, Inc. dba QUE Financial Serviceware Technologies (“Business Associate”)

hereby enter this Business Associate Addendum, effective ______________, 2003 (“Effective Date”),

which shall amend the Parties’ ______________________ [insert name of contract], dated

__________________ [insert date of contract], (“Agreement”), as follows.

Covered Entity has determined that it is a “covered entity” as defined by the Health

Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Pursuant to the Agreement, Business Associate performs services for Covered Entity

that involve the use or disclosure of “protected health information” of patients or clients of Covered

Entity (“PHI”). In light of these services, the parties have determined that Business Associate is a

“business associate,” as defined by HIPAA, of Covered Entity.

The parties now desire to enter this Business Associate Addendum to document their

agreement to comply with HIPAA and Business Associate’s satisfactory assurances to safeguard the

PHI it uses or discloses in connection with services under the Agreement.

NOW THEREFORE, in consideration of the mutual promises contained herein and for other good

and valuable consideration, the parties hereby agree to amend the Agreement as follows:

1. HIPAA Compliance. The parties agree to comply with HIPAA and to negotiate in good

faith amendments to this Business Associate Addendum that become reasonably necessary during the

term of the Agreement to ensure continuing compliance with HIPAA.

2. Use and Disclosure of PHI.

2.1.

Definition of PHI. PHI shall have the same meaning herein as the term “pro-

tected health information” in 45 CFR § 164.501, which includes information relating to the past, present,

or future physical or mental health or condition of any identifiable patient, healthcare of such indi-

vidual, or payment for provision of healthcare of such individual.

2.2.

Permissible Uses and Disclosures. Business Associate may use or disclose

PHI for the following purposes:

2.2.1. To perform Business Associate’s duties under the Agreement;

2.2.2. For Business Associate’s management and administration purposes or

to carry out the legal responsibilities of Business Associate; provided, however, that (i) Business

Associate will disclose only “de-identified” PHI, as defined by HIPAA, for marketing purposes; and

(ii) any other disclosure of PHI by Business Associate to a third-party will be required by law or

disclosed only after the third-party provides reasonable assurances to Business Associate that the

PHI will be held confidentially and used or disclosed only for the purpose requested or as required

Page 2 of 5

Business Associate Addendum For Healthcare Facilities - 2003 Page 2