HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

Similar documents
Model Business Associate Agreement

Connecticut Multiple Listing Service, Inc.

KAISER FOUNDATION HOSPITALS ON BEHALF OF KAISER FOUNDATION HEALTH PLAN OF THE MID-ATLANTIC STATES, INC.

RETS DATA ACCESS AGREEMENT

Site Access Agreement. (hereinafter referred to as the

Archipelago Trading Services, Inc.

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

BUSINESS ASSOCIATE AGREEMENT

RAYTHEON COMPANY ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT

TRADING PARTNER AGREEMENT

WarrantyLink MASTER SERVICES AGREEMENT RECITALS

INDEPENDENT CONTRACTOR AGREEMENT

SAMPLE FORMS - CONTRACTS DATA REQUEST AND RELEASE PROCESS NON-DISCLOSURE AGREEMENT, Form (See Attached Form)

PODIATRY RESIDENCY RESOURCE, INC. END USER SOFTWARE LICENSE AGREEMENT. IMPORTANT-READ CAREFULLY BEFORE USING THE Podiatry Residency Resource SOFTWARE.

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

NON-TRANSFERABLE AND NON-EXCLUSIVE LICENSE AGREEMENT

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT

DATABASE AND TRADEMARK LICENSE AGREEMENT

You may owe fees for use of the App or the Services. Check with your Financial Institution for applicable rates.

1. THE SYSTEM AND INFORMATION ACCESS

Connectivity Services Information Document

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

CASH MANAGEMENT SERVICES MASTER AGREEMENT

INTERNET ADVERTISING AGREEMENT. THIS AGREEMENT made as of this day of, 2004.

CORPORATE FARE TERMS & CONDITIONS

SERVICE REFERRAL AGREEMENT

Provider Electronic Trading Partner Agreement

ACT, Inc. ( ACT ) and Customer agree as follows: Effective Date: August 8, 2017

ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT BETWEEN DIRECT SUBMITTER AND WELLPOINT, INC

DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

AMBASSADOR PROGRAM AGREEMENT

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

edelivery Agreement and Disclosure

ASSURANCE SYSTEMS INC. SUITE JIMMY CARTER BOULEVARD NORCROSS, GEORGIA TERMS OF SERVICE

JW PLASTIC SURGERY. Terms of Service

License Agreement. 1. Definitions. For purposes of this Agreement, the following terms have the following meanings:

Sacramento Public Library Authority

SDL Web Click Wrap DEVELOPER SOFTWARE AND DISTRIBUTION AGREEMENT RESTRICTED TO USE BY DEVELOPERS. Terms and Conditions

ASSETMARK TRUST COMPANY TOTALCASH MANAGER TM ACCESS AUTHORIZATION AGREEMENT

Midwest Real Estate Data, LLC. MRED Participant Agreement 1 DEFINITIONS AND USAGE. MRED S OBLIGATIONS. PARTICIPANT ACKNOWLEDGMENTS.

ALICE Terms of Use 1. Existence of Contract 2. Ability to Accept the Terms of this Agreement 3. Intellectual Property Rights

OPEN DESIGN ALLIANCE EVALUATION LICENSE AGREEMENT

AGILE RISK MANAGEMENT LLC MASTER SOFTWARE LICENSE AGREEMENT

EQUIPMENT LEASE ORIGINATION AGREEMENT

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

IRB RELIANCE EXCHANGE PORTAL AGREEMENT

MDP LABS SERVICES AGREEMENT

INDICATORS OF COMPLIANCE WITH STANDARDS FOR BIRTH CENTERS END USER LICENSE AGREEMENT

JOINT MARKETING AND SALES REFERRAL AGREEMENT

DRAFT. OCE Funding Agreement

OPEN TEXT PROFESSIONAL SERVICES AGREEMENT

END-USER LICENSE AGREEMENT

EMC Proven Professional Program

DATABASE SUBSCRIPTION SERVICES AND LICENSE AGREEMENT

Trust Italia S.p.A. OnSite SM Agreement

Massachusetts Clean Energy Technology Center

OTTO Archive, LLC CONTENT LICENSE AGREEMENT

Last revised: 6 April 2018 By using the Agile Manager Website, you are agreeing to these Terms of Use.

VISA Inc. VISA 3-D Secure Authentication Services Testing Agreement

Retail Electric Supplier Electronic Data Interchange (EDI) Trading Partner Agreement

Terms and Conditions Database License Agreement ( Agreement )

CoreLogic Matrix Terms of Use & Privacy Policy

Ownership of Site; Agreement to Terms of Use

Bookkeeping Service Agreement

Sales Order (Processing Services)

USTOCKTRAIN TRADING SIMULATOR TERMS AND CONDITIONS

LIBRARY LICENSE AGREEMENT - DATABASE

HIPAA DATA USE AGREEMENT

Digia Commerce Oy Ab SOFTWARE END USER LICENSE AGREEMENT

Software Support Terms and Conditions

SERVICE PROVIDER SECURITY AGREEMENT. Clemson University ( Clemson ) and. Vendor Name Here. ( Service Provider )

HITECH Omnibus Business Associate Agreement DU Hybrid CE ra FINAL

SELECT COUNSEL, INC. TERMS OF USE Effective as of October 25, 2016

CASELLE, INC. Software as a Service Agreement

the Notices section below.

License Agreement. 1.4 Named User License A Named User License is a license for one (1) Named User to access the Software.

BUSINESS ASSOCIATE AGREEMENT

Customized IDX RETS Solutions Data Information Sheet

Payroll Service Agreement

IMPORTANT READ CAREFULLY BEFORE INSTALLING OR USING THIS PRODUCT

(FULL LEGAL NAME OF SUBSCRIBER)

METER DATA MANAGEMENT SERVICES AGREEMENT BETWEEN AMEREN SERVICES COMPANY AND

ENT CREDIT UNION ELECTRONIC DEPOSIT AGREEMENT

Mobile Deposit User Agreement

TERMS OF SERVICE [CONSUMER]

Site Builder End User License Agreement

CLINICAL TRIAL AGREEMENT for INVESTIGATOR-INITIATED STUDY

Agreement for Net Metering and Interconnection Services (Level 1, 2 and 3 Interconnection)

Terms of Service. Last Updated: April 11, 2018

AWORKER WORK TOKEN PURCHASE AGREEMENT

SOFTWARE END USER LICENSE AGREEMENT

End User License Agreement

ZEN PROTOCOL SOFTWARE LICENSE

SOUTHERN CALIFORNIA EDISON COMPANY ENERGY SERVICE PROVIDER SERVICE AGREEMENT

MOTOROLA LICENSE AGREEMENT FOR MOTOROLA RADIO SERVICE SOFTWARE

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION PROGRAM PARTICIPATING MANUFACTURER AGREEMENT

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION PROGRAM PARTICIPATING MANUFACTURER AGREEMENT

DATA COMMONS SERVICES AGREEMENT

THIS SUBSCRIPTION AGREEMENT ( AGREEMENT ) GOVERNS YOUR 30-DAY FREE TRIAL OF THE SERVICES.

Transcription:

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT THIS PRIVACY AND SECURITY AGREEMENT ( Agreement ) is made effective as of, 20 (the Effective Date ) by and between Harvard Pilgrim Health Care, Inc., a Massachusetts corporation with a place of business at 93 Worcester Street, Wellesley, MA (hereinafter HPHC ) and [entity name], a [type of entity] with a place of business at [entity location] (hereinafter Contractor ) RECITALS WHEREAS, the parties recognize their legal obligation to protect the privacy and security of health information concerning individual persons; WHEREAS, the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ( HIPAA ) and regulations promulgated thereunder in Title 45, Parts 160 and 164 of the Code of Federal Regulations contemplate that payors, providers, providers Business Partners and others given access to such health information will enter into agreements with each other to maintain information security and protect the privacy of such health information; WHEREAS, the parties will be accessing or sharing such information in conjunction with a number of aspects of HPHC s relationship with providers, including without limitation claims submission and payment activities; and WHEREAS, the parties to this agreement will be accessing or sharing such information through a number of media, including without limitation electronic data interchange via secure File Transfer Protocol (FTP), Virtual Private Network (VPN), secure modems or various other electronic channels, and the Contractor will be responsible for managing and monitoring its user access. NOW THEREFORE, the parties, intending to be legally bound, agree as follows: 1. DEFINITIONS 1.1 Authorized Employees or Agents shall mean Contractor s employees and agents with a need to know Protected Information and who have been authorized by Contractor to have access to Protected Information. 1.2 Business Partner or Business Associate shall mean a person or entity (other than an employee of Contractor) that performs, or assists in the performance of a function or activity involving the use or disclosure of Protected Information, including without limitation claims processing or administration, data analysis, processing or administration, billing, or practice management, or a person or entity (other than an employee of Contractor) that provides legal, actuarial, accounting, consulting, management, administrative, or financial services to or for Contractor, where the provision of the service involves the disclosure of Protected Information. 1.3 Protected Information shall mean information obtained from HPHC, whether oral or 1

recorded in any form or medium, that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual, including demographic information collected from an individual, which information either identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Protected Information shall also include but not be limited to (whether or not specifically designated as confidential by HPHC) enrollment information, claims data, demographic data and any and all patient specific information and rate information or specific utilization information relating to clinical practices. 2. CONFIDENTIALITY AND SECURITY 2.1 Maintaining Confidentiality of Protected Information. Contractor shall not, without the prior written consent of HPHC: i. use or access any Protected Information except (i) in the conduct of its business as a provider of health care or (ii) as a Business Partner or Business Associate of a health care provider, and as provided herein; or ii. disclose any portion of the Protected Information to any persons or entities other than to Contractor s Authorized Employees, Business Partners, or Business Associates as provided herein. 2.2 Confidentiality Safeguards. Contractor shall use its best efforts, including employment of all reasonable safeguards, to prevent any use, access or disclosure of the Protected Information not authorized by this Agreement. Such safeguards shall include, but not be limited to: i. limiting Authorized Employees to those having a need to know such information, ii. limiting the number of Authorized Employees, iii.ensuring that access to such information of any Authorized Employee who is no longer employed by Contractor is terminated immediately upon their departure, iv. ensuring that Authorized Employees understand the obligations of Contractor under this Agreement, v. establishing a disciplinary policy for breach of confidentiality, vi. instituting appropriate password controls, vii.immediately notifying HPHC in the event Contractor has knowledge that any employee or agent has breached this Agreement. Contractor shall immediately notify HPHC of the identity of such individuals, the nature of the breach, and the action taken by Contractor. 2

2.3 Security Standards. Contractor further agrees that it shall employ all reasonable safeguards, including those safeguards Contractor takes to protect its own confidential information, to prevent any use, access or disclosure of the Protected Information that would result in a breach of this Agreement. With respect to Contractor s facilities where it creates, receives, maintains or transmits Protected Information, Contractor shall implement the administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of such Protected Information as required by, and as more specifically set forth in, the Final Security Regulations issued under HIPAA. Contractor will provide to HPHC copies of its confidentiality and information security policies upon the request of HPHC. In addition, Contractor will report in writing to HPHC, and to any state or federal authority as required by law, any security incident of which it becomes aware relating to a breach of security and/or privacy of the Protected Information including, but not limited to, any attempted or successful unauthorized use or disclosure of the Protected Information. 2.4 Practices for Information Security. HPHC has developed a list of security and confidentiality practices which Contractor may use to develop confidentiality and security procedures. You can find the list of security and confidentiality practices in the Requirements for EDI and Online Solutions chapter in the Harvard Pilgrim Provider Manual at www.harvardpilgrim.org/providers. 2.5 Return or Destruction of Protected Information. Protected Information shall remain the property of HPHC and shall, at HPHC's request (which may be at any time), be returned forthwith to HPHC or be destroyed if so directed by HPHC together with all copies made by Contractor and by anyone to whom such Protected Information has been made available by Contractor. Upon request, Contractor shall provide to HPHC a certificate as to the return or destruction of such Protected Information. 2.6 Compliance with Policy and Laws. Contractor agrees to comply with all applicable and effective state and federal regulatory and statutory requirements related to the confidentiality of Protected Information, including but not limited to, the Massachusetts privacy statute (M.G.L. ch. 214 1B), the Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00), New Hampshire Revised Statutes Chapter 359-C, Maine Revised Statutes Chapter 210-B, and Connecticut General Statutes, Chapters 669 (section 36A-701B) and 743dd (hereinafter the applicable state laws ). 2.7 Required Disclosure. Notwithstanding the foregoing, if Contractor is requested or required in a judicial, administrative or governmental proceeding to disclose any Protected Information, Contractor will notify HPHC as promptly as practicable so that HPHC may either seek an appropriate protective order or waive the provisions of this Agreement. If HPHC promptly seeks and is unable to obtain a protective order or waiver, and Contractor, in the opinion of its counsel, is required to disclose Protected Information in any court, governmental agency or tribunal or else stand liable for contempt under penalty, Contractor may disclose such Protected Information without liability hereunder. 2.8 Costs. Contractor, at its own expense, shall provide and maintain the personnel, 3

equipment, software, services and testing necessary to effectively and reliably implement the confidentiality and security standards contemplated by this Agreement. Contractor shall be responsible for all equipment necessary to maintain the security of Protected Information, including hardware, software and telecommunication services. 2.9 Certification. Contractor shall upon request certify to HPHC that it complies with the terms of this Agreement, which may be in the form of self-certification. 2.10 Business Partners/Business Associates. (i) Direct access. If Contractor engages any Business Partners or Business Associates, and such Business Partner or Business Associate has a need to know and will have access to Protected Information directly from HPHC, then any such Business Partner will be required to execute a Privacy and Security Agreement with HPHC prior to being given such access, and any such Business Associate will be required to execute a Business Associate Agreement with Contractor prior to being given such access by HPHC. (ii) Other. If Contractor engages any other Business Partner or Business Associate who has a need to know and will have access to Protected Information from Contractor, then Contractor shall be responsible for ensuring that each such Business Partner complies with the terms of this Agreement and that each such Business Associate complies with the terms of HIPAA to the same extent as if they were covered entities. 2.11 Prior Confidentiality. The parties may have previously entered into a confidentiality agreement with respect to the Protected Information or other HPHC confidential information. Such agreements shall continue in full force and effect, provided, however, that to the extent the terms of such previous agreement conflict with this Agreement as to the Protected Information, the terms of this Agreement will govern. 2.12 Contractor Responsibility for Employees and Agents. In connection with access to HPHC s secured provider web portal (HPHConnect), Contractor shall be responsible for assuring that its employees and agents fully comply with all of the obligations of Contractor under this Agreement, including the User Agreement, as set forth in the Provider Manual, in the Chapter captioned Requirements for EDI and Online Solutions. Any violations by Contractor s employees or agents shall be considered violations by the Contractor. 3.0 MISCELLANEOUS TERMS 3.1 Term and Termination. The term of this Agreement shall commence upon the Effective Date and shall continue until Contractor no longer receives Protected Information from HPHC ( Term ). HPHC shall have the right to stop providing Protected Information at any time. Any termination will not alter the rights or duties of the parties with respect to Protected Information received before the effective date of the termination. 3.2 Severability. Any provision of this Agreement, which is determined to be invalid or 4

unenforceable, will be ineffective to the extent of such determination without invalidating the remaining provisions of this Agreement or affecting the validity or enforceability of such remaining provisions. 3.3 Entire Agreement. This Agreement constitutes the complete agreement of the parties relating to the matters specified in this Agreement and, except as otherwise provided herein, supersedes all prior representations or agreements, whether oral or written, with respect to such matters. This Agreement may be amended only by a written instrument signed by HPHC and Contractor. This Agreement is for the benefit of, and shall be binding upon, the parties and their respective successors and assigns. 3.4 Governing Laws. This Agreement shall be governed by and interpreted in accordance with the laws of the Commonwealth of Massachusetts, without regard to its conflict of laws provisions, and the Commonwealth of Massachusetts shall be the sole forum for resolution of disputes regarding this Agreement or the subject matter thereof. 3.5 Specific Performance. The parties hereby agree and affirm that the subject matter of this Agreement is unique, and that it may be impossible to measure the damages, which would result to HPHC from violations by Contractor of the agreements set forth herein. Accordingly, in addition to any other remedies which HPHC may have at law or in equity, the parties hereby agree that HPHC shall have the right to have all obligations and other provisions of this Agreement specifically performed by the Contractor, as applicable, and that HPHC shall have the right to seek preliminary and permanent injunctive relief to secure specific performance, and to prevent a breach or contemplated breach, of this Agreement, without, in any case, proof of actual damages. 3.6 Audit. HPHC shall have the right, at its own expense, to conduct an audit of Contractor at any time during normal working hours upon reasonable notice to Contractor to determine if Contractor is in compliance with the terms of this Agreement. 3.7 Limitation of Liability. To the full extent allowed by applicable law, HPHC and its directors, officers and employees, affiliates, subsidiaries, successors and assigns, and third-party agents will not be liable, directly or indirectly, for any incidental, punitive, exemplary, special, indirect or consequential damages, for any reason arising from or relating to Contractor s use of or access to any HPHC Protected Information, or any provision of this agreement, even if advised of the possibility of such damages, whether arising under theory of contract, tort (including negligence), strict liability or otherwise. To the full extent allowed by applicable law, in no event will HPHC and its directors, officers and employees, affiliates, subsidiaries, successors and assigns, and third-party agents have any liability for any damages arising from or relating to this agreement or Contractor s use of the any Protected Information except for damages arising solely from HPHC s gross negligence or willful misconduct. 3.8.1 Contractor Agreements. If Contractor is representing another entity for claims submission and payment activities, then Contractor shall have an agreement with such entity. Contractor also agrees to inform HPHC of the addition or deletion of entities 5

which it is representing. 3.8.2 Contractor Privacy Officer. The Contractor s Privacy Officer s name and contact information is as follows: Privacy Officer Name: Mailing Address: Phone Number: E-mail Address: *Contractor agrees to inform HPHC of any change in its Privacy Officer information. IN WITNESS WHEREOF, the parties or their authorized representatives have caused this Agreement to be executed as of the Effective Date. CONTRACTOR Signature: Printed Name: Title: Date: HARVARD PILGRIM HEALTH CARE, INC. (HPHC USE ONLY) Signature: Printed Name: Title: Date: 6

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback