LAW FIRM BUSINESS ASSOCIATE TERMS AND CONDITIONS. North Carolina Society of Healthcare Attorneys

Similar documents
BUSINESS ASSOCIATE AGREEMENT WITH COVERED ENTITY

Model Business Associate Agreement

HITECH Omnibus Business Associate Agreement DU Hybrid CE ra FINAL

BUSINESS ASSOCIATE AGREEMENT (BETWEEN GIOSTARCHICAGO.COM AND GIOSTARORTHOPEDICS.COM AND GODADDY)

DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

BUSINESS ASSOCIATE AGREEMENT

HIPAA DATA USE AGREEMENT

Sales Order (Processing Services)

PODIATRY RESIDENCY RESOURCE, INC. END USER SOFTWARE LICENSE AGREEMENT. IMPORTANT-READ CAREFULLY BEFORE USING THE Podiatry Residency Resource SOFTWARE.

Site Access Agreement. (hereinafter referred to as the

ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT BETWEEN DIRECT SUBMITTER AND WELLPOINT, INC

BUSINESS ASSOCIATE AGREEMENT

EXHIBIT G PRIVACY AND INFORMATION SECURITY PROVISIONS

COMMONWEALTH OF MASSACHUSETTS. ) COMMONWEALTH OF MASSACHUSETTS, ) ) Plaintiff, ) ) v. ) ) SOUTH SHORE HOSPITAL, INC., ) ) Defendant.

Non-Clearing Membership Agreement

S10A0994. BAKER et al. v. WELLSTAR HEALTH SYSTEMS, INC. et al. This action originated with a medical malpractice complaint filed on

DATA USE AGREEMENT RECITALS

Secretary s Certificate (General)

Clearing Membership Agreement

DATABASE AND TRADEMARK LICENSE AGREEMENT

CLINICAL TRIAL AGREEMENT for INVESTIGATOR-INITIATED STUDY

Agent/Agency Agreement

Commonwealth of Massachusetts County of Suffolk The Superior Court NOTICE OF DOCKET ENTRY

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

INDEPENDENT CONTRACTOR AGREEMENT

Data Licensing Agreement

DATA COLLECTION AGREEMENT MASTER TERMS RECITALS

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

For Preview Only - Please Do Not Copy

Non-Discretionary IA Services Client Services Agreement

MDP LABS SERVICES AGREEMENT

THE UNIVERSITY OF TEXAS SYSTEM ADMINISTRATION HIPAA PRIVACY MANUAL Section 7.2: Right to Access Protected Health Information Page: 1 of 5

MWC19 Barcelona Speaker Video Footage - Terms of Use

Sample Licensing Agreement

SELECT ILLINOIS RULES OF PROFESSIONAL CONDUCT

DIABETIC SUPPLIES REBATE AGREEMENT

KAISER FOUNDATION HOSPITALS ON BEHALF OF KAISER FOUNDATION HEALTH PLAN OF THE MID-ATLANTIC STATES, INC.

I. PURPOSE AND SCOPE. WHEREAS, [SITE] and its employees or agents will collaborate as a study site; and

Work-Made-for-Hire-Agreement

AGREEMENT BETWEEN KIDS IN DISTRESS, INC., AND BROWARD COUNTY FOR SUBSTANCE ABUSE SERVICES Contract Number: KID-BARC-CFS-2017

For Preview Only - Please Do Not Copy

INDICATORS OF COMPLIANCE WITH STANDARDS FOR BIRTH CENTERS END USER LICENSE AGREEMENT

BASIC SALES TRANSACTION AGREEMENT

EMIR PORTFOLIO RECONCILIATION, DISPUTE RESOLUTION AND DISCLOSURE. (2) (full legal name of company) (the Counterparty).

RAYTHEON COMPANY ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT

FILED: NIAGARA COUNTY CLERK 08/15/ :34 AM INDEX NO. E157285/2015 NYSCEF DOC. NO. 42 RECEIVED NYSCEF: 08/15/2017 EXHIBIT F

Municipal Code Online Inc. Software as a Service Agreement

FINANCIAL PLANNING AGREEMENT

Online Account Access Agreement

Terms of Use for the REDCap Non-Profit End-User License Agreement

CERTIFICATE OF DEPOSIT SELLING GROUP AGREEMENT

*SAMPLE PRACTICE CONTINUATION AGREEMENT* DISCLAIMER

SERVICES TERMS AND CONDITIONS

PROFESSIONAL SERVICES CONTRACT GENERAL SERVICES BETWEEN COPPER VALLEY ELECTRIC ASSOCIATION, INC. AND

SERVICE AGREEMENT TRAINING OR WORKSHOP

GRANT AGREEMENT ( Agreement ) Effective as at the last date of signing.

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

UNIVERSITY OF ULSTER THIRD PARTY PROCESSING AGREEMENT

NON-DISCLOSURE AGREEMENT

PROPOSAL SUBMISSION AGREEMENT

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

Content Provider Agreement

INDEPENDENT CONTRACTOR TERMS OF AGREEMENT Return to the Division of Human Resources when complete. Name: Individual: Business: (mark one)

AMBASSADOR PROGRAM AGREEMENT

SITE ACCESS AGREEMENT. between BROWARD COUNTY. and ENVIRONMENTAL RISK MANAGEMENT, INC.

MASSACHUSETTS CLEAN ENERGY TECHNOLOGY CENTER RENEWABLE ENERGY TRUST FUND MEMBERSHIP AGREEMENT

PACKET ONE S ARD ANNEXURE I PACKET ONE S ARD ANNEXURE I NON-DISCLOSURE AGREEMENT. THIS NON-DISCLOSURE AGREEMENT ( Agreement ) is made on of 2009

INTERLOCAL AGREEMENT BETWEEN AND PALM BEACH COUNTY

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Unsolicited Proposal Policy

ISDA International Swaps and Derivatives Association, Inc.

TBMA/ISMA GLOBAL MASTER REPURCHASE AGREEMENT (2000 VERSION) AGENCY ANNEX. Supplemental terms and conditions for Agency Transactions

CHARITABLE CONTRIBUTION AGREEMENT

SECURITY SHARING AGREEMENT. THIS SECURITY SHARING AGREEMENT (this Agreement) is made as of June 25, 2014.

LevCo technologies MASTER IT SERVICES AGREEMENT

DATED 20 HSBC BANK PLC. and [FUNDER] and [COMPANY] DEED OF PRIORITY

REPRESENTATION AGREEMENT

SAMPLE FORMS - CONTRACTS DATA REQUEST AND RELEASE PROCESS NON-DISCLOSURE AGREEMENT, Form (See Attached Form)

Participant Agreement

AGREEMENT FOR DISMISSAL OF WEST VALLEY PRESBYTERIAN CHURCH AND MUTUAL RELEASE OF CLAIMS

Data Processing Agreement

Responding to Requests for the Release of Minors Health Information: Guidelines for N.C. Local Health Departments. Jill Moore UNC School of Government

NITRO READER END USER LICENSE AGREEMENT

Limited Data Set Data Use Agreement

System Impact Study Agreement

REQUEST FOR PROPOSALS FOR ACCREDITATION CONSULTANT SNHD-9-RFP

Home Foundation Subcontractor Services Agreement

METER DATA MANAGEMENT SERVICES AGREEMENT BETWEEN AMEREN SERVICES COMPANY AND

(1) the representation of one client will be directly adverse to another client; or

edelivery Agreement and Disclosure

Realogy Holdings Corp. Realogy Group LLC

CAPTION FINANCIAL SUMMARY

International Swaps and Derivatives Association, Inc. ISDA 2017 OTC EQUITY DERIVATIVES T+2 SETTLEMENT CYCLE PROTOCOL

THIS INTERAGENCY AGREEMENT ("Agreement") is made and entered into as of the date on which it becomes fully executed, by and between

Defined terms used in this guidance note and in the example language included hereunder are set out in Schedule 2 to this guidance note.

Independent Contractor Agreement Accountant

Transcription:

LAW FIRM BUSINESS ASSOCIATE TERMS AND CONDITIONS Law Firm: Client: Law Firm Engagement: North Carolina Society of Healthcare Attorneys Law Firm and Client desire that Client achieve compliance with the Health Insurance Portability and Accountability Act of 1996 with respect to Client's engagement of Law Firm and disclosure of "protected health information" to Law Firm, as more fully described below. Client is or may be a "Covered Entity" within the meaning of the HIPAA "Privacy Rule," or the Standards for the Privacy of Individually Identifiable Health Information, which is codified at 45 C.F.R. Parts 160 and 164. To the extent that Client is a Covered Entity and discloses protected health information to Law Firm in connection with the legal services provided to Client, Law Firm is or may be a business associate of Client under the Privacy Rule. Law Firm and Client agree to the following terms and conditions ("Terms and Conditions"). The Terms and Conditions are intended to comply with the requirements for business associate agreements under the HIPAA Privacy Rule, and are to be construed to achieve compliance with those requirements. References in brackets, for example, "[45 C.F.R. 164.504(e)(1)]," are references to the specific Privacy Rule provision that the specific provision below is intended to address (the text of these Privacy Rule provisions are attached hereto as Exhibit B to these Terms and Conditions). As used in these Terms and Conditions, "this Agreement" means the agreement(s) between Law Firm and Client regarding the Law Firm Engagement described above. 1. As used in this Agreement, "Protected Health Information" or "PHI" means, subject to the definition provided at 45 C.F.R. 164.501, individually identifiable health information that Law Firm receives from Client or that it creates or receives on behalf of Client for the purposes of performing the services under this Agreement as described in Exhibit A attached hereto and incorporated herein by reference, except that Law Firm may

use and disclose PHI for the proper management and administration of Law Firm or to carry out the legal responsibilities of Law Firm consistent with the provisions of 45 C.F.R. 164.504(e)(4)(i) and (ii). [ 164.504(e)(2)(i)] 2. Law Firm will not use or further disclose PHI other than as permitted or required by this Agreement or as required by law. [ 164.504(e)(2)(ii)(A)] 3. Law Firm will use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by this Agreement. [ 164.504(e)(2)(ii)(B)] 4.Law Firm will report to Client any use or disclosure of PHI not provided for by this Agreement of which it becomes aware. [ 164.504(e)(2)(ii)(C) ] 5. Law Firm will ensure that any agent of Law Firm, including a subcontractor of Law Firm, to whom it provides PHI received from or created or received by Law Firm on behalf of Client, agrees to the same restrictions and conditions that apply to Law Firm with respect to such information. [ 164.504(e)(2)(ii)(D)] 6. L aw Firm will make available PHI to the extent required under 45 C.F.R. 164.524, which describes the requirements applicable to an individual's request for access to the PHI relating to the individual. To the extent permitted by the Privacy Rule, the obligations of Law Firm in this Paragraph apply only to "designated record sets" in Law firm's possession or control as such term is defined at 45 C.F.R. 164.501. [ 164.504(e)(2)(ii)(E)] 7. Law Firm will make available PHI to the extent required for amendment and incorporate any amendments to PHI in accordance with 45 C.F.R. 164.526, which describes the requirements applicable to an individual's request for an amendment to the PHI relating to the individual. To the extent permitted by the Privacy Rule, the obligations of Law Firm in this Paragraph apply only to "designated record sets" in Law Firm's possession or control as such term is defined at 45 C.F.R. 164.501. [ 164.504(e)(2)(ii)(F)] 8. Law Firm will make available PHI to the extent required to provide an accounting of disclosures in accordance with 45 C.F.R. 164.528, which describes the requirements applicable to an individual's request for an accounting of disclosures of PHI relating to the individual. [ 164.504(e)(2)(ii)(G)] 9. If Law Firm receives a request, made on behalf of the Secretary of the Department of Health and Human Services, that Law Firm make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining Client's compliance with the HIPAA Privacy Rule, then Law Firm will promptly notify Client that Law Firm has received such a request. Upon Law Firm's receipt of written Directive

to do so from Client in the form attached as Exhibit C, Law Firm will make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining Client's compliance with the HIPAA Privacy Rule 1 [ 164.504(e)(2)(ii)(H)], provided, however, that this provision shall not apply in the event a court of competent jurisdiction determines, in response to a challenge raised by Client, that the Privacy Rule provision requiring the inclusion of this provision in the Terms and Conditions is unenforceable, invalid, or otherwise inapplicable to: (i) the relationship between Law Firm and Client; or (ii) with respect to the action that the Secretary may request of Law Firm or Client regarding Law Firm's internal practices, books, and records relating to the use and disclosure of PHI; provided further that this Agreement shall not be construed to require Law Firm to engage in any conduct which would be deemed unprofessional conduct under the laws or ethical requirements applicable to lawyers in any State in which Law Firm's lawyers working on the Engagement are licensed to practice. Law Firm disclaims, and Client accepts such disclaimer, that Law Firm is not providing and has not provided legal advice to Client as to whether this Paragraph satisfies Client's obligations under the Privacy Rule provisions at 45 C.F.R. 164.504(e)(2)(ii)(H). Law Firm may delay complying with a request of the Secretary as to this provision while Law Firm makes reasonable efforts to ascertain its applicable professional responsibilities with respect to this Paragraph. Client hereby waives any applicable attorney-client or other privilege in which Client has an interest with respect to Law Firm's performance of the obligations required under this Paragraph.2 10. Upon termination of this Agreement, if feasible, Law Firm will return or destroy all PHI received from Client or created or received by Law Firm on behalf of Client that Law Firm still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Law Firm will extend the protections of this Agreement to the information retained and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. [ 164.504(e)(2)(ii)(I)]3 11. Client may terminate this Agreement if Client determines that Law Firm has violated a material term of this Agreement. [ 164.504(e)(2)(iii)] 12. These Terms and Conditions are intended for the sole benefit of the Law Firm and Client and do not create any third party beneficiary rights, except as to the extent that the Privacy Rule validly requires the Secretary of the Department of Health and Human Services or any other person to be a third party beneficiary to this Agreement. 13. These Terms and Conditions cannot be amended except by the mutual written agreement of Law Firm and Client.

14. Client will not disclose PHI to Law Firm except to the extent permitted under the Privacy Rule. Law Firm does not undertake in these Terms and Conditions to provide legal advice to Client regarding whether the Privacy Rule permits any particular disclosure of PHI to Law Firm. Any such undertaking by Law Firm must be acknowledged by Law Firm and will be addressed separately from these Terms and Conditions. Although Law Firm may discuss with Client various requirements of the HIPAA Privacy Rule, Law Firm is not providing any legal advice to Client in these Terms and Conditions, including whether these Terms and Conditions meet all requirements under HIPAA. 15. In the event that any provision of the Terms and Conditions are held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this Agreement will remain in full force and effect. In addition, in the event a party (Law Firm or Client) believes in good faith that any provision of the Terms and Conditions fails to comply with the then-current requirements of the HIPAA Privacy Rule, such party so shall notify the other party in writing. For a period of up to thirty days, the parties shall address in good faith such concern and shall amend the terms of this Agreement, if necessary to bring it into compliance. If after such thirty day period these Terms and Conditions fail to comply with the HIPAA Privacy Rule with respect to the concern(s) raised pursuant to this Paragraph, then either party has the right to terminate this Agreement upon written notice to the other party. 16. [It may be advisable to address other issues, including any State law issues. Also, it may be advisable to consider prospective-looking provisions regarding engagements that may extend through the compliance deadline under the HIPAA "Security Rule;" see generally the Notice of Proposed Rule-Making, 63 Fed. Reg. 43242 (8/12/98).]

EXHIBIT A Permitted Uses and Disclosure of Protected Health Information by Law Firm Law Firm may use and disclose Protected Health Information only for purposes of providing services to Client. Such permitted uses and disclosures include the following:4

EXHIBIT B Text of Cited Privacy Rule Provisions [to be inserted]

EXHIBIT C Directive In response to a request from the Secretary of the Department of Health and Human Services that [Law Firm] make available to the Secretary [Law Firm's] internal practices, books, and records relating to protected health information that [Law Firm] receives from [Client] or that it creates or receives on behalf of [Client], a copy of such request being attached to this Directive, [Client] hereby directs [Law Firm] to comply with the Secretary's request. [CLIENT] By: Title: Date: #483798v3 (333333-72)

Footnotes 1. The HIPAA Privacy Rule does not expressly contemplate that Client may reserve to itself this "trigger" or condition to Law Firm's obligation to make this information available to the Secretary. Since Client and not Law Firm controls the condition, it would arguably seem that the requirement of the HIPAA Privacy Rule is met, but the issue is noted for Counsel's consideration. 2. [State Bar issue-valid prospective waiver?] 3. [address professional responsibility issues] 4. [Describe here the permitted uses and disclosures of PHI that may be made by Law Firm in connection with the engagement. Review the following statement in the Preamble to Privacy Rule for direction regarding the degree of specificity that the Privacy Rule requires in describing permitted uses and disclosures. We retain the requirement that the business associate contract must provide that the business associate will not use or further disclose the information other than as permitted or required by the contract or as required by law. We do not mean by this requirement that the business associate contract must specify each and every use and disclosure of protected health information permitted to the business associate, Rather, the contract must state the purposes for which the business associate may use and disclose protected health information, and must indicate generally the reasons and types of person to whom the business associate may make further disclosures. For example, attorneys often need to provide information to potential witnesses, opposing counsel, and others in the course of their representation of a client. The business associate contract pursuant to which protected health information is provided to its attorney may include a general statement permitting the attorney to disclose protected health information to these types of people, within the scope of its representation of the covered entity. 65 Fed. Reg. 82505.] [another issue: In a medical malpractice case, can Law Firm look at PHI in Case A to evaluate issues in Case B [e.g., to compare expert testimony in similar cases], and provide advice back to Client in Case A? Consider whether Law Firm needs permission to provide data aggregation services, or does Law Firm need to get permission to de-identify all PHI, so that the cross-file review will not involve PHI (if that can be practically done)?]

1. Health care clearinghouse means a public or private entity that does either of the following (Entities, including but not limited to, billing services, repricing companies, community health management information systems or community health information systems, and value-added networks and switches are health care clearinghouses for purposes of this subchapter if they perform these functions.): a) Processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction. or b)receives a standard transaction from another entity and processes or facilitates the processing of information into nonstandard format or nonstandard data content for a receiving entity.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback