DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

Similar documents
HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

HITECH Omnibus Business Associate Agreement DU Hybrid CE ra FINAL

HIPAA DATA USE AGREEMENT

PODIATRY RESIDENCY RESOURCE, INC. END USER SOFTWARE LICENSE AGREEMENT. IMPORTANT-READ CAREFULLY BEFORE USING THE Podiatry Residency Resource SOFTWARE.

BUSINESS ASSOCIATE AGREEMENT WITH COVERED ENTITY

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Site Access Agreement. (hereinafter referred to as the

De-identified Data & Limited Data Set. J. T. Ash University of Hawaii System HIPAA Compliance Officer

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

Model Business Associate Agreement

SERVICE PROVIDER SECURITY AGREEMENT. Clemson University ( Clemson ) and. Vendor Name Here. ( Service Provider )

Connecticut Multiple Listing Service, Inc.

RETS DATA ACCESS AGREEMENT

BUSINESS ASSOCIATE AGREEMENT (BETWEEN GIOSTARCHICAGO.COM AND GIOSTARORTHOPEDICS.COM AND GODADDY)

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

EXHIBIT G PRIVACY AND INFORMATION SECURITY PROVISIONS

LAW FIRM BUSINESS ASSOCIATE TERMS AND CONDITIONS. North Carolina Society of Healthcare Attorneys

TRADEMARK LICENSE AGREEMENT

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

CLINICAL TRIAL AGREEMENT for INVESTIGATOR-INITIATED STUDY

DATA COLLECTION AGREEMENT MASTER TERMS RECITALS

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

Agent/Agency Agreement

DATA USE AGREEMENT RECITALS

Limited Data Set Data Use Agreement

ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT BETWEEN DIRECT SUBMITTER AND WELLPOINT, INC

BUSINESS ASSOCIATE AGREEMENT

IDX Paperwork Cover Sheet

Sales Order (Processing Services)

TRADING PARTNER AGREEMENT

Provider Electronic Trading Partner Agreement

COMMONWEALTH OF MASSACHUSETTS. ) COMMONWEALTH OF MASSACHUSETTS, ) ) Plaintiff, ) ) v. ) ) SOUTH SHORE HOSPITAL, INC., ) ) Defendant.

DRAFT. OCE Funding Agreement

KAISER FOUNDATION HOSPITALS ON BEHALF OF KAISER FOUNDATION HEALTH PLAN OF THE MID-ATLANTIC STATES, INC.

DATABASE AND TRADEMARK LICENSE AGREEMENT

AON HEWITT DEFINED CONTRIBUTION NEXUS PARTICIPATION AGREEMENT

DIABETIC SUPPLIES REBATE AGREEMENT

Customized IDX RETS Solutions Data Information Sheet

ADDENDUM TO STANDARD CONTRACT BETWEEN Community Coordinated Care for Children, Inc. (4C) AND (CONTRACTOR)

South Carolina Department of Motor Vehicles

PAYMENT IN LIEU OF TAXES AGREEMENT

Regulations on Provision of Information to Shareholders of Public Joint Stock Company Oil company LUKOIL (new version)

USE OF MLS IDX LISTING DATA BY RETS COMPATIBLE VENDOR

AGREEMENT FOR LIMITED ACCESS TO DATA

University of Maryland, Baltimore Institutional Review Board FWA # Data Use Agreement

NON-DISCLOSURE AGREEMENT

SaaS Software Escrow Agreement [Agreement Number EL ]

OPEN DESIGN ALLIANCE EVALUATION LICENSE AGREEMENT

MATERIALS TRANSFER AND EVALUATION LICENSE AGREEMENT. Carnegie Mellon University

JOINT MARKETING AND SALES REFERRAL AGREEMENT

FULLY EXECUTED Contract Number: Contract Effective Date: 08/08/2014 Valid From: 07/01/2014 To: 12/31/2099

INDEPENDENT CONTRACTOR AGREEMENT

END-USER LICENSE AGREEMENT

Commonwealth of Massachusetts County of Suffolk The Superior Court NOTICE OF DOCKET ENTRY

CHARITABLE CONTRIBUTION AGREEMENT

SOUTHERN CALIFORNIA EDISON COMPANY ENERGY SERVICE PROVIDER SERVICE AGREEMENT

!! 1 Page! 2014 PEODepot. All rights reserved. PEODepot and peodepot.com are trademarks of PEODepot. INITIAL! BROKER AGREEMENT

BULK USER AGREEMENT RECITALS

OPT-IN AGREEMENT FOR GARDEN STATE MULTIPLE LISTING SERVICE, L.L.C. INTERNET DATA EXCHANGE PROGRAM

INTERCONNECTION AND PARALLEL OPERATING AGREEMENT FOR CATEGORY 1 PROJECTS (INVERTER BASED - 20kW OR LESS)

This Agreement is effective on the date of the last signature herein executing this Agreement ("Effective Date"). RECITALS

LICENSE AGREEMENT THIS AGREEMENT is dated the of, 2014.

BALTIMORE GAS AND ELECTRIC COMPANY ELECTRICITY SUPPLIER COORDINATION AGREEMENT

TRADEMARK LICENSE AGREEMENT

Ownership of Site; Agreement to Terms of Use

INTERCONNECTION AND PARALLEL OPERATING AGREEMENT FOR CATEGORY 1 AND CATEGORY 2 PROJECTS (PROJECTS UP TO 150 kw)

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT

Republican Party of Texas GOP Data Center Access Request Form 2017

NASA OPEN SOURCE SOFTWARE AGREEMENT

ASSETMARK TRUST COMPANY TOTALCASH MANAGER TM ACCESS AUTHORIZATION AGREEMENT

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

HONG KONG DEALER ELECTRONIC SERVICE AGREEMENT

Drive Trust Alliance Member Services Agreement

DEALER AGREEMENT. Dealer-agreement Page 1 of 9 Initial:

Right to Request Access to Designated Record Set

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION LICENSE AND PARTICIPATING MANUFACTURER AGREEMENT

INDEPENDENT SALES AGENCY TERMS AND CONDITIONS

The Guild, Inc. ARTWORK PUBLISHING AGREEMENT

License Agreement. 1.4 Named User License A Named User License is a license for one (1) Named User to access the Software.

SERVICE REFERRAL AGREEMENT

FANATIC DEALER PARTICIPATION AGREEMENT

AGREEMENT BETWEEN KIDS IN DISTRESS, INC., AND BROWARD COUNTY FOR SUBSTANCE ABUSE SERVICES Contract Number: KID-BARC-CFS-2017

NON-EXCLUSIVE LICENSE FOR USE OF SCHOOL WORDMARKS AND LOGOS

AMBASSADOR AGREEMENT

BRU FUEL AGREEMENT RECITALS

TRADEMARK LICENSE AGREEMENT [1]

TECHNOLOGY CONSULTING AGREEMENT

edweek.org Premium Content Site License Agreement

DATABASE SUBSCRIPTION SERVICES AND LICENSE AGREEMENT

Ambulance Billing Services Agreement Between MultiMed Billing Service, Inc., d/b/a MultiMed And City of Saratoga Springs

EMC Proven Professional Program

THE DAVID J. JOSEPH COMPANY USER ADMINISTRATOR AGREEMENT FOR SCRAPCONNECT

Framework Contract for the provision of Reference Mapping Products

Municipal Code Online Inc. Software as a Service Agreement

AGREEMENT. between BROWARD COUNTY, FLORIDA. and. for BILLING RELATED TO THE SOUTHWEST REGIONAL LANDFILL

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION PROGRAM PARTICIPATING MANUFACTURER AGREEMENT

RECITALS AGREEMENT ARTICLE I - TOTAL PROGRAM COSTS

TARGA NGL PIPELINE COMPANY LLC NOTICE OF OPEN SEASON

Transcription:

DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION This Data Use Agreement (the Agreement ) is effective between the Greenville Hospital System and Data User(s) (the Data Users ): 1. (List name of the Principal Investigator, degrees, titles, and contact information) 2. (List name of the Co-Investigator(s), degrees, titles, and contact information) 3. (List name of the Study Coordinator(s), degrees, titles, and contact information) for the following study (the Research Project ): Study Title: (Insert IRC number and complete title of the protocol) RECITALS WHEREAS, Greenville Hospital System possesses Individually Identifiable Health Information that is protected under HIPAA (as hereinafter defined) and the HIPAA Regulations (as hereinafter defined), and is permitted to use or disclose such information only in accordance with HIPAA and the HIPAA Regulations; WHEREAS, Data Users will perform the following Activities (as hereinafter defined); Please select which identifiers will be used for the limited data set: All geographic subdivision smaller than a state including: city county precinct zip code equivalent geocodes All elements of date for dates directly related to an individual; Other unique identifying numbers, characteristics or codes, please list: WHEREAS, Greenville Hospital System will disclose a Limited Data Set (as hereinafter defined) to Data Users for use by Data Users in performance of the Activities (as described above); WHEREAS, Greenville Hospital System will require that Data Users appropriately safeguard the Limited Data Set in accordance with HIPAA and the HIPAA Regulations; and WHEREAS, Data Users agrees to protect the privacy of the Limited Data Set in accordance with the terms and conditions of this Agreement, HIPAA and the HIPAA Regulations; Page 1 of 7

NOW THEREFORE, Greenville Hospital System and Data Users agree as follows: 1. Definitions. The parties agree that the following terms, when used in this Agreement, shall have the following meanings, provided that the terms set forth below shall be deemed to be modified to reflect any changes made to such terms from time to time as defined in HIPAA and the HIPAA Regulations. a. HIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191. b. HIPAA Regulations means the regulations promulgated under HIPAA by the United States Department of Health and Human Services, including, but not limited to, 45 C.F.R. Part 160 and 45 C.F.R. Part 164. c. Greenville Hospital System is a health care provider (as defined by HIPAA and the HIPAA Regulations) who transmits health information in electronic form in connection with the HIPAA Regulations. d. Individually Identifiable Health Information means information that is a subset of health information, including demographic information collected from an individual, and; 1) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and 2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and a) that identifies the individual; or b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual. e. Protected Health Information or PHI means Individually Identifiable Health Information that is transmitted by electronic media; maintained in any medium described in the definition of the term electronic media in the HIPAA Regulations; or transmitted or maintained in any other form or medium. Protected Health Information excludes Individually Identifiable Health Information in education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g, and records described at 20 U.S.C. 1232g(a)(4)(B)(iv). 2. Obligations of Greenville Hospital System Page 2 of 7

a. Limited Data Set. Greenville Hospital System agrees to disclose only the Limited Data Set, for the study named at the beginning of this document. Such Limited Data Set shall not contain any of the following: names; postal address information, other than town or city, state, and zip code; telephone numbers; fax numbers; electronic mail addresses; social security numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; Web Universal Resource Locators (URLs); Internet Protocol (IP) address numbers; biometric identifiers, including finger and voice prints; and full face photographic images and any comparable images. 3. Obligations of Data Users a. Performance of Activities. The Data Users may use and disclose the Limited Data Set received from Greenville Hospital System only in connection with the performance of the research activities as described herein. Data Users shall limit the use or receipt of the Limited Data Set to the following individuals or classes of individuals who need the Limited Data Set for the performance of the Activities: List all individuals who will use, or receive, the Limited Data Set for the performance of the Activities: Only the Data Users may use this dataset for the purposes of data analysis. Should a qualified statistician or other researcher need to be consulted for data analysis purposes, that person will then be required to follow the same data use restrictions as noted in the Agreement. The Institutional Review Committee(s) will be notified beforehand if and when others besides the Data Users will need access to the dataset for analysis. b. Nondisclosure Except As Provided In Agreement. Data Users shall not use or further disclose the Limited Data Set except as permitted or required by this Agreement. c. Identification of Individual. Data Users may not use the Limited Data Set to identify or contact any individual who is the subject of the PHI from which the Limited Data Set was created. d. Disclosures Required By Law. Data Users shall not, without the prior written consent of Greenville Hospital System, disclose the Limited Data Set on the basis that such disclosure is required by law without notifying Greenville Hospital System so that Greenville Hospital System shall have an opportunity to object to the disclosure and to seek appropriate relief. If Greenville Hospital System objects to such disclosure, Data Users shall refrain from disclosing the Limited Data Set until Greenville Hospital System has exhausted all alternatives for relief. Page 3 of 7

e. Safeguards. The Data Users shall use any and all appropriate safeguards to prevent use or disclosure of the Limited Data Set other than as provided by this Agreement. f. Data Users Agents. The Data Users shall not disclose the Limited Data Set to any agent or subcontractor of Data Users except with the prior written consent of Greenville Hospital System. The Data Users shall ensure that any agents, including subcontractors, to whom it provides the Limited Data Set agree in writing to be bound by the same restrictions and conditions that apply to the Data Users with respect to such Limited Data Set. g. Reporting. The Data Users shall report to the Greenville Hospital System Institutional Review Committee(s) within 72 hours of the Data Users becoming aware of any use or disclosure of the Limited Data Set in violation of this Agreement or applicable law. 4. Material Breach, Enforcement and Termination. a. Term. This Agreement shall be effective as of the agreement effective date, and shall continue until the Agreement is terminated in accordance with the provisions of Section 4.c. [or until the Agreement between the parties terminates]. b. Greenville Hospital System s Rights of Access and Inspection. From time to time upon reasonable notice, or upon a reasonable determination by Greenville Hospital System that Data Users has breached this Agreement, Greenville Hospital System may inspect the facilities, systems, books and records of the Data Users to monitor compliance with this Agreement. The fact that Greenville Hospital System inspects, or fails to inspect, or has the right to inspect, Data Users facilities, systems and procedures does not relieve Data Users of its responsibility to comply with this Agreement, nor does Greenville Hospital System s (1) failure to detect or (2) detection of, but failure to notify Data Users or require Data Users remediation of, any unsatisfactory practices constitute acceptance of such practice or a waiver of Greenville Hospital System s enforcement or termination rights under this Agreement. The parties respective rights and obligations under this Section 4.b. shall survive termination of the Agreement. c. Termination. Greenville Hospital System may terminate this Agreement: 1) immediately if the Data Users are named as a defendant in a criminal proceeding for a violation of HIPAA or the HIPAA Regulations; 2) immediately if a finding or stipulation that the Data Users have violated any standard or requirement of HIPAA, the HIPAA Regulations, or any other security or privacy laws is made in any administrative or civil proceeding in which the Data Users have been joined; or 3) pursuant to Sections 4.d.(3) or 5.b. of this Agreement. Page 4 of 7

d. Remedies. If Greenville Hospital System determines that the Data Users have breached or violated a material term of this Agreement, Greenville Hospital System may, at its option, pursue any and all of the following remedies: 1) exercise any of its rights of access and inspection under Section 4.b. of this Agreement; 2) take any other reasonable steps that Greenville Hospital System, in its sole discretion, shall deem necessary to cure such breach or end such violation; and/or 3) terminate this Agreement immediately. e. Knowledge of Non-Compliance. Any non-compliance by the Data Users with this Agreement or with HIPAA or the HIPAA Regulations automatically will be considered a breach or violation of a material term of this Agreement if the Data Users knew or reasonably should have known of such non-compliance and failed to immediately take reasonable steps to cure the non-compliance. f. Reporting to United States Department of Health and Human Services. If Greenville Hospital System s efforts to cure any breach or end any violation are unsuccessful, and if termination of this Agreement is not feasible, Greenville Hospital System shall report the Data Users breach or violation to the Secretary of the United States Department of Health and Human Services, and the Data Users agree that it shall not have or make any claim(s), whether at law, in equity, or under this Agreement, against Greenville Hospital System with respect to such report(s). g. Return or Destruction of Records. Upon termination of this Agreement for any reason, the Data Users shall return or destroy, as specified by Greenville Hospital System, the Limited Data Set that the Data Users still maintain in any form, and shall retain no copies of such Limited Data Set. If Greenville Hospital System, in its sole discretion, requires that the Data Users destroy the Limited Data Set, the Data Users shall certify to Greenville Hospital System that the Limited Data Set has been destroyed. If return or destruction is not feasible, Data Users shall inform Greenville Hospital System of the reason it is not feasible and shall continue to extend the protections of this Agreement to such Limited Data Set and limit further use and disclosure of such Limited Data Set to those purposes that make the return or destruction of such Limited Data Set infeasible. h. Injunctions. Greenville Hospital System and the Data Users agree that any violation of the provisions of this Agreement may cause irreparable harm to Greenville Hospital System. Accordingly, in addition to any other remedies available to Greenville Hospital System at law, in equity, or under this Agreement, in the event of any violation by the Data Users of any of the provisions of this Agreement, or any explicit threat thereof, Greenville Hospital System shall be entitled to an injunction or other decree of specific performance with respect to such violation or explicit threat thereof, without any bond or other security being required and without the necessity of demonstrating actual damages. The parties respective rights and obligations under this Section 4.h. shall survive termination of the Agreement. Page 5 of 7

i. Indemnification. The Data Users shall indemnify, hold harmless and defend Greenville Hospital System from and against any and all claims, losses, liabilities, costs and other expenses resulting from, or relating to, the acts or omissions of the Data Users in connection with the representations, duties and obligations of the Data Users under this Agreement. The parties respective rights and obligations under this Section 4.i. shall survive termination of the Agreement. 5. Miscellaneous Terms. a. State Law. Nothing in this Agreement shall be construed to require the Data Users to use or disclose the Limited Data Set without a written authorization from an individual who is a subject of the PHI from which the Limited Data Set was created, or written authorization from any other person, where such authorization would be required under state law for such use or disclosure. b. Amendment. Greenville Hospital System and the Data Users agree that amendment of this Agreement may be required to ensure that Greenville Hospital System and the Data Users comply with changes in state and federal laws and regulations relating to the privacy, security, and confidentiality of PHI or the Limited Data Set. Greenville Hospital System may terminate this Agreement upon 30 days written notice in the event that the Data Users does not promptly enter into an amendment that Greenville Hospital System, in its sole discretion, deems sufficient to ensure that Greenville Hospital System will be able to comply with such laws and regulations. c. No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended or shall be deemed to confer upon any person other than Greenville Hospital System and the Data Users, and their respective successors and assigns, any rights, obligations, remedies or liabilities. d. Ambiguities. The parties agree that any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with applicable law protecting the privacy, security and confidentiality of PHI and the Limited Data Set, including, but not limited to, HIPAA and the HIPAA Regulations. e. Primacy. To the extent that any provisions of this Agreement conflict with the provisions of any other agreement or understanding between the parties, this Agreement shall control with respect to the subject matter of this Agreement. In witness whereof, the parties hereto have duly executed this Agreement applying to the covered entity, Greenville Hospital System. Page 6 of 7

Signature of Principal Investigator (Data User #1) Signature of Co-Investigator (Data User #2, if applicable) Signature of Study Coordinator (Data User #3, if applicable) Signature of Greenville Hospital System Institutional Official Page 7 of 7

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback