Orange County NC Website
Browse       Search
<br />BUSINESS ASSOCIATE AGREEMENT <br />This Agreement is made effective the 1St of July, 2006, by and between Orange County Government, <br />Health Department, hereinafter referred to as "Covered Entity", and UNC Department of Family Medicine, <br />hereinafter referred to as "Business Associate," (individually, a "Party" and collectively, the "Parties"). <br />WITNESSETH: <br />WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and Accountability Act <br />of 1996, Public Law 104-191, known as "the Administrative Simplification provisions," direct the Department of <br />Health and Human Services to develop standards to protect the security, confidentiality and integrity of health <br />information; and <br />WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and Human <br />Services has issued regulations modifying 45 CFR Parts 160 and 164 (the "HIPAA Privacy Rule"); and <br />WHEREAS, the Parties wish to enter into or have entered into an arrangement whereby Business <br />Associate will provide certain services to Covered Entity, and, pursuant to such arrangement, Business Associate <br />may be considered a "business associate" of Covered Entity as defined in the HIPAA Privacy Rule (the <br />agreement evidencing such arrangement is entitled: Agreement for Medical Director Services, dated July 1, 2006, <br />renewable annually, and is hereby referred to as the. "Arrangement Agreement"); and <br />WHEREAS, Business Associate may have access to Protected Health Information (as defined below) in <br />fulfilling its responsibilities under such arrangement; <br />THEREFORE, in consideration of the Parties' continuing obligations under the Arrangement Agreement, <br />the Parties agree to the provisions of this Agreement in order to address the requirements of the HIPAA Privacy <br />Rule and to protect the interests of both Parties. <br />DEFINITIONS <br />Except as otherwise defined herein, terms used in this Agreement shall have the same meaning as those terms <br />set forth in the HIPAA Privacy Rule. <br />II. CONFIDENTIALITY REQUIREMENTS <br />(a) Business Associate shall: <br />(i) use or disclose any protected health information solely as permitted or required <br />by this Agreement, the Arrangement Agreement (if consistent with this Agreement and the HIPAA <br />Privacy Rule), or as required by law.' <br />(ii) ensure that its agents, including a subcontractor, to whom it provides protected <br />health information received from or created by Business Associate on behalf of Covered Entity, <br />agrees to the same restrictions and conditions that apply to Business Associate with respect to <br />such information. In addition, Business Associate agrees to take reasonable steps to ensure that <br />its employees' actions or omissions do not cause Business Associate to breach the terms of this <br />Agreement; <br />(iii) implement appropriate safeguards to prevent use or disclosure of protected <br />health information other than as permitted or required by this Agreement; <br />(iv) permit the Secretary of Health and Human Services to audit Business <br />Associate's records and practices related to use and disclosure of protected health information to <br />ensure Covered Entity's compliance with the terms of the HIPAA Privacy Rule; <br />L:\ROSIE\HIPPA\BBA Fam Practice Med Contract 06.doc Page 1 of 4 <br />