Orange County NC Website
BUSINESS ASSOCIATE AGREEMENT <br /> This [Amended and Restated] Business Associate Agreement (the "Agreement") is made <br /> effective the 1St day of September, 2012, by and between Orange County EMS, hereinafter referred to as <br /> "Covered Entity," and EMS Management & Consultants, Inc., hereinafter referred to as "Business <br /> Associate"(individually, a"Party"and collectively,the"Parties"). <br /> WITNESSETH: <br /> WHEREAS, the Parties wish to enter into a Business Associate Agreement to ensure compliance <br /> with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 <br /> ("HIPAA Privacy and Security Rules") (45 C.F.R. Parts 160 and 164) and the"Red Flag Rules"as found <br /> at 16 C.F.R. § 681.1 and applicable to creditors subject to the administrative enforcement of the FCRA by <br /> the Federal Trade Commission pursuant to 15 U.S.C. § 1681s(a)(1); and <br /> WHEREAS, the Health Information Technology for Economic and Clinical Health("HITECH") <br /> Act of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, modified the HIPAA <br /> Privacy and Security Rules (hereinafter, all references to the "HIPAA Privacy and Security Rules" <br /> include all amendments thereto set forth in the HITECH Act and any accompanying regulations); and <br /> WHEREAS, the Parties have entered into a written or oral arrangement or arrangements (the <br /> "Agreements") whereby Business Associate will provide certain services to Covered Entity and,pursuant <br /> to such Agreements, Business Associate may be considered a "business associate" of Covered Entity as <br /> defined in the HIPAA Privacy and Security Rules; and <br /> WHEREAS, Business Associate may have access to Protected Health Information or Electronic <br /> Protected Health Information (as defined below) in fulfilling its responsibilities under the Agreements; <br /> [and <br /> WHEREAS, prior to enactment of the HITECH Act, Covered Entity and Business Associate <br /> previously entered into a Business Associate Agreement and now intend this Agreement to supersede the <br /> prior agreement in order to comply with the requirements of the HITECH Act;] and <br /> WHEREAS, Covered Entity wishes to comply with the HIPAA Privacy and Security Rules, and <br /> Business Associate wishes to honor its obligations as a Business Associate to Covered Entity; and <br /> WHEREAS, in the event that Business Associate is engaged to perform any activity in <br /> connection with any "covered account" of Covered Entity as defined in 16 C.F.R. § 681.1 (commonly <br /> referred to as the "Red Flag Rules" and applicable to any"creditor" or any"service provider" providing <br /> any service to such creditor with regard to a covered account), Business Associate agrees to fully adopt <br /> and comply with the Red Flag Rules as are currently in effect and as may be promulgated in the future, <br /> including but not limited to the adoption of a Red Flag program that is compliant with applicable federal <br /> regulations, and to take all necessary and appropriate steps to ensure that its activities are conducted in <br /> accordance with the Red Flag Rules designed to detect,prevent and mitigate the risk of identity theft. <br /> THEREFORE, in consideration of the Parties' continuing obligations under the Agreements, and <br /> for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, <br /> the Parties agree to the provisions of this Agreement. <br />