Orange County NC Website
Browse       Search
_ Please return this copy to the Clerk to the Board's <br /> office for permanent agenda file.yG <br /> BUSINESS ASSOCIATE AGREEMENT <br /> This Business Associate Agreement (this "Agreement") is entered into as of the day of <br /> 0Cfqb;, , 2013 (the "Effective Date") by and between <br /> Orange County ("Covered Entity") and the North Carolina League of <br /> Municipalities and the North Carolina Association of County Commissioners together acting as the North <br /> Carolina Local Government Debt Setoff Clearinghouse ("Business Associate") (each, a "Party" and <br /> collectively,the"Parties"). <br /> t. BACKGROUND AND PURPOSE. The Parties have entered into one or more agreements, <br /> written or oral, pursuant to which Business Associate performs functions or activities for, or provides <br /> services to, Covered Entity that involve the use and disclosure of Protected Health Information (as <br /> defined below) (the "Underlying Contracts"). Business Associate does not itself receive or maintain <br /> Protected Health Information to perform its obligations under the Underlying Contractors but does <br /> coordinate the provision of Protected Health Information from Covered Entity to a subcontractor engaged <br /> by Business Associate. Therefore, in connection with the Underlying Contracts, the Parties wish to <br /> execute this Agreement(1)to ensure Covered Entity's and Business Associate's compliance with health <br /> information privacy and security rules promulgated under the Health Insurance Portability and <br /> Accountability Act of 1996 ("HIPAA") and codified at 45 C.F.R. Part 160 and Part 164, subparts A and <br /> C (the "Security Rule"), subparts A and D (the "Breach Notification Rule"), and subparts A and E (the <br /> "Privacy Rule"), all as applicable and as amended from time to time an&as clarified by guidance issued <br /> pursuant thereto, and(2)to ensure that Business Associate protects the privacy and security of Protected <br /> Health Information as further provided herein. This Agreement is intended to apply to any existing <br /> relationships between Covered Entity and Business Associate involving the exchange of Protected Health <br /> Information. <br /> 2. DEFINITIONS. Unless otherwise defined in this Agreement, all capitalized terms used in this <br /> Agreement have the meanings ascribed to them in HIPAA, the Privacy Rule, the Security Rule, and the <br /> Breach Notification Rule; provided, however, that"Protected Health Information" or "PHI" shall mean <br /> Protected Health Information limited to the information Business Associate received from, or created, <br /> maintained,transmitted,or received on behalf of, Covered Entity. <br /> 3. OBLIGATIONS OF THE PARTIES WITH RESPECT TO PHI. <br /> 3.1 Obligations of Business Associate. With regard to its use and disclosure of PHI, Business <br /> Associate agrees to: <br /> a. not use or further disclose PHI other than as permitted or required by this Agreement or as <br /> Required by Law. <br /> b. use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this <br /> Agreement. Without limiting the generality of the foregoing,Business Associate will: <br /> • implement administrative, physical, and technical safeguards that reasonably and <br /> appropriately protect the confidentiality, integrity, and availability of electronic PHI (or <br /> `EPHI") that it receives from, or creates, receives, maintains, or transmits on behalf of, <br /> Covered Entity; <br /> 1 <br />