Orange County NC Website
<br />BUSINESS ASSOCIATE AGREEMENT <br />This Agreement is made effective the 1st of July, 2007, by and between Orange County, <br />hereinafter referred to as "Covered Entity", and Ginger Mann, hereinafter referred to as "Business <br />Associate," (individually, a "Party" and collectively, the "Parties"). <br />WITNESSETH: <br />WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and <br />Accountability Act of 1996, Public Law 104-191, known as "the Administrative Simplification provisions," <br />direct the Department of Health and Human Services to develop standards to protect the security, <br />confidentiality and integrity of health information; and <br />WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and <br />Human Services has issued regulations modifying 45 CFR Parts 160 and 164 (the "HIPAA Security and <br />Privacy Rule"); and <br />WHEREAS, the Parties wish to enter into or have entered into an arrangement whereby <br />Business Associate will provide certain services to Covered Entity, and, pursuant to such arrangement, <br />Business Associate may be considered a "business associate" of Covered Entity as defined in the <br />HIPAA Security and Privacy Rule (the agreement evidencing such arrangement is entitled Agreement <br />for Services for the "Give Kids a Smile/Adopt a Child Care Campaign" , dated July 1, 2005, and is <br />hereby referred to as the "Arrangement Agreement"); and <br />WHEREAS, Business Associate may have access to Protected Health Information (as defined <br />below) in fulfilling its responsibilities under such arrangement; <br />THEREFORE, in consideration of the Parties' continuing obligations under the Arrangement <br />Agreement, the Parties agree to the provisions of this Agreement in order to address the requirements <br />of the HIPAA Security and Privacy Rule and to protect the interests of both Parties. <br />DEFINITIONS <br />Except as otherwise defined herein, terms used in this Agreement shall have the same meaning as <br />those terms set forth in the HIPAA Security and Privacy Rule. <br />11. CONFIDENTIALITY REQUIREMENTS <br />(a) Business Associate shall: <br />(i) use or disclose any protected health information solely as permitted or <br />required by this Agreement, the Arrangement Agreement (if consistent with this <br />Agreement and the HIPAA Security and Privacy Rule), or as required by law. <br />(ii) ensure that its agents, including a subcontractor, to whom it provides <br />protected health information received from or created by Business Associate on behalf <br />of Covered Entity, agrees to the same restrictions and conditions that apply to Business <br />Associate with respect to such information. In addition, Business Associate agrees to <br />take reasonable steps to ensure that its employees' actions or omissions do not cause <br />Business Associate to breach the terms of this Agreement;