|
DocuSign Envelope ID:90B9D659-590B-40CA-85C6-4FA2FEE9lF35
<br /> Z`
<br /> I I I I I`1 11ulululul iq 1,111
<br /> '9616 NE E)
<br /> THIS BUSINESS ASSOCIATE AGREEMENT is entered into by and between Orange County, a political subdivision
<br /> of the State of North Carolina ("Covered Entity"), and ZirMed, Inc.,a Delaware corporation("Business Associate"),
<br /> with offices at 888 West Market Street, Suite 400, Louisville, Kentucky 40202,as an addendum to the subscriber
<br /> agreement between the parties(the"Addendum")and shall be effective as of the date of Services Agreement(as
<br /> defined hereunder).
<br /> Recitals
<br /> WHEREAS, the parties have entered into an underlying services agreement, ("Services Agreement")incorporated
<br /> herein by reference;
<br /> WHEREAS, in order for Business Associate to furnish services to Covered Entity in accordance with the Services
<br /> Agreement, Covered Entity must at times disclose to Business Associate protected health information("PHI")
<br /> governed by the Health Insurance Portability and Accountability Act of 1996, Pub. 104-191 ("HIPAA"), as amended,
<br /> and the accompanying regulations promulgated thereunder at 45 C.F.R. Parts 160 and 164(the"Privacy Rule")and
<br /> 45 C.F.R. Parts 160, 162 and 164(the"Security Rule")(collectively, the"HIPAA Regulations"), as amended;
<br /> WHEREAS, the parties desire to enter into this Addendum in order to comply with the HIPAA Regulations.
<br /> NOW THEREFORE, the parties, in consideration of the mutual obligations contained herein and in the Services
<br /> Agreement and for other good and valuable consideration, the receipt and adequacy of which are hereby
<br /> acknowledged, agree as follows:
<br /> 1. Definitions. The terms used, but not otherwise defined, in this Addendum shall have the same meaning as
<br /> those in the HIPAA Regulations, as amended.
<br /> 2. Duties and Obligations of Business Associate. Business Associate hereby agrees to fully comply with the
<br /> requirements applicable to"business associates"under the HIPAA Regulations,and the terms and conditions set
<br /> forth under the Services Agreement and this Addendum.
<br /> a. Permitted Uses and Disclosures. Business Associate may use or disclose PHI of the Covered Entity for any
<br /> and all purposes necessary to perform the duties and obligations of Business Associate under the Services
<br /> Agreement, or as otherwise expressly permitted under this Addendum,the Services Agreement or in compliance
<br /> with 45 C.F.R. §164.504(e). Business Associate may further use or disclose such PHI: (i)for the proper
<br /> management and administration of Business Associate; (ii)to carry out the legal responsibilities of Business
<br /> Associate; (iii)if the disclosure is Required by Law; and(iv)if Business Associate obtains reasonable assurances
<br /> from the person to whom PHI is disclosed that the PHI will be held confidential and used or further disclosed only
<br /> as Required by Law or for the purpose for which it was disclosed, the person will use appropriate safeguards to
<br /> prevent use or disclosure of the information, and the person will notify Business Associate immediately of any
<br /> Breach of Unsecured PHI in the manner and time frame set forth under Section 2.e.of this Addendum.
<br /> b.Authorizations. Notwithstanding any other limitation herein, Covered Entity agrees that nothing in this
<br /> Addendum prohibits Business Associate from using or disclosing PHI to the extent permitted by an Authorization
<br /> from the applicable Individual.
<br /> c. Safeguarding PHI. Business Associate shall develop and implement reasonable administrative, physical and
<br /> technical safeguards to prevent the unauthorized use or disclosure of PHI that Business Associate creates,
<br /> receives, maintains or transmits on behalf of Covered Entity; and to protect the confidentiality, integrity and
<br /> availability of such PHI. Business Associate shall further adopt a security plan that takes into account each of the
<br /> Security Rule standards, as appropriate; and provide training,as appropriate, to relevant employees,
<br /> subcontractors and agents of Business Associate on such policies and procedures to prevent the unauthorized
<br /> use or disclosure of PHI.
<br /> d. Third Party Agreements. Under certain circumstances, Business Associate may need to enter into agreements
<br /> with agents or subcontractors in order to satisfy Business Associate's obligations under the Services Agreement.
<br /> If Business Associate discloses to these agents or subcontractors any PHI received from Covered Entity in this
<br /> context, or created or received by Business Associate on behalf of Covered Entity, Business Associate shall
<br /> require such agents or subcontractors to enter into a written agreement with Business Associate that requires
<br /> such agent or subcontractor to agree to be bound by the same restrictions and conditions that apply to Business
<br /> Associate under this Addendum, and to implement reasonable and appropriate safeguards to protect the
<br /> confidentiality, integrity and availability of PHI created, received, transmitted or maintained by the parties during
<br /> The information contained in this document is intended for the recipient and is considered confidential information. III RIVED
<br /> 13
<br />
|