Orange County NC Website
BUSINESS ASSOCIATE AGREEMENT <br /> This Agreement is made effective the 1St day of July 2015, by and between UNC Hospitals, <br /> hereinafter referred to as "Covered Entity", and Orange County hereinafter referred to as "Business <br /> Associate", (individually, a "Party" and collectively, the "Parties"). This Agreement supersedes any <br /> previously executed Business Associate Agreement between the parties. <br /> WITNESSETH: <br /> WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and <br /> Accountability Act of 1996, Public Law 104-191, as modified by the Health Information Technology for <br /> Economic and Clinical Health Act, known collectively as "the Administrative Simplification provisions," <br /> direct the Department of Health and Human Services to develop standards to protect the security, <br /> confidentiality and integrity of health information; and <br /> WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and <br /> Human Services has issued regulations at 45 CFR Parts 160 and 164, as the same may be amended <br /> from time to time (the "HIPAA Security and Privacy Rule"); and <br /> WHEREAS, the Parties wish to enter into or have entered into an arrangement whereby <br /> Business Associate will provide certain services to Covered Entity, and, pursuant to such arrangement, <br /> Business Associate may be considered a "business associate" of Covered Entity as defined in the <br /> HIPAA Security and Privacy Rule (the agreement evidencing such arrangement is referred to herein as <br /> the "Arrangement Agreement" and is made a part hereof); and <br /> WHEREAS, Business Associate may have access to Protected Health Information (as defined <br /> below) in fulfilling its responsibilities under such arrangement; <br /> THEREFORE, in consideration of the Parties' continuing obligations under the Arrangement <br /> Agreement, compliance with the HIPAA Security and Privacy Rule, and other good and valuable <br /> consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the <br /> provisions of this Agreement in order to address the requirements of the HIPAA Security and Privacy <br /> Rule and to protect the interests of both Parties. <br /> I. DEFINITIONS <br /> Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the <br /> definitions set forth in the HIPAA Security and Privacy Rule. In the event of an inconsistency between <br /> the provisions of this Agreement and mandatory provisions of the HIPAA Security and Privacy Rule, as <br /> amended, the HIPAA Security and Privacy Rule shall control. Where provisions of this Agreement are <br /> different than those mandated in the HIPAA Security and Privacy Rule, but are nonetheless permitted <br /> by the HIPAA Security and Privacy Rule, the provisions of this Agreement shall control <br /> The term "Protected Health Information" means individually identifiable health information including, <br /> without limitation, all information, data, documentation, and materials, including without limitation, <br /> demographic, medical and financial information, that relates to the past, present, or future physical or <br /> mental health or condition of an individual; the provision of health care to an individual; or the past, <br /> present, or future payment for the provision of health care to an individual; and that identifies the <br /> individual or with respect to which there is a reasonable basis to believe the information can be used to <br /> identify the individual. "Protected Health Information" includes without limitation "Electronic Protected <br /> Health Information" as defined below. <br /> Page 11 Revised October 2013 <br />