Browse
Search
Agenda - 03-20-2018 8-e - University of North Carolina Health Care System Electronic Medical Record System Access Agreement
OrangeCountyNC
>
Board of County Commissioners
>
BOCC Agendas
>
2010's
>
2018
>
Agenda - 03-20-2018 Regular Meeting
>
Agenda - 03-20-2018 8-e - University of North Carolina Health Care System Electronic Medical Record System Access Agreement
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/16/2018 3:07:25 PM
Creation date
3/16/2018 3:20:39 PM
Metadata
Fields
Template:
BOCC
Date
3/20/2018
Meeting Type
Regular Meeting
Document Type
Agenda
Agenda Item
8-e
Document Relationships
Agenda - 03-20-2018 Regular Meeting
(Message)
Path:
\Board of County Commissioners\BOCC Agendas\2010's\2018\Agenda - 03-20-2018 Regular Meeting
Minutes 03-20-2018
(Message)
Path:
\Board of County Commissioners\Minutes - Approved\2010's\2018
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
40
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Exhibit B - 2 <br /> <br />assessment and improvement activities, as those terms are defined in the Privacy Rule or as <br />permitted by and in accordance with a valid HIPAA authorization meeting the requirements of <br />45 C.F.R. § 164.508, as may be amended from time to time, so long as each Party (or its Medical <br />Providers) has a treatment relationship with the individual who is the subject of the Protected <br />Health Information being accessed. <br /> <br />In consideration of its access to the Authorizing Party’s Records of Shared Patients, each <br />Party agrees it will: <br /> <br /> (A) Restrict Medical Provider and Authorized User access to the <br />Authorizing Party’s Records to those patients who are current patients of the Party (or its <br />Medical Providers) at the time the Records are accessed, for the sole purposes described in <br />this Addendum and for no other reason absent express authorization from the Authorizing <br />Party; <br /> <br /> (B) Comply, and cause its Medical Providers and Authorized Users to comply, <br />with the terms of this Addendum, the Agreement and all Applicable Laws, including but not <br />limited to HIPAA; <br /> <br /> (C) Adopt, implement, and require its Medical Providers and Authorized <br />Users accessing Records to comply with policies, procedures, and administrative, physical and <br />technical safeguards regarding confidentiality, security and integrity of patient information and <br />electronic information, including such Party’s own computer systems and the information on the <br />EMR System. Such policies, procedures and safeguards shall include, without limitation, the <br />following: (i) an overall policy and safeguards governing confidentiality, security and integrity <br />of health information and compliance with the terms of the HIPAA and the North Carolina <br />Identity Theft Protection Act (ITPA), and all other state and federal laws and regulations <br />pertaining to the privacy, security, or confidentiality of information contained in the Records, as <br />may be amended from time to time, including but not limited to the Privacy Rule, Security Rule, <br />and Breach Notification Rule; (ii) requirements for training of Medical Providers and Authorized <br />Users on use of the EMR System and on confidentiality, security and integrity of patient <br />information; and (iii) sanctions that are at a minimum as stringent as those listed in Attachment <br />2, which will apply to individuals who breach any of the requirements of this Addendum or the <br />Agreement regarding confidentiality, security or integrity of patient information or other <br />information in the Records. Further, should a Party implement its sanctions policy as a result of <br />a violation, such Party agrees to notify the other Party, and, to the extent permitted by applicable <br />law, provide a copy of any relevant documentation to the Party which, at a minimum, provides <br />information sufficient for such Party to determine the nature and source of any violation and to <br />comply with any state or federal law or regulation regarding privacy and the release of medical <br />records; <br /> <br /> (E) Complete annually and require Medical Providers and Authorized Users to <br />24
The URL can be used to link to this page
Your browser does not support the video tag.