Orange County NC Website
Browse       Search
assessment and improvement activities , as those terms are defined in the Privacy Rule or as <br /> permitted by and in accordance with a valid HIPAA authorization meeting the requirements of <br /> 45 C . F . R. § 164 . 508 , as may be amended from time to time , so long as each Party (or its Medical <br /> Providers) has a treatment relationship with the individual who is the subject of the Protected <br /> Health Information being accessed . <br /> In consideration of its access to the Authorizing Party ' s Records of Shared Patients , each <br /> Party agrees it will : <br /> (A) Restrict Medical Provider and Authorized User access to the <br /> Authorizing Party ' s Records to those patients who are current patients of the Party (or its <br /> Medical Providers) at the time the Records are accessed , for the sole purposes described in <br /> this Addendum and for no other reason absent express authorization from the Authorizing <br /> Party , <br /> (B ) Comply, and cause its Medical Providers and Authorized Users to comply, <br /> with the terms of this Addendum, the Agreement and all Applicable Laws , including but not <br /> limited to HIPAA ; <br /> (C) Adopt, implement, and require its Medical Providers and Authorized <br /> Users accessing Records to comply with policies , procedures , and administrative , physical and <br /> technical safeguards regarding confidentiality, security and integrity of patient information and <br /> electronic information, including such Party ' s own computer systems and the information on the <br /> EMR System . Such policies , procedures and safeguards shall include , without limitation, the <br /> following : (1) an overall policy and safeguards governing confidentiality, security and integrity <br /> of health information and compliance with the terms of the HIPAA and the North Carolina <br /> Identity Theft Protection Act (ITPA) , and all other state and federal laws and regulations <br /> pertaining to the privacy, security, or confidentiality of information contained in the Records , as <br /> may be amended from time to time , including but not limited to the Privacy Rule , Security Rule , <br /> and Breach Notification Rule ; (ii) requirements for training of Medical Providers and Authorized <br /> Users on use of the EMR System and on confidentiality , security and integrity of patient <br /> information ; and (iii) sanctions that are at a minimum as stringent as those listed in Attachment <br /> 2 , which will apply to individuals who breach any of the requirements of this Addendum or the <br /> Agreement regarding confidentiality, security or integrity of patient information or other <br /> information in the Records . Further, should a Party implement its sanctions policy as a result of <br /> a violation, such Party agrees to notify the other Party, and, to the extent permitted by applicable <br /> law, provide a copy of any relevant documentation to the Party which, at a minimum, provides <br /> information sufficient for such Party to determine the nature and source of any violation and to <br /> comply with any state or federal law or regulation regarding privacy and the release of medical <br /> records ; <br /> (E) Complete annually and require Medical Providers and Authorized Users to <br /> Exhibit B - 2 <br />