|
ATTACHMENT 1
<br />BUSINESS ASSOCIATE AGREEMENT
<br />This Agreement is made effective the I" of October 2017, by and between Orange County
<br />Government through its Orange County Health Department, hereinafter referred to as "Covered Entity ",
<br />and The University of North Carolina at Chapel Hill, on behalf of its Department of Family Medicine in the
<br />School of Medicine, hereinafter referred to as "Business Associate ", (individually, a "Party" and collectively,
<br />the "Parties "). This Agreement supersedes any previously executed Business Associate Agreement between
<br />the parties.
<br />WITNESSETH:
<br />WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and Accountability
<br />Act of 1996, Public Law 104 -191, as modified by the Health Information Technology for Economic and
<br />Clinical Health Act, known collectively as "the Administrative Simplification provisions," direct the
<br />Department of Health and Human Services to develop standards to protect the security, confidentiality and
<br />integrity of health information; and
<br />WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and
<br />Human Services has issued regulations at 45 CPR Parts 160 and 164, as the same may be amended fi-om time
<br />to time (the "HIPAA Security and Privacy Rule "); and
<br />WHEREAS, the Parties, contemporaneously with the signing of this Agreement, have entered into an
<br />arrangement whereby Business Associate will provide certain services to Covered Entity, and, pursuant to
<br />such arrangement, Business Associate may be considered a "business associate" of Covered Entity as
<br />defined in the HIPAA Security and Privacy Rule (the agreement evidencing such arrangement is hereby
<br />referred to as the "Arrangement Agreement "); and
<br />WHEREAS, Business Associate may have access to Protected Health Information (as defined below)
<br />in fulfilling its responsibilities under such arrangement;
<br />THEREFORE, in consideration of the Parties' continuing obligations under the Arrangement
<br />Agreement, .compliance with the HIPAA Security and Privacy Rule, and other good and valuable
<br />consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the
<br />provisions of this Agreement in order to address the requirements of the IIIPAA Security and Privacy Rule
<br />and to protect the interests of both Parties.
<br />1. DEFINITIONS
<br />Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions
<br />set forth in the HIPAA Security and Privacy Rule. In the event of an inconsistency between the provisions of
<br />this Agreement and mandatory provisions of the HIPAA Security and Privacy Rule, as amended, the HIPAA
<br />Security and Privacy Rule shall control. Where provisions of this Agreement are different from those
<br />mandated in the HIPAA Security and Privacy Rule, but are nonetheless permitted by the HIPAA Security
<br />and Privacy Rule, the provisions of this Agreement shall control.
<br />The term "Protected Health Information" means individually identifiable health information including,
<br />without limitation, all information, data, documentation, and materials, including without limitation,
<br />demographic, medical and financial information, that relates to the past, present, or future physical or mental
<br />health or condition of an individual; the provision of health care to an individual; or the past, present, or
<br />{00102384.DOCX}
<br />
|