Browse
Search
2025-039-E-Health Dept-Forvis-Prepare analysis of 2023-24 Cost Report
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2025
>
2025-039-E-Health Dept-Forvis-Prepare analysis of 2023-24 Cost Report
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/5/2025 3:45:44 PM
Creation date
2/5/2025 3:45:37 PM
Metadata
Fields
Template:
Contract
Date
1/23/2025
Contract Starting Date
1/23/2025
Contract Ending Date
1/28/2025
Contract Document Type
Contract
Amount
$18,000.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
15
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Orange County Health Department <br />January 23, 2025 <br />Page 8 <br /> <br /> <br />term Unsuccessful Security Incident shall mean any <br />security incident that does not result in any unauthorized <br />access, use, disclosure, modification, or destruction of <br />ePHI or any interference with system operations in <br />Business Associates information system. <br />5.2. Notification. To assist Covered Entity in fulfilling its <br />responsibility to notify individuals and others of a breach <br />involving Unsecured PHI as required by HIPAA and <br />applicable state law, the notification shall include, to the <br />greatest extent reasonably possible: <br />i. Each individual whose unsecured PHI was subject <br />to the breach; and <br />ii. Any other available information Covered Entity is <br />required to include in its legally required notification <br />to individual(s) or others. <br />5.3. Mitigation. Business Associate shall mitigate, to the extent <br />practicable, any harmful effect that is known to Business <br />Associate of a use or disclosure of PHI by Business <br />Associate in violation of the requirements of this BAA. <br />6. Term and Termination. <br />6.1. Term. The Term of this BAA shall be effective as of the last <br />date signed and shall terminate without any further action <br />of the parties upon the expiration or termination of the <br />Contract or on the date Covered Entity terminates for <br />cause as authorized in paragraph 6.2 of this section, <br />whichever is sooner. <br />6.2. Termination for Cause. Covered Entity may terminate this <br />BAA if Business Associate has violated a material term of <br />the BAA and Business Associate has not cured the <br />breach or ended the violation within the time specified by <br />Covered Entity. <br />6.3. Obligations of Business Associate Upon Termination. <br />Upon termination of this BAA for any reason, Business <br />Associate, with respect to PHI received from Covered <br />Entity, or created, maintained, or received by Business <br />Associate on behalf of Covered Entity, shall: <br />i. Retain only that PHI which is necessary for Business <br />Associate to continue its proper management and <br />administration or to carry out its legal <br />responsibilities; <br />ii. Return to Covered Entity or destroy the remaining <br />PHI that the Business Associate still maintains in <br />any form; <br />iii. Continue to use appropriate safeguards and comply <br />with Subpart C of 45 CFR Part 164 with respect to <br />ePHI to prevent use or disclosure of the PHI, other <br />than as provided for in this section, for as long as <br />Business Associate retains the PHI; <br />iv. Not use or disclose the PHI retained by Business <br />Associate other than for the purposes for which such <br />PHI was retained and subject to the same conditions <br />set forth in this BAA which applied prior to <br />termination; and <br />v. Return to Covered Entity or destroy the PHI retained <br />by Business Associate when it is no longer needed <br />by Business Associate for its proper management <br />and administration or to carry out its legal <br />responsibilities. <br />6.4. Survival. The obligations of Business Associate under this <br />section shall survive the termination of this BAA. <br />7. Designated Record Set. To the extent Business Associate <br />maintains PHI in a Designated Record Set, Business Associate <br />shall: <br />7.1. Make available PHI in a Designated Record Set to the <br />Covered Entity as necessary to satisfy Covered Entitys <br />obligations under 45 CFR 164.524; and <br />7.2. Incorporate any amendments or corrections to PHI at the <br />request of Covered Entity in accordance with 45 CFR <br />164.526, or take other measures as necessary to satisfy <br />Covered Entitys obligations under 45 CFR 164.526. <br />8. Accounting of Disclosures. Business Associate shall <br />maintain and make available the information required to <br />provide an accounting of disclosures to the Covered Entity as <br />necessary to satisfy Covered Entitys obligations under 45 CFR <br />164.528. <br />9. Access to Records. Business Associate shall make its internal <br />practices, books, and records available to the Secretary of <br />Health and Human Services for purposes of determining <br />compliance with the HIPAA Rules. <br />10. Insurance. Business Associate shall maintain insurance <br />coverage in form and amount necessary to cover data loss <br />and/or damage or the unauthorized disclosure and/or <br />fraudulent use of data. Upon request, Business Associate shall <br />provide Covered Entity with a certificate of insurance <br />evidencing the coverage. <br />11. Privilege. No statutory or common law privilege, including <br />privileges established or recognized by the attorney-client, <br />accountant-client, or other legal privilege, shall be deemed to <br />have been waived by virtue of this BAA. <br />12. No Third-Party Beneficiaries. Nothing herein, express or <br />implied, is intended to or shall confer upon any other person or <br />entity any legal or equitable right, benefit, or remedy of any <br />nature whatsoever under or by reason of this BAA. <br />13. Integration. Any reference in this Agreement to a section of the <br />HIPAA/HITECH Final Omnibus Rule, and applicable <br />regulations, means the section as in effect as amended and for <br />which compliance is required. <br />14. General. This BAA is governed by, and shall be construed in <br />accordance with, the laws of the State of North Carolina. If any <br />part of a provision of this BAA is found illegal or unenforceable, <br />it shall be enforced to the maximum extent permissible, and the <br />legality and enforceability of the remainder of that provision and <br />all other provisions of this BAA shall not be affected. This BAA <br />may be modified, or any rights under it waived, only by a written <br />document executed by the authorized representatives of both <br />parties. <br />Docusign Envelope ID: 183D8F77-022B-48BA-9D7A-59C5C1C4FC1A
The URL can be used to link to this page
Your browser does not support the video tag.