Orange County NC Website
• BUSINESS ASSOCIATE AGREEMENT <br />This Agreement is made effective the 1St of July 2008, by and between the University of North <br />Carolina Hospitals, hereinafter referred to as "Covered Entity°, and Orange County, hereinafter referred <br />to as "Business Associate", (individually, a "Party" and collectively, the "Parties"). This Agreement <br />supersedes any previously executed Business Associate Agreement between the parties. <br />WITNESSETH: <br />WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and <br />Accountability Act of 1996, Public Law 104-191, known as "the Administrative Simplification provisions,° <br />direct the Department of Health and Human Services to develop standards to protect the security, <br />confidentiality and integrity of health information; and <br />WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and <br />Human Services has issued regulations modifying 45 CFR Parts 160 and 164 (the "HIPAA Security and <br />Privacy Rule"); and <br />WHEREAS, the Parties wish to enter into or have entered into an arrangement whereby <br />Business Associate will provide certain services to Covered Entity, and, pursuant to such an-angement, <br />Business Associate may be considered a "business associate" of Covered Entity as defined in the <br />HIPAA Security and Privacy Rule (the agreement evidencing such arrangement is described on Exhibit <br />A attached hereto and made a part hereof, and is hereby referred to as the "Arrangement Agreement"); <br />and <br />WHEREAS, Business Associate may have access to Protected Health Information (as defined <br />below) in fulfilling its responsibilities under such arrangement; <br />THEREFORE, in consideration of the Parties' continuing obligations under the Arrangement <br />Agreement, compliance with the HIPAA Security and Privacy Rule, and other good and valuable <br />consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the <br />provisions of this Agreement in order to address the requirements of the HIPAA Security and Privacy <br />Rule and to protect the interests of both Parties. <br />DEFINITIONS <br />Except as otherwise defined herein, any and all capitalized terms in this Section shall have the <br />definitions set forth in the HIPAA Security and Privacy Rule. In the event of an inconsistency between <br />the provisions of this Agreement and mandatory provisions of the HIPAA Security and Privacy Rule, as <br />amended, the HIPAA Security and Privacy Rule shall control. Where provisions of this Agreement are <br />different than those mandated in the HIPAA Security and Privacy Rule, but are nonetheless permitted <br />by the HIPAA Security and Privacy Rule, the provisions of this Agreement shall control. <br />The term "Protected Health Information° means individually identifiable health information including, <br />without limitation, all information, data, documentation, and materials, including without limitation, <br />demographic, medical and financial information, that relates to the past, present, or future physical or <br />mental health or condition of an individual; the provision of health care to an individual; or the past, <br />present, or future payment for the provision of health care to an individual; and that identifies the <br />• individual or with respect to which there is a reasonable basis to believe the information can be used to <br />