Loading...
HomeMy WebLinkAboutContractM BUSINESS ASSOCIATE AGREEMENT 0 CAG -05-109 This Agreement is entered into between the Seattle -King County Department of Public Health ("Covered Entity") and City of Renton, c/o Fire Department ("Business Associate"). The Business Associate acknowledges and agrees that Protected Health Information can be used or shared only within the parameters of this document and the Department of Health and Human Services Privacy Regulations, Code of Federal Regulations, ("CFR") Title 45, Sections 160 and 164, or as required by law. CFR Title 45, Sections 160 and 164 are by way of reference, an integral part of this Agreement. Business Associate is charged with the knowledge of and agrees to abide by the terms and conditions of CFR Title 45, Sections 160 and 164. The effective date of this Agreement is April 1, 2005. I. PURPOSE The Covered Entity needs to make available and/or disclose to the Business Associate certain protected health information for management, administration, and legal responsibilities during the normal course of business between the parties per King County Contract # D33100D. II. RESPONSIBILITIES OF BUSINESS ASSOCIATE With regard to its use and/or disclosure of protected health information, the Business Associate hereby agrees to do the following: A. Use and Disclosure: Use and/or disclose Protected Health Information only as permitted or required by this Agreement or as otherwise required by law. B. Security: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the protected health information that it creates, receives, maintains, or transmits on behalf of the Covered Entity as required by CFR Title 45, Section 164, Subpart C. C. Improper Disclosures: Report all unauthorized or otherwise improper disclosures of Protected Health Information, or security incident, to the Covered Entity within two (2) days of the Business Associate's knowledge of such event. D. Mitigation: Mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. E. Agents: Ensure that any agent, including all of its employees, representatives, and subcontractors, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. F. Right of Access: 1. Make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the M cm Secretary of Department of Health and Human Services, within five (5) business days of written request by the Covered Entity or the Secretary, for the purpose of determining compliance with the Privacy Rule and/or this agreement. 2. Provide to Covered Entity, within five (5) business days of written request by Covered Entity information collected in accordance with this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528, or to permit Covered Entity to respond to a request by an Individual for access to Protected Health Information in accordance with 45 CFR 164.524. G. Documentation of Disclosures: Document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. H. Amendments: Make any amendments to Protected Health Information that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity, within five (5) business days of written request by Covered Entity. III. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE A. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. B. Except as otherwise limited in the Agreement, Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 42 CFR 164.504.(e)(2)(i)(B). IV. TERM AND TERMINATION A. Term: This Agreement shall become effective on the Effective Date and shall continue in effect until all obligations of the parties have been met, unless terminated as provided herein or by mutual agreement of the parties. B. Termination for Cause: Upon Covered Entity's knowledge of a material breach by Business Associate, Covered Entity shall provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Agreement if Business Associate does not cure the breach or end the violation within ten (10) business days of receipt of written notice by the Covered Entity, or immediately terminate this Agreement if Business Associate has breached a material term of this Agreement and cure is not possible. C. Other Termination: This Agreement may be terminated by Covered Entity upon thirty (30) days prior written notice to the other party, which notice shall specify the date of termination. D. Effect of Termination: Except as provided in paragraph B. of this Section, upon termination of this Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information. LTA cm L_7 In the event that Business Associate determines that returning or destroying the Protected Health Information is not feasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further disclosures of such Protected Health Information to those purposes that make return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. MISCELLANEOUS A. Defense and Indemnification: Business Associate shall defend, indemnify and hold harmless Covered Entity from and against all claims, liabilities, judgments, fines, assessments, penalties, awards or other expenses, of any nature whatsoever, including without limitation attorneys fees, expert witness fees, and costs of investigation, litigation, or dispute resolution, relating to or arising out of any breach of this Agreement by Business Associate, its employees, officers, agents, or sub- contractors. B. Regulatory References: A reference in this Agreement to a Section in the Department of Health and Human Services Privacy Regulations, Code of Federal Regulations, Title 45, Sections 160 and 164 means the Section as in effect or as amended, and for which compliance is required. C. Amendment: The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Department of Health and Human Services Privacy Regulations, Code of Federal Regulations, Title 45, Sections 160 and 164. D. Notices: Whenever Covered Entity or Business Associate is required to give notice to the other party, notice shall be in writing, posted in the US Mail, and deemed delivered after three (3) business days. E. Survival: Section V.D. of this Agreement shall survive the termination of this Agreement. F. Interpretation: Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the Department of Health and Human Services Privacy Regulations, Code of Federal Regulations, Title 45, Sections 160 an_d464. VI. FOF BUS,ESS„ASS ° CI" E FOR Au zed Signature Auth A . Lee Whaler Print Name Firt Cti►LF_ Cif, n f 1&40N Print Title Mailing Address 105s 5ovK Gtr 4 wa ?4mmg WA, 116055 City, State, Zip ENTITY (KING COUNTY) Alonzo Plough, Ph.D., MPH Print Name Director and Health Officer Print Title Mailing Address 999 Third Avenue, Suite 1200 Seattle, WA 98104 City, State, Zip