This HIPAA Business Associate Agreement ("Agreement") is made by and between healthlawoffice.com ("Business Associate") and Covered Entity Client of healthlawoffice.com ("Covered Entity Client"), and is effective only if the Covered Entity Client engages Business Associate (pursuant to a separate attorney-client engagement) to perform tasks that involve the use of protected health information ("Protected Health Information"). This Agreement is dated and effective as of April 14, 2003.
The parties intend that this Agreement comply with the federal privacy and security regulations that were authorized by the administrative simplification provisions of the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The federal privacy and security regulations are codified at Title 45 of the Code of Federal Regulations (C.F.R.) in Parts 160 and 164 (collectively “the Federal Regulations”). The specific regulations requiring this Agreement are 45 C.F.R. § 164.308(b), § 164.314(a), § 164.502(e), and § 164.504(e). This Agreement is unique to an attorney-client relationship and should not be used as a template for other types of business associate relationships.
The term of this Agreement shall be effective as of the effective date, and shall terminate when all of the Protected Health Information received from or on behalf of Covered Entity Client is destroyed or returned to Covered Entity Client. If it is not feasible to return or destroy Protected Health Information, protections are extended to such information in accordance with the termination provisions of this Agreement.
Business Associate may use or disclose Protected Health Information to perform legal services for Covered Entity Client.
Business Associate will not use or further disclose Protected Health Information other than as permitted by this Agreement or as “required by law” as that term is used in the Federal Regulations.
Business Associate will use appropriate safeguards to prevent subsequent use or disclosure of Protected Health Information, and will report to Covered Entity Client any known use or disclosure of Protected Health Information not provided for by this Agreement.
Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information (including electronic Protected Health Information) agrees to the same restrictions and conditions that apply through this Agreement.
Business Associate will make available Protected Health Information and the information required to permit Covered Entity Client to respond to a request by an individual seeking to access, amend, or obtain an accounting of disclosures of Protected Health Information as permitted by the Federal Regulations.
Business Associate agrees to make records relating to the use and disclosure of Protected Health Information received from or on behalf of Covered Entity Client available to Covered Entity Client or at the written request of Covered Entity Client to an agent of the Department of Health and Human Services for the purpose of determining Covered Entity Client's compliance with the Federal Regulations. Business Associate will at all times assert applicable attorney-client privileges on behalf of Covered Entity Client and will not disclose confidential client information unless authorized in writing by the Covered Entity Client. Nothing in this Agreement shall be construed to waive applicable attorney-client privileges.
Business Associate will implement appropriate safeguards to protect electronic Protected Health Information, and will report to the Covered Entity Client any known "security incident" as that term is used in the Federal Regulations.
Upon Covered Entity Client's knowledge of a material breach by Business Associate, Covered Entity Client shall either terminate this Agreement or provide a reasonable opportunity for Business Associate to cure the breach. If this Agreement is terminated, Business Associate or its agents will return or destroy all Protected Health Information received from or on behalf of Covered Entity Client if it is feasible to do so. The nature of an attorney-client relationship generally requires the attorney to maintain records of the client during the representation and for a period beyond such representation. Therefore, Business Associate shall follow the protections of this Agreement for so long as Business Associate maintains Protected Health Information in the course of an attorney-client relationship.
The parties agree to amend this Agreement from time to time as is necessary for Covered Entity Client to comply with the Federal Regulations, and any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity Client to comply with the Federal Regulations. Nothing in this Agreement shall be construed to provide anyone other than Business Associate or Covered Entity Client the rights contained in this Agreement. The obligations of Business Associate and rights of Covered Entity Client under this Agreement shall survive the termination of this Agreement.
updated 1.29.08
Copyright 2000-2008 healthlawoffice.com