Laserfiche WebLink
4 <br />1 N I (� <br />fi 1�4 9 , 4 ' 14 Business Associate Agreement <br />This Business Associate Agreement ("Agreement") is made and entered into by and between Jefferson <br />County, ("Company"), and First Choice Health Network, Inc. Company and First Choice Health Network, Inc. may <br />be referred to individually as a "Party" and collectively as the "Parties". <br />Recitals <br />WHEREAS, the Parties are considered Business Associates as such term is defined in 45 C.F.R. § <br />160.103. <br />WHEREAS, The Parties have entered into an agreement pursuant to which the Parties will provide certain <br />services to or on behalf of each other, and each Party may create, receive, maintain, transmit, or have access to <br />Protected Health Information in order to provide those services ("Services Agreement"); <br />WHEREAS, the Department of Health and Human Services ("HHS") has promulgated regulations at 45 <br />Code of Federal Regulations ("C.F.R.") Parts 160 and 164 implementing the privacy requirements ("Privacy Rule") <br />and regulations at 45 C.F.R. Parts 160, 162 and 164 implementing the security requirements ("Security Rule") set <br />forth in the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ("HIPAA") as <br />amended by regulations implementing Subtitle D of the Health Information Technology for Economic and Clinical <br />Health Act which is Title XIII of the American Recovery and Reinvestment Act of 2009 (Public Law 111=5); <br />WHEREAS, the Privacy Rule and Security Rule require Parties to enter into a written contract in order to <br />assure certain protections for the privacy and security of Protected Health Information, and the Privacy Rule and <br />Security Rule prohibit the disclosure or use of Protected Health Information to or by either Party if such a contract is <br />not in place; <br />WHEREAS, both Parties mutually agree to satisfy the foregoing regulatory requirements and all federal, <br />state and local confidentiality, privacy, and security laws through this Agreement; <br />NOW THEREFORE, in consideration of the foregoing and of the mutual promises contained herein, the <br />receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows: <br />1. Definitions. <br />Terms used, but not otherwise defined in this Agreement shall have the same meaning as those terms in 45 <br />C.F.R. Part 160, Part 162, and Part 164, then in effect or as amended, which are collectively referred to as <br />the "HIPAA Rules". <br />1.1 "Breach" shall have the same meaning as the term "Breach" in 45 C.F.R. § 164.402. <br />1.2 "Covered Entity" shall have the same meaning given such term in 45 C.F.R. § 160.103. <br />1.3 "Data Aggregation" shall have the meaning given such term in 45 C.F.R. § 164.501. <br />1.4 "Designated Record Set" shall have the meaning given to such term in 45 C.F.R. § 164.501. <br />1.5 "Disclose" and "Disclosure" mean, with respect to Protected Health Information, the release, <br />transfer, provision of, access to, or divulging in any other manner of Protected Health Information <br />outside a Party's internal operations or to persons or entities other than members of its workforce. <br />1.6 "Electronic Protected Health Information" or "EPHI" shall have the meaning found in the <br />Security Rule, 45 C.F.R. § 160.103. <br />4811-2353-9987.02 <br />