|
MCR BUSINESS ASSOCIATE AGREEMENT
THIS BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is
made and entered into effective the ___ day of ______________, 2002,
by and between ___________________________ (hereinafter called "COVERED
ENTITY"), a ________________________, which maintains its principal
place of business at _______________, and Medical Capital Recovery,
Inc., (hereinafter called "BUSINESS ASSOCIATE"), a Texas
corporation, which maintains its principal place of business at
Austin, Texas.
WHEREAS, COVERED ENTITY is a provider of health and medical services
and maintains certain confidential protected health information
and records concerning its patients; and
WHEREAS, BUSINESS ASSOCIATE is a provider of third party resource
eligibility services and electronic eligibility confirmation services;
and
WHEREAS, COVERED ENTITY and BUSINESS ASSOCIATE have entered into
a service agreement (the "Contract") in which BUSINESS
ASSOCIATE has agreed to provide electronic eligibility confirmation
services and third party resource patient eligibility services to
the COVERED ENTITY; and
WHEREAS, COVERED ENTITY and BUSINESS ASSOCIATE have agreed to
conduct all of their business in compliance with all applicable
federal, state and local statutes, regulations, rules and policies,
including but not limited to, the Health Insurance Portability and
Accountability Act of 1996 ("HIPAA"); and
WHEREAS, in the course of the performance of the Contract, BUSINESS
ASSOCIATE, and its directors, officers, partners, employees, advisors,
and attorneys (the "Agents"), will be provided with access
to individually identifiable health information, including demographic
information collected from patients and other individuals, created
or received by COVERED ENTITY which relates to the past, present,
or future physical or mental health or condition of an individual,
the provision of health care to an individual, or the past, present,
or future payment for the provision of health care to an individual,
which information identifies the individual or with respect to which
there is a reasonable basis upon which to believe that the information
can be used to identify the individual (the "Protected Health
Information"); and
WHEREAS, it appears that the BUSINESS ASSOCIATE is a Business
Associate of the COVERED ENTITY as that term is defined in the HIPAA
regulations; and
WHEREAS, COVERED ENTITY is willing to provide BUSINESS ASSOCIATE
and its Agents with access to the Protected Health Information such
that that BUSINESS ASSOCIATE can perform under the Contract, provided
BUSINESS ASSOCIATE executes this Agreement, as required by the HIPAA
regulations.
NOW, THEREFORE, in consideration for granting BUSINESS ASSOCIATE
access to the Protected Health Information and for other good and
valuable consideration, the receipt and sufficiency of which is
hereby acknowledged, BUSINESS ASSOCIATE hereby agrees as follows:
1. Confidentiality. BUSINESS ASSOCIATE and its
Agents agree to keep the Protected Health Information strictly
confidential and will use and/or disclose the Protected Health
Information solely for the purpose of performing its obligations
under the Contract. BUSINESS ASSOCIATE will disclose the contents
of the Protected Health Information to its Agents only as minimally
necessary and only to the extent required for the BUSINESS ASSOCIATE
to accomplish the intended purposes set forth in the Contract.
2. General Privacy Compliance. BUSINESS ASSOCIATE
shall maintain and safeguard the privacy, security, and confidentiality
of all Protected Health Information transmitted or received from
the COVERED ENTITY in connection with the Contract, in accordance
with the provisions of HIPAA, as amended, and in accordance with
all applicable federal, state and local statutes, regulations
and policies regarding the confidentiality of patient health information.
3. Privacy and Security Obligations. This Agreement
establishes permitted and required uses and disclosures of Protected
Health Information by the BUSINESS ASSOCIATE. As required by the
HIPAA regulations, the BUSINESS ASSOCIATE will:
a. Not use or further disclose Protected Health Information
other than as permitted or required by this Agreement, or as
required by law;
b. Use appropriate safeguards to prevent the use or disclosure
of such Protected Health Information other than as provided
for by this Agreement;
c. Report to COVERED ENTITY any use or disclosure of such Protected
Health Information not provided for by this Agreement of which
BUSINESS ASSOCIATE becomes aware;
d. Ensure that any agents, including a subcontractor, to whom
BUSINESS ASSOCIATE provides Protected Health Information received
from, or created or received by the BUSINESS ASSOCIATE on behalf
of, the COVERED ENTITY agrees in writing to the same restrictions
and conditions that apply to BUSINESS ASSOCIATE with respect
to such Protected Health Information;
e. Make available Protected Health Information for inspection
and copying in accordance with Section 164.524 of the HIPAA
regulations;
f. Make available Protected Health Information for amendment
and incorporate any amendments to Protected Health Information
in accordance with Section 164.526 of the HIPAA regulations;
g. Make available the information required to provide an accounting
of disclosures in accordance with Section 164.528 of the HIPAA
regulations;
h. Make BUSINESS ASSOCIATE's internal practices, books and
records relating to the use and disclosure of Protected Health
Information received from, or created or received by the BUSINESS
ASSOCIATE on behalf of, the COVERED ENTITY available to the
Secretary of Health and Human Services ("HHS") for
purposes of determining the COVERED ENTITY's compliance with
HIPAA;
i. At termination of the Agreement, if feasible, return or
destroy all Protected Health Information received from, or created
or received by the BUSINESS ASSOCIATE on behalf of, the COVERED
ENTITY that the BUSINESS ASSOCIATE still maintains in any form
and retain no copies of such Protected Health Information or,
if such return or destruction is not feasible, extend the protection
of this Agreement to the Protected Health Information and limit
further uses and disclosures to those purposes that make the
return or destruction of the Protected Health Information infeasible;
and
j. Incorporate any amendments or corrections to the Protected
Health Information when notified pursuant to applicable law.
4. De-Identification. Notwithstanding anything
herein to the contrary, BUSINESS ASSOCIATE may store, analyze,
access and use components of Protected Information that have been
"de-identified" and that do not contain individually
identifiable health information, provided that any such use is
then consistent with applicable law.
5. Indemnification. BUSINESS ASSOCIATE agrees to
defend (at the option of COVERED ENTITY) indemnify, and hold harmless
COVERED ENTITY and its agents, shareholders, employees, officers,
and directors against any and all claims, demands, causes of action,
losses, damages, liabilities, judgment, costs and expenses (including
reasonable attorneys' fees) asserted against or incurred by COVERED
ENTITY or its agents, shareholders, employees, officers, and directors
as a result of any violation of, or failure to comply with, the
provisions of this Agreement by BUSINESS ASSOCIATE and/or its
Agents.
6. Limitation of Liability. BUSINESS ASSOCIATE
acknowledges and understands that COVERED ENTITY makes no representations
or warranties, express or implied, regarding the content or completeness
of the Protected Health Information provided pursuant to the terms
of the Contract. BUSINESS ASSOCIATE agrees to release COVERED
ENTITY and its agents, shareholders, employees, officers, and
directors, from all claims, demands, causes of action, losses,
damages, liabilities, costs or expenses (including reasonable
attorneys' fees) asserted against or incurred by BUSINESS ASSOCIATE
or its Agents by reason of the use or disclosure of the Protected
Health Information pursuant to the terms of the Contract.
7. Insurance. In conjunction with the limitation
of liability set forth in Section 6 of this Agreement, BUSINESS
ASSOCIATE agrees to procure and maintain, at its own expense,
in full force and effect during the term of this Agreement, an
insurance policy that provides, at a minimum, the following types
and levels of coverage:
a. Commercial General Liability insurance, written on an occurrence
basis, with a combined single limit of not less than One Million
Dollars ($1,000,000); and
b. Errors and Omissions insurance, written on an occurrence
basis, with a maximum liability limitation of at least One Million
Dollars ($1,000,000). All insurance policies procured by BUSINESS
ASSOCIATE under this Agreement shall name the COVERED ENTITY
as an additional insured and will provide for at least thirty
(30) days' prior written notice to the COVERED ENTITY of the
cancellation or modification of the policies. BUSINESS ASSOCIATE
shall deliver a copy of the certificates of insurance to the
COVERED ENTITY within thirty (30) days after the execution of
this Agreement.
8. Breach of Agreement; Termination.
a. In the event that the COVERED ENTITY becomes aware of a
pattern or practice of the BUSINESS ASSOCIATE that constitutes
a material breach or violation of the BUSINESS ASSOCIATE's obligations
under this Agreement, which breach is not cured within five
(5) days after notice is provided to the BUSINESS ASSOCIATE,
this Agreement will be terminated by the COVERED ENTITY for
cause. Termination for cause under this section shall also constitute
a breach of the Contract, permitting the termination of the
Contract for cause by the COVERED ENTITY, if feasible.
b. In the event of a default or breach by the BUSINESS ASSOCIATE
as set forth in Section 8(a) of this Agreement, the COVERED
ENTITY shall have available to it any legal or equitable right
or remedy to which COVERED ENTITY is entitled, including but
not limited to, injunctive relief. COVERED ENTITY shall not
be deemed to have waived any of its rights or remedies on account
of its failure or delay in exercising any such right or remedy
in a particular instance.
9. Record Retention. Until the expiration of four
(4) years after the furnishing of the BUSINESS ASSOCIATE's services
contemplated by this Agreement and the Contract, and if and to
the extent, and so long as, required by law and not otherwise,
BUSINESS ASSOCIATE shall make available upon request to the HHS,
the United States Comptroller General and their representatives,
this Agreement, and all other books, documents and records as
are necessary to certify the nature and extent of the costs incurred
by the COVERED ENTITY in purchasing BUSINESS SSOCIATE services
under this Agreement and the Contract, and if BUSINESS ASSOCIATE
provides such services through a subcontract worth Ten Thousand
Dollars ($10,000) or more over a twelve-month period with a related
organization, such subcontract shall also contain a clause permitting
access by the HHS, the United States Comptroller General and their
representatives to books and records of such related organization.
In all events, BUSINESS ASSOCIATE shall immediately notify COVERED
ENTITY upon receipt by BUSINESS ASSOCIATE of any such request
for this Agreement, the Contract, and any other books, documents
and records, and shall provide COVERED ENTITY with copies of any
such materials.
10. Re-Negotiation. The parties agree to negotiate
in good faith any modification to this Agreement that may be necessary
or required to ensure consistency with amendments to and changes
in applicable federal and state laws and regulations, including
but not limited to, regulations promulgated pursuant to HIPAA.
11. Miscellaneous Provisions.
a. This Agreement shall not be assignable by either party without
the other's prior written consent. Notwithstanding the foregoing,
this Agreement shall be binding upon and shall inure to the
benefit of the parties, and any successor to the operations
and business of the parties whether by operation of law or otherwise.
b. All notices given pursuant to this Agreement shall be in
writing and shall be delivered by hand or sent by registered
or certified mail, return receipt requested, postage pre-paid,
addressed to the party for whom it is intended at its or his
address as first set forth above. Any address for the giving
of notice may be changed by giving notice to that effect to
the other party. Each such notice shall be deemed to have been
given on the date of its receipt by the party for whom it was
intended.
c. If any provision of this Agreement is or becomes unenforceable,
the remainder of this Agreement shall nevertheless remain binding
to the fullest extent possible, taking into consideration the
purposes and spirit of this Agreement.
d. This Agreement contains the entire understanding of the
parties hereto with regard to the subject matter hereof, and
supersedes all other agreements and understandings, written
and oral, relating to the subject matter hereof. This Agreement
may not be amended or modified, nor may any of its provisions
be waived, except by a writing executed by both of the parties
hereto or, in the case of a waiver, by the party waiving compliance.
The waiver of any one breach shall not be construed as a waiver
of any rights or remedies with respect to any other breach or
subsequent breach.
e. Any provision of this Agreement which by its terms is intended
to survive the termination or expiration of this Agreement shall
so survive.
f. This Agreement shall be governed by and construed in accordance
with the laws of the State of Washington applicable to agreements
made and to be performed entirely within such State, with regard
to principles of conflicts of law. Any action arising under
this Agreement shall be venued in the county of the clinic's
location.
g. This Agreement may be executed in one or more counterpart
copies, each of which shall be deemed an original and together
shall constitute one and the same Agreement.
h. Each party to this Agreement agrees to comply with all required
and applicable components of any then applicable HIPAA Corporate
Compliance plan promulgated by that party.
|
