Laserfiche WebLink
Julota <br />Julota® SaaS Agreement <br />Exhibit C <br />HIPAA Business Associate Agreement <br />This HIPAA Business Associate Agreement ("HCCA' or "Agreement") is entered into and effective on October 1, 2020 ("Effective <br />Date') by and between City of Everett, WA Police Department ("Customer") and TouchPhrase Development, LLC dlb/a Julota <br />("Provider" or Business Associate"). <br />WHEREAS, Covered Entity is subject to the "HIPAA Rules," which for purposes of this Agreement shall include the <br />Privacy Rule, Security Rule, Breach Notification Rule and Enforcement Rule (45 CFR Parts 160 and 164) promulgated by the United <br />States Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 <br />(HIPAA), Public Law 104-191, as amended; and <br />WHEREAS, Business Associate may maintain transmit, create or receive Protected Health Information ("PHI') of <br />individuals in the course of providing services to Covered Entity. A description of the services that Business Associate will perform <br />for the Covered Entity is set forth in the SaaS Agreement entered into between the parties. <br />THE PARTIES THEREFORE AGREE TO THE FOLLOWING: <br />Definitions <br />Terms used, but not otherwise defined, in this Agreement, shall have the same meaning as those terms as defined in the <br />HIPAA Rules The parties recognize that electronic PHI is a subset of PHI, all references to PHI in this Agreement shall <br />include electronic PHI. <br />Obligations and Activities of Business Associate <br />(a) Business Associate agrees to not use or further disclose PHI other than as permitted or required by this Agreement or <br />as required by law. <br />(b) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as <br />provided for by this Agreement and to comply with the HIPAA Security Rule (Subpart C of 45 CFR Part 164) <br />(c) Business Associate agrees to mitigate, to the extent practicable any harmful effects that are known to Business <br />Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. <br />(d) Business Associate agrees to report to Covered Entity any use or disclosure of the PHI not provided for by this <br />Agreement of which it becomes aware, including a Breach of Unsecured PHI as required by 45 CFR 164.410. <br />(e) Business Associate agrees, in accordance with 45 CFR 164.502(e)(1)(ii) and 45 CFR 164.308(b)(2) to ensure that any <br />individual or entity that subcontracts with Business Associate to create receive, maintain or transmit PHI received from, <br />or created or received by Business Associate on behalf of Company agrees to the same restrictions and conditions that <br />apply through the HIPAA Rules and this Agreement to Business Associate with respect to such information. <br />(f) To the extent that Business Associate maintains a designated record set on behalf of Covered Entity, Business <br />Associate agrees to provide access, at the request of Covered Entity, as necessary to allow Covered Entity to meet the <br />requirements under 45 CFR 164.524. <br />(g) To the extent that Business Associate maintains a designated record set on behalf of Covered Entity, Business <br />Associate agrees to make any amendment(s) to PHI that the Covered Entity directs as necessary for compliance with 45 <br />CFR 164.526. <br />(h) Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI <br />received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity <br />or at the request of the Covered Entity to the Secretary within a reasonable time of such request for purposes of the <br />Secretary determining Covered Entitys compliance with the HIPAA Rules. <br />page 14 of 16 <br />