Laserfiche WebLink
12 <br />ADDENDUM 3: BUSINESS ASSOCIATE AGREEMENT <br /> <br />This Business Associate Agreement (the “Agreement”) is made and entered into as of date of last <br />signature below, by and between Sky Insurance Technologies, LLC (“Business Associate;”) and City <br />of Everett (“Plan Sponsor”) on behalf of its group health plan(s) (“Covered Entity”). <br /> <br />WHEREAS, Plan Sponsor, Covered Entity, and Business Associate have entered into a certain underlying <br />agreement(s) (the “Services Agreement”); and <br /> <br />WHEREAS, Plan Sponsor, Covered Entity, and Business Associate are committed to compliance with the <br />Privacy, Security, Breach Notification, Standard Transactions and Enforcement Rules of the Health <br />Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations at 45 <br />C.F.R. Parts 160 to 164 (“HIPAA Regulations”) and any current and future regulations promulgated <br />under HIPAA or the Health Information Technology for Economic and Clinical Health Act (the <br />“HITECH Act”; and together with the other laws and regulations in this paragraph, the “HIPAA Rules”); <br />and <br /> <br />NOW THEREFORE, Plan Sponsor, Covered Entity, and Business Associate enter into the following <br />Business Associate Agreement in furtherance of their compliance with the HIPAA Rules, as described at <br />45 CFR § 164.504. <br /> <br />I. DEFINITIONS <br /> <br />The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA <br />Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Individual, Minimum Necessary, <br />Notice of Privacy Practices, Protected Health Information (PHI), Required By Law, Secretary, Security <br />Incident, Subcontractor, Unsecured Protected Health Information, and Use. <br /> <br />II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br /> <br />a. Business Associate shall be permitted to Use and Disclose PHI consistent with the Minimum <br />Necessary standard (45 C.F.R §164.502(b)) as necessary to perform its obligations under the <br />Services Agreement. <br /> <br />b. Unless otherwise limited herein, in addition to any other Uses and/or Disclosures permitted or <br />authorized by this Agreement or Required by Law, Business Associate may: <br /> <br />i. Use the PHI in its possession for its proper management and administration and to <br />fulfill any legal responsibilities, including as related to the Service Agreement; <br /> <br />ii. Disclose the PHI in its possession to a third party for the purpose of Business <br />Associate’s proper management and administration, including with regard to its <br />fulfillment of services relating to the Services Agreement or to fulfill any legal <br />responsibilities of Business Associate; provided, however, that the Disclosures are <br />Required by Law or Business Associate has received from the third party written <br />assurances that (a) the information will be held confidentially and used or further <br />Disclosed only as Required by Law or for the purposes for which it was Disclosed to <br />the third party; and (b) the third party will notify Business Associate of any instances <br />of which it becomes aware in which the confidentiality of the information has been <br />breached.