Laserfiche WebLink
• CITY <br /> BMI Audit Services <br /> BUSINESS ASSOCIATE AGREEMENT <br /> This Agreement, made as of the date subscribed below, between the health plan(s) ("Covered <br /> Entity") sponsored by the CITY OF EVERETT,WASHINGTON and BMI AUDIT SERVICES,LLC, <br /> (the"Business Associate"). <br /> Covered Entity is receiving and Business Associate is providing services in connection with the <br /> operation of Covered Entity, pursuant to the terms of an agreement between them dated <br /> r ,aro? (the"Services Agreement"). This Agreement sets forth certain terms that apply <br /> to the relationship between Covered Entity and Business Associate that arises out of the Services <br /> Agreement, and which are required by the Health Insurance Portability and Accountability Act, <br /> Public Law 104-191, as amended and its associated Privacy, Security, and Breach Notification <br /> Rules, 45 CFR Part 160 and 164 (collectively, "HIPAA"). The terms of this Agreement shall be <br /> interpreted and applied consistently with HIPAA. <br /> NOW, THEREFORE, in consideration of the mutual covenants and agreements contained in this <br /> Agreement and for other good and valuable consideration,the receipt and sufficiency of which is <br /> acknowledged by the parties,the parties intend to be legally bound and agree as follows: <br /> SECTION 1 <br /> DEFINITIONS <br /> Unless otherwise specified in this Agreement, all capitalized terms not otherwise defined shall <br /> have the meanings established for purposes of Title 45, Parts 160, 162 and 164, of the United <br /> States Code of Federal Regulations, as amended from time to time. For purposes of clarification, <br /> the following terms are defined as set forth herein below: <br /> 1.1 "Breach" means the acquisition, access, use, or disclosure of protected health information <br /> in a manner not permitted which compromises the security or privacy of the protected health <br /> information. Breach does not include the three exceptions contained in 45 C.F.R. § 164.402(1). <br /> 1.2 "Breach Notification Rule" means the HIPAA Regulations pertaining to breaches of <br /> Unsecured PHI as codified in 45 C.F.R. Parts 160 and 164. <br /> 1.3 "Discovery" means the first day on which a Breach is known to Business Associate <br /> (including any person,other than the individual committing the breach,that is a workforce member <br /> or other agent of Business Associate), or by exercising reasonable diligence would have been <br /> known to Business Associate,to have occurred. <br /> 1.4 "Electronic PHP' or"EPHI" means PHI that is transmitted by or maintained in electronic <br /> media. <br /> 1.5 "Electronic Transactions Rule" shall mean the final regulations issued by the Department <br /> of Health and Human Services ("HHS")concerning standard transactions and code sets under 45 <br /> CFR Parts 160 and 162 <br /> 1.6 "Privacy Rule"means the HIPAA Regulations as codified in 45 C.F.R.Parts 160 and 164. <br /> Business Associate Agreement 1 <br />