This Business Associate Addendum (BAA), (Effective Date), is entered into by and between CallStar, Inc.(the Business Associate) and the Client , identified in the CallStar Service Agreement (the Covered Entity) (each a Party and collectively the Parties).
The Business Associate is a Telephone Answering Service and the Covered Entity is the Client. The Parties have a prior oral or written agreement (the “Service Agreement”) which governs the business relationship between these parties and under which the Business Associate regularly may use and/or disclose Protected Health Information (PHI) in its performance of the Services thereunder. Both Parties are committed to complying with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and all pertinent regulations issued by the Department of Health and Human Services (HHS). This BAA sets forth the terms and conditions pursuant to which PHI that is provided to, or provided, created, received, maintained, or transmitted by the Business Associate from or on behalf of the Covered Entity, will be handled between the Business Associate and the Covered Entity and with third parties during the term of their agreement and after its termination. The Parties agrees as follows:
1. PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
1.1 Services. Pursuant to the Service Agreement, Business Associate provides Services (Services) for the Covered Entity that involve the use and disclosure of PHI. Except as otherwise specified
herein, the Business Associate may make any and all uses of PHI necessary to perform its obligations under the Service Agreement. All other uses not authorized by this BAA are prohibited. Moreover, Business Associate may disclose PHI for the purposes authorized by this BAA only, (i) to its employees, subcontractors and agents, in accordance with Section 2.1(e), (ii) as directed by the Covered Entity, or (iii) as otherwise permitted by the terms of this BAA including, but not limited to, Section 1.2(b) below.
1.2 Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may:
a. use the PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted
under state and federal confidentiality laws.
b. disclose the PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate,
provided that the Business Associate represents to the Covered Entity, in writing, that (i) the disclosures are required by law, as provided for in 45 C.F.R. § 164.502 and (ii) the Business Associate has
received from the third party written assurances regarding its confidential handling of such PHI as required under 45 C.F.R. § 164.504(e)(4) and (iii) and the third party agrees to the same restrictions and conditions that apply through this BAA to Business Associate with respect to PHI.
1.3 Additional Activities of Business Associate. In addition to using the PHI to perform the Services set forth in Section 1.1 of this BAA, Business Associate may:
a. aggregate the PHI in its possession with the PHI of other covered entities that the Business Associate has in its possession through its capacity as a business associate to said other covered
entities provided that the purpose of such aggregation is to provide the Covered Entity with data analyses relating to the Health Care Operations of the Covered Entity. Under no circumstances may the Business Associate disclose PHI of one Covered Entity to another Covered Entity absent the explicit authorization of the Covered Entity.
b. de-identify any and all PHI provided that the de-identification conforms to the requirements of 45 C.F.R. § 164.514(b), and further provided that the Covered Entity maintains the documentation
required by 45 C.F.R. § 164.514(b) which may be in the form of a written assurance from the Business Associate. Pursuant to 45 C.F.R. § 164.502(d)(2), de-identified information does not constitute PHI and is not subject to the terms of this BAA.
Read the FULL DOCUMENT