Business Associate Agreement
- (a) Business Associate. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean FMLA-AID.
- (b) Covered Entity. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean the healthcare service provider identified below.
- (c) HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
- (d) General. Other terms used in this Agreement have the meaning as those terms in the HIPAA Rules.
Obligations of the Parties
Business Associate agrees to:
- (1) Not use or disclose protected health information other than as permitted or required by the FMLA-AID Service or as required by law;
- (2) Implement appropriate safeguards to prevent unauthorized use or disclosure of the information, including implementing requirements of the HIPAA Security Rule with regard to electronic protected health information;
- (3) report to the covered entity any use or disclosure of the information not provided for by the FMLA-AID Service, including incidents that constitute breaches of unsecured protected health information;
- (4) Disclose protected health information as specified in its contract to satisfy Covered Entity’s obligation with respect to individuals' requests for copies of their protected health information, as well as make available protected health information for amendments and accountings;
- (5) To the extent the business associate is to carry out Covered Entity’s obligation under the Privacy Rule, comply with the requirements applicable to the obligation;
- (6) Make available to HHS its internal practices, books, and records relating to the use and disclosure of protected health information received from, or created or received by Business Associate on behalf of, Covered Entity for purposes of HHS determining Covered Entity’s compliance with the HIPAA Privacy Rule;
- (7) at termination of the FMLA-AID Service, if feasible, return or destroy all protected health information received from, or created or received by Business Associate on behalf of, Covered Entity;
- (8) Ensure that any subcontractors it may engage on its behalf that will have access to protected health information agree to the same restrictions and conditions that apply to Business Associate with respect to such information; and
Covered Entity may terminate this Agreement if Business Associate violates a material term of this Agreement. BUSINESS ASSOCIATES’S CUMULATIVE AGGREGATE LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, FOR ALL DAMAGES ARISING OUT OF OR RELATING TO THE FMLA-AID SERVICE AND THIS AGREEMENT WILL BE LIMITED TO THE AMOUNT PAID BY COVERED ENTITY DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE FIRST ASSERTION OF THE CLAIM.