HIPAA Business Associate Agreement
This Agreement is entered into by and between TruworthRCM, LLC (Covered Entity) and __________________________________ (Business Associate) to set forth the terms and conditions under which “protected health information” (PHI), as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Regulations enacted hereunder, created or received by Business Associate on behalf of Covered Entity may be used or disclosed.

This Agreement shall commence on ___________ (Date) and the obligations herein shall continue in effect so long as Business Associate uses, discloses, creates or otherwise possesses any protected health information created or received on behalf of Covered Entity and until all protected health information created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity pursuant to Paragraph 15 herein.
  1. Covered Entity and Business Associate hereby agree that Business Associate shall be permitted to use and/or disclose protected health information created or received on behalf of Covered Entity for the following purposes:
    1. Completing and submitting health care claims to health plans, Clearinghouses, and other third party payers.
    2. Collection of fees for Health Care Provider.
    3. Establishing and maintaining Business Management Programs for Health Care Provider.
    4. Introducing, maintaining, and programming Electronic Medical Record Systems for Health Care Provider.
    5. Introducing, maintaining, and programming compatible Dictation Systems for Health Care Provider.
  2. Business Associate may use and disclose protected health information created or received by Business Associate on behalf of Covered Entity if necessary for the proper management and administration of Business Associate or to carry out. legal responsibilities, provided that any disclosure is:
    1. Required by law, or
    2. Business Associate obtains reasonable assurances from the person to whom the protected health information is disclosed that
      1. the protected health information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person; and
      2. Business Associate will be notified of any instances of which the person is aware in which the confidentiality of the information is breached.
  3. Business Associate hereby agrees to maintain the security and privacy of all protected health information in a manner consistent with California State and Federal laws and regulations, including the Health insurance Portability and Accountability Act of 1996 HIPAA and regulations hereunder, and all other applicable law.
  4. Business Associate further agrees not to use or disclose protected health information except as expressly permitted by this Agreement, applicable law, or for the purpose of managing Business Associate own internal business processes consistent with Paragraph 2 herein.
  5. Business Associate shall not disclose protected health information to any member of its workforce unless Business Associate has advised such person (employee) of Business Associate privacy and security obligations and policies under this Agreement, including the consequences for violation of such obligations. Business Associate shall take appropriate disciplinary action against any member of its workforce who uses or discloses protected health information in violations of this Agreement and applicable law
  6. Business Associate shall not disclose protected health information created or received by Business Associate on behalf of Covered Entity to a person, including any agent or subcontractor of Business Associate but not including a member of its own workforce, until such person agrees in writing to be bound by the provisions of the Agreement and applicable State or Federal laws.
  7. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of protected health information not permitted by this Agreement or applicable law.
  8. Business Associate agrees to maintain a record of all disclosures of protected health information, including disclosures not made for the purposes of this Agreement. Such record shall include the date of the disclosure, the name and, if known, the address of the recipient of the protected health information, the name of the individual who is the subject of the protected health information, a brief description of the protected health information disclosed, and the purpose of the disclosure. Business Associate shall make such record available to an individual who is the subject of such information or Covered Entity within five (5) working days of a request and shall include disclosures made on or after the date which is six (6) years prior to the request.
  9. Business Associate agrees to report to Covered Entity any unauthorized use or disclosure of protected health information by Business Associate or its workforce or subcontractors and the remedial action taken or proposed to be taken with respect to such use or disclosure.
  10. Business Associate agrees to make its internal practices, books, and records relating to the use and disclosure of protected health information received from Covered Entity or created or received by Business Associate on behalf of Health Care Provider, available to the Secretary of the United States Department of Health and Human Services, for purposes of determining the Covered Entity’s compliance with HIPAA.
  11. Within thirty (30) days of a written request by Health Care Provider, Business Associate shall allow a person who is the subject of protected health information, such person’s legal representative, or Covered Entity to have access to and to copy such person’s protected health information in the format requested by such person, legal representative, or practitioner unless it is not readily producible in such format, in which case it shall be produced in standard hard copy format.
  12. Business Associate agrees to amend, pursuant to a request by Health Care Provider, protected health information maintained and created or received by Business Associate, on behalf of the Practitioner. Business Associate further agrees to complete such amendment within thirty (30) days of a written request by Health Care Provider, and to make such amendment as directed by Health Care Provider.
  13. In the event Business Associate fails to perform the obligations under this Agreement, Covered Entity may, at its option:
    1. Require Business Associate to submit to a plan of compliance, including monitoring by Covered Entity and reporting by Business Associate, as Health Care Provider, in its sole discretion, determines necessary to maintain compliance with this Agreement and applicable law. Such plan shall be incorporated into this Agreement by amendment hereto: and
    2. Require Business Associate to mitigate any loss occasioned by the unauthorized disclosure or use of protected health information.
    3. Immediately discontinue providing protected health information to Business Associate with or without written notice to Business Associate
  14. Covered Entity may immediately terminate this Agreement and related agreements if Covered Entity determines that Business Associate has breached a material term of this Agreement. Alternatively, Covered Entity may choose to
    1. provide Business Associate with ten (10) days written notice of the existence of an alleged material breach; and
    2. afford Business Associate an opportunity to cure said alleged material breach to the satisfaction of Covered Entity within (10) days. Business Associate’s failure to cure shall be grounds for immediate termination of this agreement. Health Care Provider’s remedies under this Agreement are cumulative, and the exercise of any remedy shall not preclude the exercise of any other.
  15. Upon termination of this Agreement, Prime Clinical Systems shall return or destroy all protected health information received from Health Care Provider, or created or received by Business Associate on behalf of Covered Entity and that Business Associate maintains in any form, and shall retain no copies of such information. If the parties mutually agree that return or destruction of protected health information is not feasible, Business Associate shall continue to maintain the security and privacy of such protected health information in a manner consistent with the obligations of this Agreement and as required by applicable law, and shall limit further use of the information to those purposes that make the return or destruction of the information infeasible. The duties hereunder to maintain the security and privacy of protected health information shall survive the discontinuance of this Agreement.
  16. Covered Entity may amend this Agreement by providing ten (10) days prior written notice to Business Associate in order to maintain compliance with California State or Federal law. Such amendment shall be binding upon Business Associate at the end of the ten (10) day period and shall not require the consent of Business Associate. Business Associate may elect to discontinue the Agreement within the ten (10) day period, but Business Associate duties hereunder to maintain the security and privacy of PROTECTED HEALTH INFORMATION shall survive such discontinuance. Covered Entity and Business Associate may otherwise amend this Agreement by mutual written agreement.
  17. Business Associate shall, to the fullest extent permitted by law, protect, defend, indemnify and hold harmless Covered Entity and his/her respective employees, directors, and agents Indemnities from and against any and all losses, costs, claims, penalties, fines, demands, liabilities, legal actions, judgments, and expenses of every kind (including reasonable attorneys fees, including at trial and on appeal) asserted or imposed against any Indemnities arising out of the acts or omissions of Business Associate or any of Business Associate’s employees, directors, or agents related to the performance or nonperformance of this Agreement.
-------------------------------------------------------------------------------- ------------------------------
Covered Entity Date
Name:
-------------------------------------------------------------------------------- ------------------------------
Business Associate Date
Name: