Lake Health Alliance, Inc.

800-418-6824

Business Associates Agreement

Business Associates Agreement:

This Business Associate Agreement (“Agreement”) between Customer (“Covered Entity”) and OneTouch EMR, Inc (“Business Associate”) will be in effect during any such time period that the Covered Entity has subscribed to and is using services provided by OneTouch EMR, Inc. (“Services”) and upon termination as set forth in Section 8 of this Agreement.

BACKGROUND STATEMENTS

A. Purpose. The purpose of this Agreement is to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the associated regulations, 45 C.F.R. parts 160-164, as may be amended (the "Privacy Rule") and 45 C.F.R. §142.308(a)(2), as may be finalized and amended (the "Chain of Trust" requirement). Unless otherwise defined in this Agreement, capitalized terms have the meanings given in the Privacy Rule. The Privacy Rule requires Covered Entity to obtain written assurances from Business Associate that Business Associate will appropriately safeguard Protected Health Information ("PHI"). The Chain of Trust provision requires that a contract involving exchange of Protected Health Information protect the integrity and confidentiality of the Protected Health Information.

B. Relationship. Covered Entity and Business Associate have entered into a Subscription Agreement under which Business Associate may receive, use, obtain, access or create Protected Health Information from or on behalf of Covered Entity in the course of providing the services specified in said Subscription Agreement (“Services”).

AGREEMENT

The Parties hereby agree as follows:

Section 1. Permitted Uses and Disclosures.

Business Associate may use and/or disclose PHI only as permitted or required by this Agreement or as otherwise required by Law. Business Associate may disclose PHI to, and permit the use of PHI by, its employees, contractors, agents, or other representatives only to the extent directly related to and necessary for the performance of the Services. Business Associate will request from Covered Entity no more than the minimum PHI necessary to perform the Services. Business Associate will not use or disclose PHI in a manner (i) inconsistent with Covered Entity’s obligations under the Privacy Rule, or (ii) that would violate the Privacy Rule if disclosed or used in such a manner by Covered Entity.

Section 2. Safeguards for the Protection of PHI.

Business Associate will implement and maintain commercially appropriate security safeguards to ensure that PHI obtained by or on behalf of Covered Entity is not used or disclosed by Business Associate in violation of this Agreement. Such safeguards shall be designed to protect the confidentiality and integrity of such PHI obtained, accessed or created from or on behalf of Covered Entity. Security measures maintained by Business Associate shall include administrative safeguards, physical safeguards, technical security services and technical security mechanisms as necessary to protect such PHI. Upon request by Covered Entity, Business Associate shall provide a written description of such safeguards.

Section 3. Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures.

If Business Associate has knowledge of any use or disclosure of PHI not provided for by this Agreement, then Business Associate will immediately notify Covered Entity in accordance with Paragraph 10.5. Business Associate will establish and implement procedures and other reasonable efforts for mitigating, to the greatest extent possible, any harmful effects arising from any improper use and/or disclosure of PHI.

Section 4. Use and Disclosure of PHI by Subcontractors, Agents, and Representatives.

Business Associate will require any subcontractor, agent, or other representative that is authorized to receive, use, or have access to PHI obtained or created under the Agreement, to agree, in writing, to adhere to the same restrictions, conditions and requirements regarding the use and/or disclosure of PHI and safeguarding of PHI that apply to Business Associate under this Agreement.

Section 5. Individual Rights.

Business Associate will comply with the following Individual rights requirements as applicable to PHI used or maintained by Business Associate:

5.1 Right of Access. Business Associate agrees to provide access to PHI, at the request of Covered Entity and in the time and manner designated by Covered Entity, to Covered Entity or, as directed, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524.

5.2 Right of Amendment. Business Associate agrees to make any amendment(s) to PHI that Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity.

5.3 Right to Accounting of Disclosures. Business Associate agrees to document such disclosures of PHI as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. Business Associate agrees to provide to Covered Entity or an Individual, in the time and manner designated by Covered Entity, such information collected in order to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.

Section 6. Use and Disclosure for Business Associate’s Purposes.

6.1 Use. Except as otherwise limited in this Agreement, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate.

6.2 Disclosure. Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that it will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached.

Section 7. Audit, Inspection and Enforcement by Covered Entity.

With reasonable notice, Covered Entity may audit Business Associate to monitor compliance with this Agreement. Business Associate will promptly correct any violation of this Agreement found by Covered Entity and will certify in writing that the correction has been made. Covered Entity’s failure to detect any unsatisfactory practice does not constitute acceptance of the practice or a waiver of Covered Entity’s enforcement rights under this Agreement. Business Associate will make its internal practices, books, records, and policies and procedures relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity, available to the federal Department of Health and Human Services ("HHS"), the Office for Civil Rights ("OCR"), or their agents or to Covered Entity for purposes of monitoring compliance with the Privacy Rule.

Section 8. Term and Termination.

8.1 Term. This Agreement will become effective on the Effective Date. Unless terminated sooner pursuant to Paragraph 8.2, this Agreement shall remain in effect for the duration of all Services provided by Business Associate and for so long as Business Associate shall remain in possession of any PHI received from, or created or received by Business Associate on behalf of Covered Entity, unless Covered Entity has agreed in accordance with Paragraph 8.3 that it is infeasible to return or destroy all PHI.

8.2 Termination. Covered Entity may immediately terminate this Agreement if Covered Entity determines that Business Associate has breached a material term of this Agreement. Alternatively, in Covered Entity’s sole discretion, Covered Entity may provide Business Associate with written notice of the existence of the material breach and afford Business Associate thirty (30) days to cure the material breach. In the event Business Associate fails to cure the material breach within such time period, Covered Entity may immediately terminate the Agreement. Covered Entity may also report the material breach to the Secretary of HHS or OCR.


8.3 Effect of Termination. Upon termination of this Agreement, Business Associate will recover any PHI relating
to the Agreement in the possession of its subcontractors, agents, or representatives. Business Associate will return to Covered Entity or destroy all such PHI plus all other PHI relating to the Agreement in its possession, and will retain no copies. If Business Associate believes that it is not feasible to return or destroy the PHI as
described above, Business Associate shall notify Covered Entity in writing. The notification shall include: (i) a statement that Business Associate has determined that it is infeasible to return or destroy the PHI in its possession, and (ii) the specific reasons for such determination. If Covered Entity agrees in its sole discretion
that Business Associate cannot feasibly return or destroy the PHI, Business Associate will ensure that any and all protections, requirements and restrictions contained in this Agreement will be extended to any PHI retained after the termination of the Agreement, and that any further uses and/or disclosures will be limited to the purposes that make the return or destruction of the PHI infeasible.

Section 9. Insurance and Indemnification.

9.1 Insurance. Business Associate shall maintain insurance with respect to Business Associate’s obligations under this Agreement reasonably satisfactory to Covered Entity and provide from time to time as requested by Covered Entity proof of such insurance.

9.2 Indemnification. Business Associate will indemnify, defend and hold harmless Covered Entity and its respective employees, directors, officers, subcontractors, agents and affiliates from and against all claims, actions, damages, losses, liabilities, fines, penalties, costs or expenses (including without limitation reasonable attorneys’ fees) suffered by Covered Entity arising from or in connection with any breach of this Agreement, or any negligent or wrongful acts or omissions in connection with this Agreement, by Business Associate or by its employees, directors, officers, subcontractors, or agents.

Section 10. Miscellaneous.

10.1 Survival. The respective rights and obligations of the Parties under Sections 7 (Audit and inspection Rights), 8.3 (Effect of Termination), 9 (Insurance and Indemnification) and 10 (Miscellaneous) will survive termination of the Agreement indefinitely.

10.2 Amendments; Waiver. This Agreement constitutes the entire agreement between the Parties with respect to its subject matter. It may not be modified, nor will any provision be waived or amended,
except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event will not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.


10.3 Compliance with Privacy Rule. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy Rule. The Parties agree to amend this Agreement from time to time as necessary for Covered Entity to comply with the requirements of the Privacy Rule and HIPAA.


10.4 No Third Party Beneficiaries. Except as provided in Section 4, nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors and permitted assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.


10.5 Notices. Any notice to be given under this Agreement to a Party shall be made via U.S. Mail, commercial
courier or hand delivery to such Party at its address given below or to such other address as shall hereafter be specified by notice from the Party. Any such notice shall be deemed given when so delivered to
or received at the proper address.

Need More Information?


OneTouch EMR ™ is a medical technology company which provides state-of-the-art EMR, Practice Management, Medical Billing software.and Billing Services

Newsletter

Unable to find form

Visit Us

5301 ALPHA ROAD

SUITE 80 - 25

DALLAS, TX 75240

Call Us

1-800-418-6824

+1-214-988-9302

Copyright © 2024. All rights reserved. OneTouch EMR ™