Skip Ribbon Commands Skip to main content




Lists


BTCare Help
HIPAA Agreement
Brown & Toland Medical Group
BT C.A.R.E HIPAA Agreement



A. Brown & Toland has entered into agreements (collectively referred to as "Contracts") with various health care service plans and health care providers ("Covered Entity" or "Covered Entities") pursuant to which Brown & Toland provides a service to, or performs a function on behalf of Covered Entity and, in connection therewith, uses or discloses Protected Health Information ("PHI"), which includes Electronic Protected Health Information ("EPHI"), that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA" and certain privacy and security regulations found at 45 CFR Parts 160 through 164 ("HIPAA Regulations");

B. Brown & Toland and Electronic Tool User are parties to the Agreement pursuant to which Electronic Tool User provides a service to, or performs a function on behalf of, Brown & Toland and, in connection therewith, uses, discloses or has access to PHI and/or EPHI that is subject to protection under HIPAA and HIPAA Regulations;

C. Pursuant to the HIPAA Regulations and the Contracts, Brown & Toland must require that Electronic Tool User agrees in writing to certain mandatory provisions regarding the safeguarding, use and disclosure of PHI and EPHI; and

D. The purpose of this HIPAA Addendum is to satisfy the contractual requirements of the HIPAA Regulations and the applicable Contracts.

1. Definitions. Unless otherwise provided in this HIPAA Addendum or the Agreement, capitalized terms have the same meaning as set forth in the HIPAA Regulations.

Electronic Tool User is a physician or provider who has a contract with Brown & Toland, or any authorized employee, associate, independent contractor, agent, and assignee of a physician or provider who holds a contract with Brown & Toland and who will hold all IPA enrollee information and business information available on Electronic Tool, in strict confidence, and will not disclose this data to any person or entity unless authorized to do so by law or by first obtaining written consent form IPA, and will take all reasonable precautions to prevent inadvertent disclosure.

2. Scope of Use and Disclosure of PHI. Except as otherwise limited in this HIPAA Addendum:

a. Electronic Tool User shall use and disclose PHI solely to provide the services, or perform the functions, described in the Agreement, provided that such use or disclosure would not violate the HIPAA Regulations if so used or disclosed by Brown & Toland or Covered Entity.



b. Electronic Tool User may use or disclose PHI for the proper management and administration of Electronic Tool User or to provide Data Aggregation services to Brown & Toland.



3. Obligations of Electronic Tool User. Electronic Tool User shall:

a. Not use or disclose PHI other than as permitted or required by the Agreement or as Required By Law.


b. Use reasonable and appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this HIPAA Addendum.


c. Mitigate, to the extent practicable, any harmful effect that is known to Electronic Tool User of a use or disclosure of PHI by Electronic Tool User in violation of the requirements of this HIPAA Addendum.


d. Report to Brown & Toland any use or disclosure of the PHI not permitted by this HIPAA Addendum of which Electronic Tool User becomes aware.


e. Require contractors, subcontractors, and/or agents to whom Electronic Tool User provides PHI created or received by Electronic Tool User on behalf of Brown & Toland to agree to the same restrictions and conditions that apply to Electronic Tool User with respect to such PHI under this HIPAA Addendum.


f. Upon request, provide Brown & Toland or Covered Entity access to PHI in a Designated Record Set in the time and manner requested by Brown & Toland or Covered Entity in order to meet the requirements under ? 164.524 of the HIPAA Regulations. If agreed to by Brown & Toland and Covered Entity, Electronic Tool User may provide such access directly to Individual, provided that such access is provided to the Individual in the time-frames set forth in ? 164.524 of the HIPAA Regulations.


g. Make any amendment(s) to PHI in a Designated Record Set that Brown & Toland or Covered Entity direct or agree to pursuant to ? 164.526 of the HIPAA Regulations at the request of and in the time and manner requested by Brown & Toland or Covered Entity.


h. Make internal practices, books, and records, including, but not limited to, policies and procedures, relating to the use and disclosure of PHI created or received by Electronic Tool User on behalf of Brown & Toland available to the Secretary, and to Brown & Toland and/or Covered Entity, if requested, in a time and manner designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Regulations.


i. Maintain for a period of six (6) years an accounting of all disclosures of PHI that are required to be maintained under ? 164.528 of the HIPAA Regulations. Such accounting will include the date of the disclosure, the name of the recipient, a description of PHI disclosed and the purpose of the disclosure.


j. Provide to Brown & Toland or Covered Entity in a time and manner designated by Brown & Toland or Covered Entity, information collected in accordance with Section 3.i. of this HIPAA Addendum, to permit Brown & Toland or Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with ? 164.528 of the HIPAA Regulations. If agreed to by Brown & Toland and Covered Entity, Electronic Tool User may provide such accounting directly to Individual, provided that such accounting is provided to the Individual in the time-frames set forth in ? 164.528 of the HIPAA Regulations.


k. With respect to EPHI, implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Electronic Tool User creates, receives, maintains, or transmits on behalf of Brown & Toland as required by 45 CFR Part 164, Subpart C.


l. With respect to EPHI, ensure that any agent, including a subcontractor, to whom Electronic Tool User provides EPHI, agrees to implement reasonable and appropriate safeguards to protect the EPHI.


m. With respect to EPHI, report to Brown & Toland any Security Incident of which Electronic Tool User becomes aware.



4. Obligations of Brown & Toland. Brown & Toland shall:

a. Upon request from Electronic Tool User, provide Electronic Tool User with the notice of privacy practices that Brown & Toland receives from Covered Entities.


b. Promptly notify Electronic Tool User of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Electronic Tool User's use or disclosure of PHI.


c. Promptly notify Electronic Tool User of any restriction to the use or disclosure of PHI that Brown & Toland or Covered Entity has agreed to in accordance with ?164.522 of the HIPAA Regulations, to the extent that such restriction may affect Electronic Tool User 's use or disclosure of PHI.


d. Not request Electronic Tool User to use or disclose PHI in any manner that would not be permissible under the HIPAA Regulations if so used or disclosed by Brown & Toland or Covered Entity, unless such use or disclosure is necessary for the purposes of Data Aggregation or management and administrative activities of Electronic Tool User under the Agreement.


5. Termination for Breach. Upon Brown & Toland?s knowledge of a material breach of the terms of this HIPAA Addendum by Electronic Tool User, Brown & Toland may terminate the Agreement if Electronic Tool User does not cure the breach or end the violation within ten (10) business days of Brown & Toland?s written notice to Electronic Tool User advising of such material breach.

6. Future Confidentiality of PHI. Upon the expiration or earlier termination of the Agreement, for any reason, Electronic Tool User shall return or destroy all PHI received from Brown & Toland, or created or received by Electronic Tool User on behalf of Brown & Toland that Electronic Tool User still maintains and retain no copies of such PHI; provided that if such return or destruction of PHI is infeasible, Electronic Tool User shall provide to Brown & Toland notification of the conditions that make return or destruction infeasible and shall extend the protections of this HIPAA Addendum to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Electronic Tool User maintains such PHI.

7. Amendment. The parties agree to take such action to amend this HIPAA Addendum from time-to-time as is necessary for Brown & Toland to comply with the Contracts and Covered Entity to comply with the requirements of HIPAA and the HIPAA Regulations.

8. Survival. The respective rights and obligations of Electronic Tool User under Section 6 of this HIPAA Addendum shall survive the termination of the Agreement.

9. Interpretation. Any ambiguity in this HIPAA Addendum shall be resolved to permit Brown & Toland to comply with the Contracts and Covered Entity to comply with the HIPAA Regulations.

10. Conflict of Terms. Whenever the terms of the Agreement and this HIPAA Addendum are in conflict, the terms of this HIPAA Addendum shall control.

11. Other Terms Remain in Force. Except as expressly modified by the terms of this HIPAA Addendum, all of the terms and conditions set forth in the Agreement shall remain in full force and effect.