Business Associate Addendum. A Business Associate Addendum, Attachment IV, shall be executed between the parties to this Contract to protect the privacy and provide security of Protected Health Information (“PHI”) and personally-identifiable information (“PII”) in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and regulations promulgated thereunder, as amended from time to time. OGB is a “Covered Entity” under HIPAA/HITECH. For the purposes of this Contract, Contractor is deemed to be a “Business Associate” of OGB as such term is defined by HIPAA and regulations promulgated thereunder, including in the Privacy Standard of the Federal Register, published on December 28, 2000, and the parties have executed a Business Associate Addendum attached to this Contract as Attachment IV, and made a part of this Contract. The parties understand and agree that if additional agreements are required to be compliant as required under HIPAA and applicable law, the parties will execute such agreements in a timely manner. Contractor agrees that its processes, systems, and reporting will be in full compliance with federal and state requirements, including but not limited to HIPAA, throughout the term of the Contract. Any fines or penalties imposed on any party related to Contractor’s or its subcontractors’ non-compliance will be the sole responsibility of Contractor. Contractor shall require its subcontractors’ and any other vendors’ processes, systems, and reporting to be in full compliance with federal and state requirements, including but not limited to HIPAA. Further, Contractor agrees that its organization, and that it requires that its subcontractors/vendors, will comply with all HIPAA regulations throughout the term of the Contract with respect to any issue related to the OGB Contract, plans, or Plan Participants involving PHI and PII, including but not limited to participant services, complaints, appeals determinations, notification of rights, and confidentiality. Contractor shall require that all agreements with subcontractors or other vendors providing services for this Contract include the provisions of this Section and any Attachments referenced herein. OGB shall be provided copies of such subcontractor/vendor agreements upon request. Notwithstanding any provision to the contrary, major delegated functions involving PHI and PII, including but not limited to claims processing, customer service, and any other services as provided by applicable law, shall not be sourced outside of the territorial and jurisdictional limits of the fifty (50) United States of America.
Appears in 4 contracts
