Common use of Business Associate Agreements and State Confidentiality Statutes Clause in Contracts

Business Associate Agreements and State Confidentiality Statutes. DCF is a covered entity pursuant to the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C.A. §1320d et seq. (HIPAA); 45 CFR Parts 160 and 164. Before a Provider Agency obtains or is permitted to access, to create, maintain or store Protected Health Information (PHI) as part of its responsibility under this Contract, the Provider Agency shall first execute a Department of Children and Families Business Associate Agreement (BAA). A Provider Agency, whose work under this Contract does not involve PHI is not required to execute a BAA. DCF shall have the sole discretion to determine when a Provider Agency’s work will involve PHI. Protected Health Insurance shall have the same meaning as in 45 CFR 160.103. Provider Agencies that enter any subcontract where the work for the subcontract involves an individual’s PHI shall require its subcontractor to execute a BAA that meets all the requirements of HIPAA, including those in 45 CFR 164.504(e). A standard form of BAA is available for a Provider Agency’s use from the Department. If the BAA is breached by the Provider Agency, or its subcontractor, the Provider Agency shall notify the Department within 24 hours of the breach. The Department may, in its sole discretion and at any time, request a BAA compliance audit or investigation of the Provider Agency or its subcontractor with which the Provider Agency has entered into a BAA. The Provider Agency shall cooperate with all Department requests for a BAA compliance audit and/or investigation and shall require that its subcontractor cooperate with all Departmental requests for BAA compliance audits and investigations. In addition to the confidentiality requirements of HIPAA, if applicable, a Provider Agency shall maintain the confidentiality of all certificates, applications, records and reports (“Records”) that directly or indirectly identify any individual and shall not disclose these Records except where disclosure is consistent with applicable Department statute and regulations and the BAA, if any.

Business Associate Agreements and State Confidentiality Statutes. DCF is a covered entity pursuant to the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C.A. §1320d et seq. (HIPAA); 45 CFR Parts 160 and 164. Before a Provider Agency obtains or is permitted to access, to create, maintain or store Protected Health Information (PHI) as part of its responsibility under this Contract, the Provider Agency shall first execute a Department of Children and Families Business Associate Agreement (BAA). A Provider Agency, whose work under this Contract does not involve PHI is not required to execute a BAA. DCF shall have the sole discretion to determine when a Provider AgencyProvider’s work will involve PHI. Protected Health Insurance shall have the same meaning as in 45 CFR 160.103. Provider Agencies Providers that enter any subcontract where the work for the subcontract involves an individual’s PHI shall require its subcontractor to execute a BAA that meets all the requirements of HIPAA, including those in 45 CFR 164.504(e). A standard form of BAA is available for a Provider AgencyProvider’s use from the Department. If the BAA is breached by the Provider AgencyProvider, or its subcontractor, the Provider Agency shall notify the Department within 24 hours of the breach. The Department may, in its sole discretion and at any time, request a BAA compliance audit or investigation of the Provider Agency or its subcontractor with which the Provider Agency has entered into a BAA. The Provider Agency shall cooperate with all Department requests for a BAA compliance audit and/or investigation and shall require that its subcontractor cooperate with all Departmental requests for BAA compliance audits and investigations. In addition to the confidentiality requirements of HIPAA, if applicable, a Provider Agency shall maintain the confidentiality of all certificates, applications, records and reports (“Records”) that directly or indirectly identify any individual and shall not disclose these Records except where disclosure is consistent with applicable Department statute and regulations and the BAA, if any.

Business Associate Agreements and State Confidentiality Statutes. DCF is a covered entity pursuant to the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C.A. §1320d et seq. (HIPAA); 45 CFR Parts 160 and 164. Before a Provider Agency obtains or is permitted to access, to create, maintain or store Protected Health Information (PHI) as part of its responsibility under this Contract, the Provider Agency shall first execute a Department of Children and Families Business Associate Agreement (BAA). A Provider Agency, whose work under this Contract does not involve PHI is not required to execute a BAA. DCF shall have the sole discretion to determine when a Provider Agency’s work will involve PHI. Protected Health Insurance shall have the same meaning as in 45 CFR 160.103. Provider Agencies that enter any subcontract where the work for the subcontract involves an individual’s PHI shall require its subcontractor to execute a BAA that meets all the requirements of HIPAA, including those in 45 CFR 164.504(e). A standard form of BAA is available for a Provider Agency’s use from the Department. If the BAA is breached by the Provider Agency, or its subcontractor, the Provider Agency shall notify the Department within 24 hours of the breach. The Department may, in its sole discretion and at any time, request a BAA compliance audit or investigation of the Provider Agency or its subcontractor with which the Provider Agency has entered into a BAA. The Provider Agency shall cooperate with all Department requests for a BAA compliance audit and/or investigation and shall require that its subcontractor cooperate with all Departmental requests for BAA compliance audits and investigations. In addition to the confidentiality requirements of HIPAA, if applicable, a Provider Agency shall maintain the confidentiality of all certificates, applications, records records, and reports (“Records”) that directly or indirectly identify any individual and shall not disclose these Records except where disclosure is consistent with applicable Department statute and regulations and the BAA, if any.