Health Insurance Portability and Accountability Act. Grantee certifies that it is in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law Xx. 000-000, 00 XXX Parts 160, 162 and 164, and the Social Security Act, 42 USC 1320d-2 through 1320d-7, in that it may not use or disclose protected health information other than as permitted or required by law and agrees to use appropriate safeguards to prevent use or disclosure of the protected health information. Grantee shall maintain, for a minimum of six (6) years, all protected health information.
Health Insurance Portability and Accountability Act. The Provider certifies that neither it nor its subcontractors will have access to, receive or provide Protected Health Information within the meaning of the Health Insurance Portability and Accountability Act (42 U.S.C. § 1320d.) and the regulations promulgated thereunder (45 CFR Parts 160, 162, and 164) incidental to performance of this Contract. In compliance with 45 CFR § 164.504(e), the Provider shall comply with the provisions of Attachment to this Contract, governing the safeguarding, use and disclosure of Protected Health Information created, received, maintained, or transmitted by the Provider or its subcontractors incidental to the Provider’s performance of this Contract.
Health Insurance Portability and Accountability Act. Students participating in clinical training pursuant to this Agreement are members of the HOST AGENCY’s workforce for purposes of the Health Insurance Portability and Accountability Act (HIPAA) within the definition of “health care operations” and therefore may have access to patient medical information as provided for in the Privacy Rule of HIPAA. Therefore, additional agreements are not necessary for HIPAA compliance purposes. This paragraph applies solely to HIPAA privacy and security regulations applicable to the HOST AGENCY and, as stated in paragraph E, above, does not establish an employment relationship.
Health Insurance Portability and Accountability Act. The Contractor shall comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and federal law and regulations governing the privacy of certain health information.
Health Insurance Portability and Accountability Act. This paragraph was intentionally left blank.
Health Insurance Portability and Accountability Act. Contractor represents that it is knowledgeable of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations issued by the U.S. Department of Health and Human Services (45 C.F.R. parts 160-64) regarding the protection of health information obtained, created, or exchanged as a result of this Contract and shall abide by and implement its statutory requirements.
Health Insurance Portability and Accountability Act. (a) If the Contactor is a Business Associate under the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as noted in this Contract, the Contractor must comply with all terms and conditions of this Section of the Contract. If the Contractor is not a Business Associate under HIPAA, this Section of the Contract does not apply to the Contractor for this Contract.
(b) The Contractor is required to safeguard the use, publication and disclosure of information on all applicants for, and all clients who receive, services under the Contract in accordance with all applicable federal and state law regarding confidentiality, which includes but is not limited to HIPAA, more specifically with the Privacy and Security Rules at 45 C.F.R. Part 160 and Part 164, subparts A, C, and E; and
(c) The Client Agency is a “covered entity” as that term is defined in 45 C.F.R. § 160.103; and
(d) The Contractor is a “business associate” of the Agency, as that term is defined in 45 C.F.R. § 160.103; and
(e) The Contractor and the Client Agency agree to the following in order to secure compliance with HIPAA, the requirements of Subtitle D of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), (Pub. L. 111-5, §§ 13400 to 13423), and more specifically with the Privacy and Security Rules at 45 C.F.R. Part 160 and Part 164, subparts A, C, D and E (collectively referred to herein as the “HIPAA Standards”).
Health Insurance Portability and Accountability Act. Where applicable, the Sub-Recipient shall comply with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as well as all regulations promulgated thereunder (45 CFR Parts 160, 162, and 164).
Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following:
1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, or to a subcontractor as appropriate under this Agreement.
2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract.
3. The Grantee must only use the protected health data and information for the purposes of this Agreement.
4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees.
5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department.
6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2, Section V.
7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source.
8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.
Health Insurance Portability and Accountability Act. To the extent that this act is pertinent to the services that the PROVIDER provides under this contract, the PROVIDER assures that it is in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirements, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (The HITECH Act) of Title XIII, Division A of the American Recovery and Reinvestment Act of 2009, and related regulations found at 45 CFR Parts 160 and 164, including the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule), the Security Standards for the Protection of Electronic PHI (Security Rule), and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule), as amended from time to time, (hereafter collectively referred to as “HIPAA Regulations”); the Federal Confidentiality Law, 42 USC §§ 290dd-2 and underlying Regulations, 42 CFR Part 2 (“Part 2”). This includes the distribution of consumer handbooks and PROVIDER directories to consumers, and/or the MSHN HIPAA Privacy Notice.
