Independent Contractor Agreement for Health Care - Free Download | Page 6
4.6, 3243 votes
Please vote for this template if it helps you.
BUSINESS ASSOCIATE ADDENDUM
This Business Associate Addendum is entered into by and between Purdue
University (“Purdue”) and ___________________________________ (“Business
Associate”) (each “Party”, collectively “Parties”).
The Parties have a prior written agreement, dated ___________________, (“the
Primary Agreement”) under which the Business Associate regularly receives, uses
and/or discloses Protected Health Information in its performance of the services
described in the Primary Agreement. This Addendum sets forth the obligations and
agreements of the Parties relating to compliance with the Standards for Privacy of
Individually Identifiable Health Information (“the Privacy Regulation”), 45 C.F.R. Parts
160 and 164, and the Security Regulations (45 C.F.R. Parts 160, 162, and 164),
promulgated under the Health Insurance Portability and Accountability Act of 1996
(“HIPAA”), the Health Information Technology for Economic and Clinical Health
(“HITECH”), and the Indiana statutes governing social security numbers, I.C. 4-1-10-1
et. seq. This Addendum applies to all Protected Health Information created or received
by Business Associate from Purdue or from another person or entity on behalf of
Purdue, and governs how such Protected Health Information may be used or disclosed.
The Parties hereby agree as follows:
1. PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH
1.1 Business Associate shall be permitted to use and/or disclose Protected
Health Information created or received on behalf of Purdue for all purposes necessary
to provide the services and to perform its obligations under the Primary Agreement,
provided that said use and/or disclosure complies with the requirements of HIPAA.
Business Associate acknowledges that under the requirements of HITECH, the HIPAA
Privacy and Security Regulations apply to business associates and the additional
privacy requirements set forth in HITECH apply to Business Associate to the same
extent that they apply to covered entities under HIPAA. The requirements of the
HITECH statutes are incorporated herein by reference. In accordance with the
applicable requirements of HITECH, any uses or disclosures of PHI must be limited, to
the extent practicable, to the Limited Data Set, or, if needed to accomplish the purposes
of this Addendum, to the minimum necessary to accomplish the intended purpose of
such use or disclosure.
1.2 Subject to paragraph 1.1, Business Associate may use Protected Health
Information created or received by Business Associate from or on behalf of Purdue, if
necessary, for the proper management and administration of the Business Associate
and to fulfill any current or future legal responsibilities of the Business Associate.