Fillable BLUE CROSS OF IDAHO (BLUEC) PRE-ENROLLMENT INSTRUCTIONS (Office Ally)

Fill Online, Printable, Fillable, Blank BLUE CROSS OF IDAHO (BLUEC) PRE-ENROLLMENT INSTRUCTIONS (Office Ally) Form

Use Fill to complete blank online OFFICE ALLY pdf forms for free. Once completed you can sign your fillable form or send for signing. All forms are printable and downloadable.

BLUE CROSS OF IDAHO (BLUEC) PRE-ENROLLMENT INSTRUCTIONS (Office Ally)

On average this form takes 8 minutes to complete

The BLUE CROSS OF IDAHO (BLUEC) PRE-ENROLLMENT INSTRUCTIONS (Office Ally) form is 8 pages long and contains:

  • 2 signatures
  • 5 check-boxes
  • 20 other fields

Country of origin: US
File type: PDF

Use our library of forms to quickly fill and sign your Office Ally forms online.

BROWSE OFFICE ALLY FORMS

Related forms
Fill has a huge library of thousands of forms all set up to be filled in easily and signed.
Fill in your chosen form
Sign the form using our drawing tool
Send to someone else to fill in and sign.
find another form
 
EDI Registration Form
Electronic Trading Partner Agreement: Provider
Fax the forms to (208) 331-7203
Standard processing time is 5-7 business days.
Email the EDI Help Desk at edihelpdesk@bcidaho.com and ask if you have been linked to Office Ally.
Once enrollment has been approved, you MUST contact Office Ally at (360) 975-7000 Option 1 and
notify us of the approval BEFORE submitting claims electronically.
Office Ally, Inc | PO Box 872020 | Vancouver, WA 98687 | (360) 975-7000
BLUE CROSS OF IDAHO (BLUEC)
PRE-ENROLLMENT INSTRUCTIONS
WHICH FORM(S) SHOULD I DO?
WHERE SHOULD I SEND THE FORM(S)?
WHAT IS THE TURNAROUND TIME?
HOW DO I CHECK STATUS?
Version Date: 09-11-2013
EDI REGISTRATION FORM
Blue Cross of Idaho
3000 E Pine Ave
Meridian, Id 83642
Fax 208-331-7203
Enrollments will be completed with 5-7 Business Days from Date Received
DATE: ___________________
Provider Information:
Please indicate your classification (required):
Individual Provider
Group/Practice
Business Name:
Provider Name (Last, First, MI and Suffix):
Provider NPI Number:
Group NPI Number:
Business Address:
City, State, and Zip:
Telephone Number:
Contact Name:
Email Address:
EIN #:
Check the box that would apply to this enrollment:
Provider is the Direct Submitter of Data
Provider is with Billing Service: ISA06 Submitter ID:
Provider is with Clearinghouse: ISA06 Submitter ID:
Additional Information:
Select HIPAA Transaction (s) :
X12N- 5010A1 837P (Professional Claim)
X12N- 5010X224A2 837D (Dental Claim)
X12N- 5010A2 837I (Institutional Claim)
X12N- 5010X279 270/271 (Eligibility
Inquiry/Response)
X12N 5010X221- 835 (Remittance Advice)
BCI Provider ID:
X12N- 5010X212 276/277 (Claim Inquiry and
Response)
Name of Software or Vendor:
Email Address:
Address:
City:
State: Zip:
Signature
Signature of Provider or Office Manager______________________________________
x
Support@officeally.com
360-975-7000 Opt 1
Vancouver WA
98687
PO Box 872020
330897513
Office Ally
Phone:
click to sign
signature
click to edit
Version Date: 09-11-2013
ELECTRONIC TRADING PARTNER AGREEMENT: PROVIDER
This Electronic Trading Partner Agreement (“Agreement”) is made as of the ______ day of _________, 20____
(“Effective Date”), by and between Blue Cross of Idaho EDI+ Clearinghouse, (“Clearinghouse”), and
___________________________________________________________ (“Trading Partner”), a health care
provider.
This Agreement provides the terms and conditions governing electronic transfers of data communications and
funds between Clearinghouse and Trading Partner (collectively, “Parties”) by direct digital or electronic transmission
over communication lines to accomplish the Parties’ business objectives regarding the provision and acquisition of
products and services and the transfer of funds. This Agreement will remain in effect until terminated according to
its terms. Trading Partner intends to exchange electronic transactions with Clearinghouse. Both parties
acknowledge and agree that the privacy and security of data held by or exchanged between them is of utmost
priority. Each party agrees to take all steps reasonably necessary to ensure that all electronic transactions between
them conform to the Health Insurance Portability and Accountability Act of 1996, the HITECH Act, and
regulations promulgated thereunder. Without limiting the generality of the preceding sentence, the parties agree as
follows:
A. Mutual Obligations of the Parties
1. Mutual Obligations. Each party shall take reasonable care to ensure that the information submitted in
each electronic transaction is timely, complete, accurate, and secure, and shall take reasonable precautions to
prevent unauthorized access to (a) its own and the other party’s transmissions and Information System, (b) the
transmissions themselves, and (c) the control structure applied to transmissions between them. The parties shall
follow the communications and protocols for sending and receiving transactions as set forth in the Companion
Guides.
2. Retransmission of Lost, Indecipherable, or Misrouted Transmissions. A party that discovers within
sixty (60) days that a data transmission is a Lost, Indecipherable or Misrouted Transmission shall retransmit the
original transmission within five (5) business days of its discovery.
3. Backup Files. Except with respect to data returned or destroyed pursuant to Section A.8 of this
Agreement, each party shall maintain adequate backup files, electronic tapes or other sufficient means to recreate a
transmission of data for at least six (6) years from the data transmission’s creation date. Each party shall subject
such backup files, tapes or other sufficient means to the privacy and security provisions of this Agreement to the
same extent as the original data transmission.
4. Transmission Format. Clearinghouse and Trading Partner shall conduct all Standard Transactions (as
defined by Social Security Act § 1173(a) and the Transactions Rule) using only the Code Sets and identifiers
(including, but not limited to National Provider Identifiers or NPIs) specified by the Transactions Rule and the
Data Elements, Data Conditions, Data Content, and data formats specified by the implementation guides adopted
by HHS in the Transactions Rule.
5. Costs. Each party shall obtain and maintain an Information System that includes trained personnel,
equipment, and software necessary to conduct compliant, timely, complete, accurate and secure Standard
Transactions pursuant to this Agreement. Each party shall obtain and maintain its Information System at its own
expense and shall pay its own costs related to conducting Standard Transactions under this Agreement. Each party
is responsible for its own expenses incurred for translating, formatting, and sending or receiving Standard
Transactions. Clearinghouse shall not be responsible for the cost of alterations to Trading Partner’s equipment or
software necessary for Trading Partner to conduct Standard Transactions with Clearinghouse.
Version Date: 09-11-2013
6. Testing. Before initiating any Standard Transaction, and thereafter throughout the term of this Agreement,
each party shall cooperate with the other party in testing transmissions and processing systems to ensure that each
data transmission complies with all requirements and is accurate, timely, complete, and confidential. Failure to
consistently send compliant, accurate, and complete transmissions may result in Clearinghouse’s suspension of
Trading Partner’s electronic trading privileges and imposition of a requirement for Trading Partner to retest
transmissions.
7. Privacy and Security. Each party is solely responsible for the preservation, privacy, and security of data in
its possession, including data in transmissions received from the other party, in compliance with the Privacy,
Security, and Breach Notification Rules, and subject to the terms of the Business Associate Addendum set forth in
Exhibit A.
8. Return or Destruction of Data. If either party receives data not intended for it from the other party, the
receiving party shall immediately notify the sender to arrange for return or destruction of the data, as the sender
directs. After such return or destruction, the receiving party shall immediately delete all such data (including the
data transmission) from its Information System, including any backup files otherwise required by Section A.3 of this
Agreement.
B. Trading Partner Obligations
1. Companion Guides. Trading Partner shall comply with all instructions and requirements set forth in
Companion Guides that Clearinghouse posts on its website or otherwise makes available to Trading Partner. Any
failure to comply with these requirements shall constitute a material breach of this Agreement by Trading Partner.
Trading Partner shall not, however, be required to implement modifications to a Companion Guide sooner than
thirty (30) days after publication of the modification, unless a shorter compliance period is necessary to conform to
the applicable implementation guide or federal law.
2. Prohibited Use. Trading Partner shall not copy, reverse engineer, disclose, publish, distribute, alter or use
data or data transmissions for any purpose other than for which Clearinghouse has specifically authorized Trading
Partner under the terms of this Agreement.
3. Prohibited Access. Trading Partner shall not obtain access by any means to data, data transmissions, or
Clearinghouse’s Information System for any purpose other than as Clearinghouse has specifically granted Trading
Partner access under this Agreement.
4. Protection of Access Codes. Trading Partner shall use Security Access Codes with each Standard
Transaction as an electronic signature to authenticate and verify that (1) Trading Partner sent the transmission and
(2) the data in the Standard Transaction are valid. Trading Partner shall:
(a) Protect and maintain the confidentiality of Security Access Codes issued to Trading Partner by
Clearinghouse.
(b) Limit disclosure of Security Access Codes to authorized personnel on a need-to-know basis and
treat the Codes as confidential information.
(c) Not disclose Security Access Codes to Trading Partner’s Business Associates (Clearinghouse will
assign Trading Partner’s Business Associates their own Security Access Codes, as necessary).
(d) Promptly request Clearinghouse to terminate Security Access Codes to which unauthorized
personnel, including former employees, have access.
5. Trading Partner’s Business Associates. Trading Partner may authorize a Business Associate to
electronically exchange with Clearinghouse Standard Transactions on Trading Partner’s behalf. Any Business
Version Date: 09-11-2013
Associate must agree to the terms of Clearinghouse’s Trading Partner Agreement: Business Associate” before
conducting Standard Transactions with Clearinghouse.
C. Clearinghouse Obligations
1. Data Transmission. Clearinghouse shall provide Trading Partner access to Clearinghouse’s Information
System to conduct Standard Transactions. Trading Partner acknowledges that Clearinghouse’s Information System
may, from time to time, be inaccessible for a variety of reasons. Notwithstanding Section D.1 of this Agreement,
Clearinghouse may at any time and in Clearinghouse’s sole discretion terminate Trading Partner’s or any Business
Associate’s access to Clearinghouse’s Information System.
2. Companion Guides. Clearinghouse shall publish Companion Guides and post them in an easily accessible
format and location for Trading Partner’s use. Clearinghouse may modify its Companion Guides at any time
without amendment to this Agreement. Clearinghouse may refuse to process any transaction that does not
conform to the applicable Companion Guide.
3. Security Access Codes. Clearinghouse shall provide Trading Partner Security Access Codes that will allow
Trading Partner access to Clearinghouse’s Information System to conduct Standard Transactions. Clearinghouse
reserves the right to change Security Access Codes at any time and in such manner as Clearinghouse, in its sole
discretion, deems necessary.
D. Term, Termination and Liability
1. Term of Agreement. This Agreement will remain in effect from the Effective Date until terminated
pursuant to the provisions below:
(a) Voluntary Termination. Either party may terminate this Agreement upon ninety (90) days prior written
notice to the other party.
(b) Termination for Cause. Either party may terminate this Agreement upon thirty (30) days prior written
notice to the other party upon the default by the other party of any material obligation of this
Agreement, provided that the written notice sets forth the default with reasonable specificity and the
default is incurable or, being capable of cure, has not been cured within the thirty (30) day period
after receipt of the written notice. In the event of the termination of any applicable contract
between the Parties or Trading Partner and Blue Cross of Idaho Services, Inc. (“BCI”),
Clearinghouse shall have the unilateral right to terminate this Agreement immediately by providing
Trading Partner with written notice of termination.
2. Continuing Obligations. Termination or expiration of this Agreement, or any other contract between the
parties, does not relieve either party of its obligations under this Agreement and under federal and state laws and
regulations pertaining to the privacy and security of Protected Health Information.
3. Indemnity. Each party shall indemnify and hold harmless the other party and any of the other party’s
affiliates, officers, directors, employees or agents from and against any claim, cause of action, liability, damage, cost
or expense, including attorneys’ fees and court or proceeding costs, arising out of any act or omission of the
breaching party or any subcontractor, agent, person or entity under the breaching party’s control, in the
performance of this Agreement.
(a) Right to Tender or Undertake Defense. If the non-breaching party is named a party in any judicial,
administrative or other proceeding arising out of any act or omission in the performance of this
Agreement by the breaching party or any subcontractor, agent, person or entity under the breaching
party’s control, the non-breaching party will have the option at any time either (i) to tender its
defense to the breaching party, in which case the breaching party shall provide qualified attorneys,
Version Date: 09-11-2013
consultants, and other appropriate professionals to represent the non-breaching party’s interests at
the breaching party’s expense, or (ii) undertake its own defense, choosing the attorneys, consultants,
and other appropriate professionals to represent its interests, in which case the breaching party shall
be responsible for and pay the reasonable fees and expenses of such attorneys, consultants, and
other professionals.
(b) Right to Control Resolution. Each party will have the sole right and discretion to settle, compromise or
otherwise resolve any and all claims, causes of action, liabilities or damages against it,
notwithstanding that it may have tendered its defense to the other party. Any such resolution will
not relieve the breaching party of its obligation to indemnify the non-breaching party under this
Section D.3.
4. Limitation of Liability. Except with respect to claims or causes of action related to fraud or intentional
misrepresentation by Trading Partner, neither party shall be liable for any special, incidental, indirect, exemplary or
consequential damages resulting from any claim or cause of action arising out of any delay, omission or error in any
transmission of data or the other party’s performance or failure to perform in accordance with the terms of this
Agreement, including, without limitation, loss of use, revenues, profits or savings, even if a party has been advised
in advance of the possibility of such damages.
5. Dispute Resolution. The Parties shall work together in good faith to resolve any dispute or alleged breach
of this Agreement within a reasonable period of time by using a mutually agreed alternative dispute resolution
technique prior to resorting to litigation. This provision does not apply to actions by either party that are the subject
of immediate termination under this Agreement or to disputes involving fraud or intentional misrepresentation, in
which case a party will be free to seek available remedies in any appropriate forum at any time.
E. General Provisions
1. Choice of Law. This Agreement will be governed by and construed under the laws of the State of Idaho.
2. Compliance with Law. This Agreement will automatically amend as necessary to comply with statute or
regulation.
3. Severability. If any provision of this Agreement is deemed to be invalid or unenforceable by a court of
competent jurisdiction, the provision shall be deemed severable from the remainder of this Agreement and the
parties agree to renegotiate the provision in good faith, in order to maintain the economic position enjoyed by each
party as close as possible to that under the provision rendered unenforceable. In the event that the parties cannot
reach a mutually agreeable and enforceable replacement provision, then (a) such provision shall be excluded from
this agreement, (b) the balance of the Agreement shall be interpreted as if such provision were so excluded and (c)
the balance of the Agreement shall be enforceable in accordance with its terms.
F. Definitions
1. Definitions. The following terms are used in this Agreement as defined below.
a) Companion Guides” are the manuals or guides that Clearinghouse publishes containing requirements and
instructions for Trading Partner’s exchange of Standard Transactions with Clearinghouse.
b) “HHS is the United States Department of Health and Human Services.
c) “Lost, Indecipherable or Misrouted Transmission” is an electronic transaction (i) that the a party cannot process
because it is garbled or incomplete, regardless of how or why the electronic transaction was rendered garbled or
incomplete, or (ii) that is not intended for that party.
Version Date: 09-11-2013
d) Privacy, Security, and Breach Notification Rules” are the rules found at 45 C.F.R. Parts 160 and 164, which were
promulgated by HHS to implement the Health Insurance Portability and Accountability Act of 1996 and the
HITECH Act.
e) Security Access Code” is an alphanumeric code that Clearinghouse assigns to Trading Partner to allow
Trading Partner access to Clearinghouse’s Information System for the purpose of conducting Standard
Transactions or otherwise carrying out this Agreement.
f) Transactions Rule” is the Standards for Electronic Transactions, 45 C.F.R. Parts 160 and 162, as may be
amended or modified from time to time.
2. Other Capitalized Terms. Capitalized terms not defined herein, including “Business Associate,”
“Standard Transaction,” and “Information System,” have the meaning established in the Transactions Rule, or
Privacy, Security, and Breach Notification Rules.
ELECTRONIC TRADING PARTNER AGREEMENT SIGNATURES
The parties shall be bound by all the terms, provisions and conditions of this Agreement upon execution of the
Agreement by each party’s authorized representative.
Agreed to:
____________________________________ Print Name: _________________________
TRADING PARTNER SIGNATURE
____________________________________ Date: ______________________________
TRADING PARTNER NAME
Agreed to:
BLUE CROSS OF IDAHO EDI+CLEARINGHOUSE
3000 E. Pine St., Meridian, ID 83642
If Trading Partner makes any change to this document to which Clearinghouse does not explicitly agree in writing,
this Agreement is not valid.
When printing this Agreement to complete and sign please keep a copy on file and FAX to: Attn: EDI
Help Desk , Blue Cross of Idaho Clearinghouse, Fax number (208) 331-7203 or mail to PO Box 7408,
Boise, ID 83707.
click to sign
signature
click to edit
Version Date: 09-11-2013
Exhibit A
BUSINESS ASSOCIATE ADDENDUM
This addendum (“Addendum”) amends and is made part of the Trading Partner Agreement: Provider (“Agreement”) by and between
_________________________________________________________________[THE NAME OF THE TRADING
PARTNER/PROVIDER] (“Covered Entity”) and BLUE CROSS OF IDAHO EDI+CLEARINGHOUSE (“Business Associate”). This
Addendum shall become part of any modification or renewal of Agreement.
Covered Entity and Business Associate mutually agree to modify the Agreement to incorporate the terms of this Addendum to comply
with the requirements of the implementing regulations at 45 Code of Federal Regulations (“C.F.R.”) Parts 160-64 for the Administrative
Simplification provisions of Title II, Subtitle F of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the
requirements of the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and
Reinvestment Act of 2009 (the “HITECH Act”), that are applicable to business associates, along with any future guidance and/or
regulations issued by the Department of Health and Human Services (DHHS). Covered Entity and Business Associate agree to
incorporate into this Addendum any regulations issued with respect to the HITECH Act that relate to the obligations of business
associates. Business Associate recognizes and agrees that it is obligated by law to meet the applicable provisions of the HITECH Act.
A. Privacy of Protected Health Information.
1. Permitted Uses and Disclosures. Business Associate is permitted to use and disclose Protected Health Information
(PHI) that it creates or receives on Covered Entity’s behalf or receives from Covered Entity (or another business associate of
Covered Entity) and to request PHI on Covered Entity’s behalf (collectively, “Covered Entity’s PHI”) only as follows:
a) Functions and Activities on Covered Entity’s Behalf. To perform functions, activities, services, and
operations on behalf of Covered Entity, consistent with the Privacy Rule and the HITECH Act, as specified in the
Agreement.
b) Business Associate’s Operations. Business Associate may use the minimum necessary PHI it creates or
receives for or from Covered Entity for Business Associate’s proper management and administration or to carry out
Business Associate’s legal responsibilities. Business Associate may disclose the minimum necessary of PHI for Business
Associate’s proper management and administration or to carry out Business Associate’s legal responsibilities only if the
disclosure is required by law, or Business Associate obtains reasonable assurances from the person or organization to
whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law
or for the purpose for which it was disclosed to the person or organization, and the person or organization notifies the
Business Associate (who will in turn promptly notify Covered Entity) of any instances of which it is aware in which the
confidentiality of the information has been breached.
2. Minimum Necessary and Limited Data Set. Business Associate’s use, disclosure or request of PHI shall utilize a
Limited Data Set if practicable. Otherwise, Business Associate will, in its performance of the functions, activities, services, and
operations, make reasonable efforts to use, to disclose, and to request of a Covered Entity only the minimum amount of Covered
Entity’s PHI reasonably necessary to accomplish the intended purpose of the use, disclosure or request.
3. Prohibition on Unauthorized Use or Disclosure. Business Associate will neither use nor disclose Covered Entity’s
PHI, except as permitted or required by this Addendum or in writing by Covered Entity or as required by law. This Addendum
does not authorize Business Associate to use or disclose Covered Entity’s PHI in a manner that will violate the 45 C.F.R. Part
164, Subpart E “Privacy of Individually Identifiable Health Information” (“Privacy Rule”).
4. Information Safeguards.
a) Privacy of Covered Entitys Protected Health Information. Business Associate will develop, implement,
maintain, and use appropriate administrative, technical, and physical safeguards to protect the privacy of Covered
Entity’s PHI. The safeguards must reasonably protect Covered Entity’s PHI from any intentional or unintentional use
or disclosure in violation of the Privacy Rule, 45 C.F.R. Part 164, Subpart E and this Addendum, and limit incidental
uses or disclosures made pursuant to a use or disclosure otherwise permitted by this Addendum.
b) Security of Covered Entity’s Electronic Protected Health Information (ePHI). Business Associate will
develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and
appropriately protect the confidentiality, integrity, and availability of ePHI that Business Associate creates, receives,
maintains, or transmits on Covered Entity’s behalf as required by the Security Rule, 45 C.F.R. Part 164, Subpart C and as
required by the HITECH Act. Business Associate also shall develop and implement policies and procedures and meet
the Security Rule documentation requirements as required by the HITECH Act.
5. Subcontractors and Agents. Business Associate will require any of its subcontractors and agents, to which Business
Associate is permitted by this Addendum or in writing by Covered Entity to disclose Covered Entity’s PHI, to provide reasonable
Version Date: 09-11-2013
assurance, evidenced by written contract, that such subcontractor or agent will comply with the same privacy and security
obligations with respect to Covered Entity’s PHI that are applicable to Business Associate under this Addendum.
B. Compliance with Transaction Standards. If Business Associate conducts in whole or part
electronic Transactions on behalf of Covered Entity for which DHHS has established Standards, Business
Associate will comply, and will require any subcontractor or agent it involves with the conduct of such
Transactions to comply, with each applicable requirement of the Transaction Rule, 45 C.F.R. Part 162.
Business Associate will not enter into, or permit its subcontractors or agents to enter into, any Trading
Partner Agreement in connection with the conduct of Standard Transactions on behalf of Covered Entity
that:
1. Changes the definition, data condition, or use of a data element or segment in a Standard
Transaction;
2. Adds any data element or segment to the maximum defined data set;
3. Uses any code or data element that is marked “not used” in the Standard Transaction’s
implementation specification or is not in the Standard Transaction’s implementation
specification; or
4. Changes the meaning or intent of the Standard Transaction’s implementation specification.
C. Individual Rights.
1. Access. Business Associate will, within fifteen (15) days following Covered Entity’s request, make available to Covered
Entity or, at Covered Entity’s direction, to an individual (or the individual’s personal representative) for inspection and obtaining
copies Covered Entity’s PHI about the individual that is in Business Associate’s custody or control, so that Covered Entity may
meet its access obligations under 45 C.F.R. § 164.524 and, where applicable, the HITECH Act. Business Associate shall make
such information available in an electronic format where directed by Covered Entity.
2. Amendment. Business Associate will, upon receipt of written notice from Covered Entity, promptly amend or permit
Covered Entity access to amend any portion of Covered Entity’s PHI, so that Covered Entity may meet its amendment
obligations under 45 C.F.R. § 164.526.
3. Disclosure Accounting. So that Covered Entity may meet its disclosure accounting obligations under 45 C.F.R. §
164.528:
a) Disclosures Subject to Accounting. Starting the effective date of the Agreement, Business Associate will
record for each disclosure, not excepted from disclosure accounting under Addendum Section C.3(b) below, that
Business Associate makes to Covered Entity or a third party of PHI that Business Associate creates or receives for or
from Covered Entity, (i) the disclosure date; (ii) the name and (if known) address of the person or entity to whom
Business Associate made the disclosure; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the
purpose of the disclosure (items i-iv, collectively, the “disclosure information”). For repetitive disclosures Business
Associate makes to the same person or entity (including Covered Entity) for a single purpose, Business Associate may
provide (x) the disclosure information for the first of these repetitive disclosures; (y) the frequency, periodicity or
number of these repetitive disclosures; and (z) the date of the last of these repetitive disclosures. Business Associate will
make this disclosure information available to Covered Entity in a time and manner designated by Covered Entity.
b) Disclosures Not Subject to Accounting. Business Associate need not record disclosure information or
otherwise account for disclosures of PHI that this Addendum or Covered Entity in writing permits or requires (i) for the
purpose of Covered Entity’s payment activities or health care operations, (ii) to the individual who is the subject of the
PHI disclosed or to that individual’s personal representative; (iii) pursuant to a HIPAA- compliant authorization that is
signed by the individual who is the subject of Covered Entity’s PHI disclosed, or by that individual’s personal
representative; (iv) to persons involved in that individual’s care or payment related to that individual’s health care; (v) for
notification for disaster relief purposes, (vi) for national security or intelligence purposes, (vii) to law enforcement
officials or correctional institutions regarding inmates or other persons in lawful custody, (viii) in a limited data set; (ix)
incident to a use or disclosure that Business Associate is otherwise permitted to make by this Addendum; and (x)
otherwise excepted from disclosure accounting as specified in 45 Code of Federal Regulations § 164.528.
c) Availability of Disclosure Information. Unless otherwise provided under the HITECH Act, Business
Associate will maintain the Disclosure Information for at least six (6) years following the date of the accountable
disclosure to which the Disclosure Information relates.
Version Date: 09-11-2013
Business Associate will make the Disclosure Information available to Covered Entity within ten (10) days following
Covered Entity’s request for such Disclosure Information to comply with an individual’s request for disclosure
accounting.
In addition, where Business Associate is contacted directly by an individual based on information provided to the
individual by Covered Entity and where so required by the HITECH Act and/or any accompanying regulations,
Business Associate shall make such Disclosure Information available directly to the individual.
4. Restriction Agreements and Confidential Communications. Business Associate will comply with any agreement
that Covered Entity makes that either (i) restricts use or disclosure of Covered Entity’s PHI pursuant to 45 C.F.R. § 164.522(a), or
(ii) requires confidential communication about Covered Entity’s PHI pursuant to 45 C.F.R. § 164.522(b), provided that Covered
Entity notifies Business Associate in writing of the restriction or confidential communication obligations that Business Associate
must follow.
D. Privacy Obligation Breach and Security Incidents.
1. Reporting.
a) Privacy Breach. Business Associate will report to Covered Entity any use or disclosure of Covered Entity’s
PHI not permitted by this Addendum or in writing by Covered Entity. In addition, Business Associate will report,
following discovery and without unreasonable delay, but in no event later than five (5) days following discovery, any
"Breach" of "Unsecured PHI" as these terms are defined by the HITECH Act and any implementing regulations.
Business Associate shall cooperate with Covered Entity in investigating the Breach and in meeting the Covered Entity’s
obligations under the HITECH Act and any other security breach notification laws. Any such report shall include the
identification (if known) of each individual whose Unsecured Protected Health Information has been, or is reasonably
believed by Business Associate to have been, accessed, acquired, or disclosed during such Breach. Business Associate
will make the report to Covered Entity’s Compliance Department. Business Associate’s report will at least:
i) Identify the nature of the non-permitted access, use or disclosure, including the date of the Breach
and the date of discovery of the Breach;
ii) Identify Covered Entity’s PHI accessed, used or disclosed as part of the Breach (e.g., full name, social
security number, date of birth, etc.);
iii) Identify who made the non-permitted access, use or disclosure and who received the non-permitted
disclosure;
iv) Identify what corrective action Business Associate took or will take to prevent further non-permitted
access, uses or disclosures;
v) Identify what Business Associate did or will do to mitigate any deleterious effect of the non-permitted
access, use or disclosure; and
vi) Provide such other information, including a written report, as Covered Entity may reasonably request.
b) Security Incidents. Business Associate will report to Covered Entity any attempted or successful (i)
unauthorized access, use, disclosure, modification, or destruction of Covered Entity’s ePHI or (ii) interference with
Business Associate’s system operations in Business Associate’s information systems, of which Business Associate
becomes aware that extend beyond routine, unsuccessful attempts. Routine, unsuccessful attempts include but are not
limited to pings on Business Associate’s firewall, port scans, attempts to log on to Business Associate’s system to enter a
database with an invalid password or username, denial-of-service attacks that do not result in a server being taken off-
line and malware (e.g., worms, viruses). Business Associate should promptly notify the Covered Entity Information
Security Officer if Business Associate experiences Security Incidents that extend beyond these routine, unsuccessful
attempts that could impact the confidentiality, integrity or availability of Covered Entity’s data. Business Associate will
make this report upon Covered Entity’s request, except if any such security incident resulted in a disclosure of Covered
Entity’s ePHI not permitted by this Addendum. Business Associate will make the report in accordance with Section
D(1)(a) above. Examples of reportable security incidents include, but are not limited to:
i) The exposure of Business Associate’s information systems to malicious code, such as a virus or worm,
that places Covered Entity data or systems at risk;
Version Date: 09-11-2013
ii) Unauthorized access granted to or obtained by servers or workstations that contain Covered Entity
data;
iii) Business Associate becomes aware that Covered Entity data is being used, copied, or destroyed
inappropriately; and
iv) Business Associate experiences a “denial of service” attack or the compromise of a server or
workstation containing Covered Entity information that requires the server or workstation to be taken offline.
2. Termination of Agreement.
a) Right to Terminate for Breach. Either party may terminate Agreement if it determines that the other party
has breached any provision of this Addendum and upon written notice to breaching party, the breaching party fails to
cure the breach within thirty (30) days after receipt of the notice. The nonbreaching party may exercise this right to
terminate Agreement by providing the breaching party written notice of termination, stating the failure to cure the
breach of the Addendum that provides the basis for the termination. Any such termination will be effective immediately
or at such other date specified in the notice of termination. If for any reason either party determines that the other party
has breached the terms of this Addendum and such breach has not been cured, but the nonbreaching party determines
that termination of the Agreement is not feasible, the nonbreaching party may report such breach to the U.S.
Department of Health and Human Services.
b) Obligations upon Termination.
i) Return or Destruction of Covered Entity’s PHI as Feasible. Upon termination, cancellation,
expiration or other conclusion of Agreement, Business Associate will if feasible return to Covered Entity or
destroy all PHI, in whatever form or medium (including in any electronic medium under Business Associate’s
custody or control), that Business Associate created or received for or from Covered Entity, including all
copies of and any data or compilations derived from and allowing identification of any individual who is a
subject of the PHI. Business Associate will complete such return or destruction as promptly as possible, but
not later than thirty (30) days after the effective date of the termination, cancellation, expiration or other
conclusion of Agreement. Business Associate will identify any PHI that Business Associate created or received
for or from Covered Entity that cannot feasibly be returned to Covered Entity or destroyed, and will limit its
further use or disclosure of that PHI to those purposes that make return or destruction of that PHI infeasible.
Within sixty (60) days after the effective date of the termination, cancellation, expiration or other conclusion of
Agreement, Business Associate will certify on oath in writing to Covered Entity that such return or destruction
has been completed, and will deliver to Covered Entity the identification of any PHI for which return or
destruction is infeasible and, for that PHI, will certify that it will only use or disclose such PHI for those
purposes that make return or destruction infeasible.
ii) Continuing Privacy and Security Obligation. Business Associate’s obligation to protect the
privacy and safeguard the security of Covered Entity’s PHI as specified in this Addendum will be continuous
and survive termination or other conclusion of Agreement and this Addendum.
3. Indemnity. Business Associate will indemnify and hold harmless Covered Entity and any Covered Entity affiliate,
officer, director, employee or agent from and against any claim, cause of action, liability, damage, cost or expense, including
attorneys’ fees and court or proceeding costs, arising out of or in connection with any non-permitted use or disclosure of Covered
Entity’s PHI or other breach of this Addendum by Business Associate or any subcontractor or agent under Business Associate’s
control.
a) Right to Tender or Undertake Defense. If Covered Entity is named a party in any judicial, administrative or
other proceeding arising out of or in connection with any non-permitted use or disclosure of Covered Entity’s PHI or
other breach of this Addendum by Business Associate or any subcontractor or agent under Business Associate’s control,
Covered Entity will have the option at any time either (A) to tender its defense to Business Associate, in which case
Business Associate will provide qualified attorneys, consultants, and other appropriate professionals to represent
Covered Entity’s interests at Business Associate’s expense, or (B) undertake its own defense, choosing the attorneys,
consultants, and other appropriate professionals to represent its interests, in which case Business Associate will be
responsible for and pay the reasonable fees and expenses of such attorneys, consultants, and other professionals.
b) Right to Control Resolution. Covered Entity will have the sole right and discretion to settle, compromise or
otherwise resolve any and all claims, causes of actions, liabilities or damages against it, notwithstanding that Covered
Entity may have tendered its defense to Business Associate. Any such resolution will not relieve Business Associate of
its obligation to indemnify Covered Entity under this Section 4(c).
E. General Provisions.
Version Date: 09-11-2013
1. Inspection of Internal Practices, Books, and Records. Business Associate will make its internal practices, books,
and records relating to its use and disclosure of Covered Entity’s PHI available to Covered Entity and to DHHS to determine
Covered Entity’s compliance with the Privacy Rule, 45 C.F.R. Part 164, Subpart E, and the Security Rule.
2. Definitions. The terms “Covered Entity,” “Electronic Protected Health Information,” Protected Health
Information,” “Standard,” “Trading Partner Agreement,” and “Transaction” have the meanings set out in 45 C.F.R. § 160.103.
The term “Standard Transaction has the meaning set out in 45 C.F.R. § 162.103. The term “Required by Law” has the meaning
set out in 45 C.F.R. § 164.103. The terms Health Care Operations,” “Payment,” “Research,” and “Treatment” have the
meanings set out in 45 C.F.R. § 164.501. The term “Limited Data Set” has the meaning set out in 45 C.F.R. § 164.514(e). The
term use” means, with respect to Protected Health Information, utilization, employment, examination, analysis or application
within Business Associate. The terms “disclose” and “disclosure” mean, with respect to PHI, release, transfer, providing access to
or divulging to a person or entity not within Business Associate. For purposes of this Addendum, Covered Entity’s PHI
encompasses Covered Entity’s Electronic PHI. Any other capitalized terms not identified here shall have the meaning as set forth
in 45 Code of Federal Regulations (“C.F.R.”) Parts 160-64 for the Administrative Simplification provisions of Title II, Subtitle F
of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), or in the Health Information Technology for
Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009 (the “HITECH
Act”)
3. Amendment to Agreement. Upon the compliance date of any final regulation or amendment to final regulation
promulgated by DHHS that affects Business Associate’s use or disclosure of Covered Entity’s PHI or Standard Transactions, the
Agreement and this Addendum will automatically amend such that the obligations imposed on Business Associate remain in
compliance with the final regulation or amendment to final regulation.
F. Conflicts. The terms and conditions of this Addendum will override and control any conflicting
term or condition of Agreement. All non-conflicting terms and conditions of Agreement remain in full
force and effect.
Download
Save PDF to desktop
Email
Email completed PDF
Send for Signing
Email for others to sign
Print
Print document
Choose a Field
Click on a field and
select the person that should complete it
Want to add a signature?
You can add a signature field
and assign it to someone else
to sign
Choose a Field
Click on a field and
select the person that should complete it

BLUE CROSS OF IDAHO (BLUEC) PRE-ENROLLMENT INSTRUCTIONS (Office Ally)

This document is locked as it has been sent for signing.

You have successfully completed this document.

Other parties need to complete fields in the document. You will recieve an email notification when the document has been completed by all parties.

This document has been signed by all parties.

Completed 8 April 2021

Message

View Audit Log
Print With Audit Log
Duplicate Document