Fillable BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Agreement) (Office Ally)

Fill Online, Printable, Fillable, Blank BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Agreement) (Office Ally) Form

Use Fill to complete blank online OFFICE ALLY pdf forms for free. Once completed you can sign your fillable form or send for signing. All forms are printable and downloadable.

BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Agreement) (Office Ally)

On average this form takes 3 minutes to complete

The BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Agreement) (Office Ally) form is 6 pages long and contains:

  • 0 signatures
  • 0 check-boxes
  • 11 other fields

Country of origin: US
File type: PDF

Use our library of forms to quickly fill and sign your Office Ally forms online.

BROWSE OFFICE ALLY FORMS

Related forms
Fill has a huge library of thousands of forms all set up to be filled in easily and signed.
Fill in your chosen form
Sign the form using our drawing tool
Send to someone else to fill in and sign.
find another form
 
Office Ally Inc. | PO Box 872020 Vancouver, WA 98687 | Phone: (360) 975-7000 | Fax: (360) 314-2184 | www.OfficeAlly.com | Revised: 7/07/2020 | Page 1
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (“Agreement”) by and between (hereinafter known as
“Covered Entity”) and Office Ally, Inc., a Covered Entity (a Health Care Clearinghouse) under HIPAA, providing Business
Associate services (hereinafter known as “Business Associate”), is effective as of ________________________________
(“Effective Date”). Covered Entity and Business Associate shall collectively be known herein as “the Parties.”
WHEREAS, Covered Entity wishes to commence a business relationship with Business Associate whereby Business
Associate will create, receive, maintain, or transmit PHI in order to provide products and services to Covered Entity
pursuant to the Authorization Sheet and any underlying service agreement(s);
WHEREAS, the nature of the prospective contractual relationship between Covered Entity and Business Associate may
involve the exchange of Protected Health Information (“PHI”) as those terms are defined under the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”), including all pertinent regulations issued by the Department of Health
and Human Services (“HHS”);
WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI that
Business Associate creates, receives, maintains, or transmits on Covered Entity’s behalf, in compliance with the Privacy
and Security Rules.
NOW THEREFORE, in consideration of the mutual recitals above, and the exchange of information pursuant to this
Agreement, the Parties agree as follows:
I. DEFINITIONS
a. Catch-all Definitions. The following terms used in this Agreement shall have the same meaning as those terms in
the HIPAA Rules: “Breach,” “Business Associate,” “Covered Entity,” “Data Aggregation,” “Designated Record Set,”
“Disclosure,” “Health Care Clearinghouse, “Health Care Operations,” “Minimum Necessary,” “Notice of Privacy
Practices,” “Public Health Authority,” “Required By Law,“Research,” “Secretary,” “Security Incident,
“Subcontractor,” “Unsecured Protected Health Information,” and “Use.”
b. Discovery” shall mean the first day on which a Breach is known to Business Associate (including any person,
other than the individual committing the Breach, that is an employee, officer, or other agent of Business
Associate), or should reasonably have been known to Business Associate (or person), to have occurred.
c. HIPAA” or “Health Insurance Portability and Accountability Act of 1996 is Public Law 104-191, as codified at 42
U.S.C. §§ 1320d to 1320d-9 and amended, under which the Privacy and Security Rules were promulgated.
d. HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules in 45 CFR Part 160 and
164.
e. HITECH Act” or “Health Information Technology for Economic and Clinical Health Act are those provisions set
forth in Title XIII of Public Law 111-5 as enacted on February 17, 2009.
f. Individual” shall have the same meaning as the term “individual” in 45 CFR § 160.103, and shall include a person
who qualifies as a personal representative in accordance with 45 CFR § 164.502(g).
g. Privacy Rule” is the regulation entitled “Standards for Privacy of Individually Identifiable Health Information,”
promulgated under HIPAA and/or the HITECH Act that is codified at 45 CFR Part 160 and 164, Subparts A and E.
h. Protected Health Information”(“PHI”) and “Electronic Protected Health Information” (“ePHI”) shall have the
meaning given to such terms in 45 CFR § 160.103, limited to the information created or received by Business
Associate from, or on behalf of, Covered Entity.
Office Ally Inc. | PO Box 872020 Vancouver, WA 98687 | Phone: (360) 975-7000 | Fax: (360) 314-2184 | www.OfficeAlly.com | Revised: 7/07/2020 | Page 2
i. Security Rule is the regulation entitled “Security Standards for the Protection of Electronic Protected Health
Information,” promulgated under HIPAA and/or the HITECH Act that is codified at 45 CFR, Part 160 and 164,
Subparts A and C.
II. OBLIGATIONS OF BUSINESS ASSOCIATE
a. Limitation(s) on Uses and Disclosures. Business Associate agrees to not use or disclose PHI other than as
permitted or required by this Agreement, or as Required by Law.
b. Permitted Uses and Disclosures. Business Associate may use and disclose PHI created or received pursuant to
the Authorization Sheet and any underlying service agreement(s) as follows:
i. To carry out the purposes of the Authorization Sheet and any underlying service agreement(s). Business
Associate may use and disclose PHI to perform its obligations pursuant to the Authorization Sheet and any
underlying service agreement(s), provided that such use or disclosure would not violate the Privacy Rule if
done by Covered Entity.
ii. Use for Management and Administration. Business Associate may use PHI if such use is necessary (i) for the
proper management and administration of Business Associate or (ii) to carry out the legal responsibilities of
Business Associate.
iii. Disclosure for Management and Administration. Business Associate may disclose PHI for the proper
management and administration of Business Associate if (i) the disclosure is Required by Law or (ii) Business
Associate (a) obtains reasonable assurances from the person to whom the PHI is disclosed that it will be held
confidentially and used or further disclosed only as Required by Law, or for the purpose for which it was
disclosed to the person and (b) the person agrees to notify Business Associate of any instances in which it
becomes aware the confidentiality and security of the PHI has been breached.
iv. Data Aggregation Services. Business Associate may use PHI to provide Data Aggregation services relating to the
Health Care Operations of Covered Entity.
v. De-Identification of PHI. Business Associate may use PHI to create de-identified information in accordance with 45 CFR §
164.514(b).
vi. Treatment, Payment, and Health Care Operations of Other Covered Entities. Business Associate may use and
disclose PHI for the treatment, payment, and health care operations of other covered entities, subject to the
limitations in 45 CFR § 164.506(c), the Minimum Necessary requirements, where applicable, and other
applicable restrictions of federal and state laws and regulations.
vii. Public Health. Business Associate may use and disclose PHI for public health purposes in accordance with
the requirements of 45 CFR §§ 164.512(b) and 164.514(e) and other applicable restrictions of federal and
state laws and regulations.
viii. Health Oversight. Business Associate may disclose PHI to a health oversight agency for oversight activities
authorized by law in accordance with the requirements of 45 CFR § 164.512(d) and other applicable
restrictions of federal and state laws and regulations.
ix. Disclosures for Judicial and Administrative Proceedings and for Law Enforcement Purposes. Business
Associate may disclose PHI in response to an order of a court or administrative tribunal, court-ordered
warrant, subpoena, discovery request, or other lawful process, in accordance with the requirements of 45 CFR
§ 164.512(a), (e), and (f) and other applicable restrictions of federal and state laws and regulations.
x. Limited Data Sets. Business Associate may use PHI to create limited data set(s) in accordance with 45 CFR §
164.514(e), and may use or disclose such limited data sets for Health Care Operations, Research, or public
health purposes pursuant to a data use agreement and in accordance with 45 CFR § 164.514(e) and other
applicable restrictions of federal and state laws and regulations.
Office Ally Inc. | PO Box 872020 Vancouver, WA 98687 | Phone: (360) 975-7000 | Fax: (360) 314-2184 | www.OfficeAlly.com | Revised: 7/07/2020 | Page 3
xi. Authorization. Business Associate may use and disclose PHI as authorized by an Individual using an
authorization that complies with the requirements of 45 CFR § 164.508.
c. Safeguards. Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than
as provided for by this Agreement.
d. Security Rule. With respect to ePHI, Business Associate shall comply with the applicable requirements of the
Security Rule.
e. Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches. Business Associate
agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or any Security
Incident of which Business Associate becomes aware, except that this section shall hereby serve as notice, and no
additional reporting shall be required, of the regular occurrence of unsuccessful attempts at unauthorized access,
use, disclosure, modification, or destruction of ePHI or interference with system operations in an information system
containing ePHI. After discovery of an impermissible Use, Disclosure or Security Incident, Business Associate shall
report such incident to the Covered Entity promptly without unreasonable delay. In the event that such use or
disclosure or Security Incident constitutes a Breach of Unsecured Protected Health Information, such notice shall
include the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business
Associate to have been accessed, acquired, used, or disclosed in connection with such Breach and any additional
information set forth at 45 CFR § 164.410, to the extent possible. In addition, Business Associate shall provide any
additional information reasonably requested by Covered Entity for the purpose of investigating and responding to the
Breach. Notification of Breach, or potential Breach, under this Agreement shall be made to Covered Entity as
indicated in Section (X)(c) below.
f. Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that becomes
known to Business Associate as a result of a Breach, or use or disclosure of PHI, by Business Associate in
violation of the requirements of this Agreement.
g. Use of Subcontractors. Business Associate shall ensure that any of Subcontractors that create, receive,
maintain, or transmit protected health information on behalf of the Business Associate agrees to the same or more
stringent restrictions, conditions, and requirements that apply to the Business Associate with respect to such
information, including compliance with the applicable requirements of the Security Rule.
h. Availability of Information to Covered Entity. Within five (5) business days of receipt of a request from Covered Entity,
Business Associate shall make available to Covered Entity PHI in a Designated Record Set as necessary to allow Covered
Entity to satisfy its obligations under 45 CFR § 164.524. If an Individual requests such information directly from Business
Associate, Business Associate must notify Covered Entity in writing within five (5) business days. Business Associate shall not
give the Individual access to the information unless access is approved by Covered Entity. Covered Entity shall have full
discretion to determine whether the Individual shall be given access.
i. Amendment of PHI. Within five (5) business days of receipt of a request from Covered Entity, Business Associate
shall make Covered Entity’s PHI available to Covered Entity so that Covered Entity may fulfill its obligations to amend
such PHI pursuant to the Privacy Rule, including but not limited to, 45 CFR § 164.526. If an Individual requests that
Business Associate amend the Individual’s PHI, Business Associate must notify Covered Entity in writing within five (5)
business days and the Covered Entity may then amend the PHI through the use of the services. Covered Entity shall have full
discretion to determine whether to accept an Individual’s request for amendment.
j. Accounting of Disclosures of PHI. Within five (5) business days of receipt of a request from Covered Entity, Business
Associate shall make available to Covered Entity a list of disclosures of PHI as required for Covered Entity to fulfill its
obligations to provide an accounting pursuant to the Privacy Rule, including but not limited to, 45 CFR § 164.528. Business
Associate shall implement a process that allows for such an accounting. If an Individual requests such an accounting directly
from Business Associate, Business Associate must notify Covered Entity in writing within five (5) business days.
k. Availability of Books and Records. Business Associate shall make its internal practices, books and records
relating to the use and disclosure of PHI, created or received pursuant to this Agreement, available to the
Secretary of the United States Department of Health and Human Services, for the purpose of determining Covered
Entity’s compliance with the Privacy and Security Rules as set forth in 45 CFR § 160.310.
Office Ally Inc. | PO Box 872020 Vancouver, WA 98687 | Phone: (360) 975-7000 | Fax: (360) 314-2184 | www.OfficeAlly.com | Revised: 7/07/2020 | Page 4
l. Minimum Necessary Amount of PHI. Business Associate acknowledges that it shall make reasonable efforts to
request from Covered Entity and disclose to its affiliates and Subcontractors, or other authorized third parties, only
the minimum necessary PHI to accomplish the intended purpose of such requests or disclosures.
m. Standard Transactions. If Business Associate conducts any Standard Transactions on behalf of Covered Entity,
Business Associate shall comply with the applicable requirements of 45 CFR Parts 160-162.
n. Data Ownership. Business Associate acknowledges that Covered Entity is the owner of all the PHI obtained from
or on behalf of the Covered Entity.
o. Privacy Rule Obligations. To the extent Business Associate is to carry out Covered Entity’s obligation under the
Privacy Rule, Business Associates shall comply with the requirements of the Privacy Rule that apply to Covered
Entity in the performance of such obligation.
Furthermore, any specific listing of duties or functions to be performed by Business Associate for Covered Entity
contained in a separate contract (or addendum thereto) between the Parties is hereby incorporated by reference
into this Agreement for the sole purpose of further elaborating duties and functions that Business Associate is
contractually undertaking on behalf of the Covered Entity.
III. OBLIGATIONS OF COVERED ENTITY
a. Notice of Privacy Practices. Covered Entity shall not include in its notice of privacy practices under 45 CFR §
164.520 any limitation(s) that further limits Business Associate’s use or disclosure of PHI under this Agreement
unless such a limitation(s) is required by law or Covered Entity receives Business Associate’s prior approval so
that Business Associate can confirm that it can operationalize the limitation(s). In the event that Covered Entity is
required to include such a limitation in its notice of privacy practices, Covered Entity shall promptly notify Business
Associate of such limitation(s).
b. Revocation of Authorization. Covered Entity shall provide Business Associate with any changes in, or revocation
of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes
affect Business Associate’s use or disclosure of PHI.
c. Restrictions. Covered Entity shall not agree to any request for a restriction under 45 CFR § 164.522 that further
limits Business Associate’s use or disclosure of PHI under this Agreement unless Covered Entity is required by
law to agree to such a restriction or Covered Entity receives Business Associate’s prior approval so that Business
Associate can confirm that it can operationalize the restriction. Covered Entity shall notify Business Associate of
any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §
164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
d. Requests to Use or Disclose PHI. Covered Entity shall not request or cause Business Associate to use or
disclose PHI in any manner that would not be permissible under the Privacy Rule if done by Covered Entity or that
is not otherwise expressly permitted under Section (II)(b) hereof.
IV. TERM AND TERMINATION
a. Term. The Term of this Agreement shall be effective as of the Effective Date and shall terminate when all
underlying service agreement(s) involving PHI have terminated.
b. Termination for Cause. Upon Covered Entity’s knowledge of a material Breach by Business Associate, Covered
Entity shall either:
i. Provide an opportunity for Business Associate to cure the Breach or end the violation, and terminate this Agreement
and any underlying service agreement(s) if Business Associate does not cure the Breach or end the violation within
the time specified by Covered Entity;
ii. Immediately terminate this Agreement and any underlying service agreement(s) if Business Associate has
breached a material term of this Agreement, and a cure is not possible.
Office Ally Inc. | PO Box 872020 Vancouver, WA 98687 | Phone: (360) 975-7000 | Fax: (360) 314-2184 | www.OfficeAlly.com | Revised: 7/07/2020 | Page 5
c. Effect of Termination.
i. Except as provided in paragraph (c)(ii) of this section, upon termination of this Agreement, for any reason,
Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by
Business Associate on behalf of the Covered Entity. Business Associate shall make reasonable efforts to
apply and enforce this provision with respect to PHI that is in the possession of Subcontractors of Business
Associate. Business Associate shall retain no copies of the PHI.
ii. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate
shall extend the protections of this Agreement to such PHI, and limit further uses and disclosure of such PHI to those
purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
V. DISCLAIMER
Business Associate makes no warranty or representation that Covered Entity’s execution of this Agreement will satisfy all of
Covered Entity’s applicable legal requirements. Covered Entity is solely responsible for all decisions made by Covered
Entity regarding the safeguards of PHI.
VI. NO THIRD PARTY BENEFICIARIES
Nothing expressed or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person
other than Covered Entity, Business Associate, and their respective successors and assigns, any rights, remedies,
obligations, or liabilities whatsoever.
VII. CHANGE IN APPLICABLE LAWS OR REGULATIONS
In the event the laws or regulations of the United States or the State in which the majority of services are rendered are modified
or amended in any material way with respect to this Agreement, this Agreement shall not be terminated but rather, to the extent
feasible, shall be promptly amended by the Parties to operate in compliance with the existing law. To the extent any
amendments to this Agreement shall be necessary to effectuate or clarify the obligations of the Parties pursuant to such
changes to the HIPAA Rules; the Parties hereby agree to negotiate such amendments in good faith, subject to the right of either
Party to terminate this Agreement in accordance with its terms.
VIII. MODIFICATION
This Agreement may only be modified through a written notice signed by the Parties and, thus, no oral modification hereof
shall be permitted.
IX. INTERPRETATION
Should there be any conflict between the language of this contract and any other contract entered into between the Parties
(either previous or subsequent to the date of this Agreement), the language and provisions of this Agreement shall control
and prevail, unless in a subsequent written agreement the Parties specifically refer to this Agreement by its title and date,
and, also, specifically state that the provisions of the later written agreement shall control over this Agreement. Any
ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity and Business Associate to
comply with HIPAA, the HITECH Act, and the HIPAA Rules.
Office Ally Inc. | PO Box 872020 Vancouver, WA 98687 | Phone: (360) 975-7000 | Fax: (360) 314-2184 | www.OfficeAlly.com | Revised: 7/07/2020 | Page 6
X. MISCELLANEOUS
a. A reference in this Agreement to a section in the Privacy Rule means the section as in effect or amended.
b. Nothing in this Agreement is intended to create an agency relationship between the Parties.
c. Any notice required under this Agreement to be given to Covered Entity or Business Associate shall be made in writing to:
COVERED ENTITY: BUSINESS ASSOCIATE:
Office Ally, Inc.
Covered Entity Name Business Associate Name
Brian O’Neill / President & CEO ______
Attn Attn
PO Box 872020 _______
Street Address Street Address
Vancouver, WA 98687
City/State/Zip Code City/State/Zip Code
360-975-7000
Phone Number Phone Number
IN WITNESS WHEREOF and acknowledging acceptance and agreement of the foregoing, the Parties affix their signatures
hereto.
COVERED ENTITY: BUSINESS ASSOCIATE:
Brian P. O’Neill____________________________
Name Name
________________________________________
CEO/President ___________________________
Title Title
Signature Signature
Date Date
Download
Save PDF to desktop
Email
Email completed PDF
Send for Signing
Email for others to sign
Print
Print document
Choose a Field
Click on a field and
select the person that should complete it
Want to add a signature?
You can add a signature field
and assign it to someone else
to sign
Choose a Field
Click on a field and
select the person that should complete it

BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Agreement) (Office Ally)

This document is locked as it has been sent for signing.

You have successfully completed this document.

Other parties need to complete fields in the document. You will recieve an email notification when the document has been completed by all parties.

This document has been signed by all parties.

Completed 8 April 2021

Message

View Audit Log
Print With Audit Log
Duplicate Document