{"version":"1.0","provider_name":"Medical Office Force","provider_url":"https:\/\/www.medicalofficeforce.com\/es","author_name":"Judah Coody","author_url":"https:\/\/www.medicalofficeforce.com\/es\/author\/judahchws\/","title":"Business Associate Agreement - Medical Office Force","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"eUN4wkzMDf\"><a href=\"https:\/\/www.medicalofficeforce.com\/es\/business-associate-agreement\/\">Business Associate Agreement<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.medicalofficeforce.com\/es\/business-associate-agreement\/embed\/#?secret=eUN4wkzMDf\" width=\"600\" height=\"338\" title=\"&#8220;Business Associate Agreement&#8221; &#8212; Medical Office Force\" data-secret=\"eUN4wkzMDf\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.medicalofficeforce.com\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>","description":"BUSINESS ASSOCIATE AGREEMENT 1. Section 1. Definitions. 1.01 This Business Associate Agreement (\u201cBAA\u201d) is intended to ensure that Business Associate will establish and implement appropriate safeguards for the Protected Health Information (\u201cPHI\u201d) (as defined under the HIPAA Rules) that Business Associate may receive, create, maintain, use, or disclose in connection with the functions, activities, and services that Business Associate performs for Covered Entity. The functions, activities, and services that Business Associate performs for Covered Entity are defined in the Independent Contractor Agreement (the \u201cUnderlying Agreement\u201d). 1.02 Pursuant to changes required under the Health Information Technology for Economic and Clinical Health Act of 2009 (the \u201cHITECH Act\u201d) and under the American Recovery and Reinvestment Act of 2009 (\u201cARRA\u201d), this BAA also reflects federal breach notification requirements imposed on Business Associate when \u201cUnsecured PHI\u201d (as defined under the HIPAA Rules) is acquired by an unauthorized party, and the expanded privacy and security provisions imposed on business associates. 1.03 Unless the context clearly indicates otherwise, the following terms in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, disclosure, Electronic Media, Electronic Protected Health Information (ePHI), Health Care Operations, individual, Minimum Necessary, Notice of Privacy Practices, Required by Law, Secretary, Security Incident, Subcontractor, Unsecured PHI, and use. 1.04 A reference in this BAA to the Privacy Rule means the Privacy Rule, in conformity with the regulations at 45 C.F.R. Parts 160-164 (the \u201cPrivacy Rule\u201d) as interpreted under applicable regulations and guidance of general application published by HHS, including all amendments thereto for which compliance is required, as amended by the HITECH Act, ARRA, and the HIPAA Rules. Section 2. General Obligations of Business Associate. 2.01 Business Associate agrees not to use or disclose PHI, other than as permitted or required by this BAA or as Required by Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI. 2.02 Business Associate agrees to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent use or disclosure of PHI other than as provided for by the BAA. 2.03 Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate in violation of this BAA\u2019s requirements or that would otherwise cause a Breach of Unsecured PHI. \u00a0 2.04 The Business Associate agrees to the following breach notification requirements: (a)\u00a0\u00a0Business Associate agrees to report to Covered Entity any Breach of Unsecured PHI not provided for by the BAA of which it becomes aware within forty-five (45) calendar days of \u201cdiscovery\u201d within the meaning of the HITECH Act. Such notice shall include the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed in connection with such Breach. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. \u00a7 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate\u2019s notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules, and related guidance issued by the Secretary or the delegate of the Secretary from time to time. (b)\u00a0\u00a0Business Associate agrees to provide notification of any Breach of Unsecured PHI of which it becomes aware, as required under 45 C.F.R. \u00a7 164.410, and any Security Incident of which it becomes aware, in violation of this BAA to individuals, the media (as defined under the HITECH Act), the Secretary, and\/or any other parties as required under HIPAA, the HITECH Act, ARRA, and the HIPAA Rules, subject to the prior review and written approval by Covered Entity of the content of such notification. 2.05 Business Associate agrees, in accordance with 45 C.F.R. \u00a7\u00a7 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information. 2.06 Business Associate agrees to make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity\u2019s obligations under 45 C.F.R. \u00a7 164.524. (a)\u00a0\u00a0Business Associate agrees to comply with an individual\u2019s request to restrict the disclosure of their personal PHI in a manner consistent with 45 C.F.R. \u00a7 164.522, except where such use, disclosure, or request is required or permitted under applicable law. (b)\u00a0\u00a0Business Associate agrees that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. \u00a7 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a \u201climited data set\u201d as defined in 45 C.F.R. \u00a7 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure, as interpreted under related guidance issued by the Secretary from time to time. 2.07 Business Associate agrees to make any amendments to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. \u00a7 164.526 or take other measures as necessary to satisfy Covered Entity\u2019s obligations under 45 C.F.R. \u00a7 164.526. 2.08 Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity\u2019s obligations under 45 C.F.R. \u00a7 164.528. 2.09 Business Associate agrees to make its internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the &hellip; Continue reading"}