implant X Dental

Submit A Case
Submit A Case

HIPAA Consent & Agreement

BUSINESS AFFILIATE AGREEMENT

This Agreement is entered into by and between __________ (Health Care Provider) and __________ (Business Affiliate) to establish the terms and conditions under which “protected health information” (PHI), as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Regulations enacted hereunder, created or received by the Business Affiliate on behalf of the Health Care Provider, may be used or disclosed. This Agreement commences on __________ (Date), and the obligations herein shall continue so long as the Business Affiliate uses, discloses, creates, or otherwise possesses any protected health information created or received on behalf of the Health Care Provider, until all such PHI is destroyed or returned pursuant to Paragraph 15 herein.

1) Permitted Uses and Disclosures

The Health Care Provider and Business Affiliate agree that the Business Affiliate may use and/or disclose PHI created or received on behalf of the Health Care Provider for the following purposes:

  • a) Completing and submitting health care claims to health plans, clearinghouses, and other third-party payers.
  • b) Collection of fees for the Health Care Provider.
  • c) Establishing and maintaining Business Management Programs for the Health Care Provider.
  • d) Introducing, maintaining, and programming Electronic Medical Record Systems for the Health Care Provider.
  • e) Introducing, maintaining, and programming compatible Dictation Systems for the Health Care Provider.

All permitted uses and disclosures must be within the scope of, and necessary to fulfill, the Business Affiliate’s obligations and responsibilities.

2) Use and Disclosure for Administration or Legal Requirements

The Business Affiliate may use and disclose PHI created or received on behalf of the Health Care Provider if necessary for the management and administration of the Business Affiliate or to fulfill legal responsibilities, provided that any disclosure is:

  • a) Required by law, or
  • b) The recipient provides reasonable assurance that:
    • i) PHI will be held confidentially and used or further disclosed only as required by law.
    • ii) The recipient will notify the Business Affiliate of any breaches of confidentiality.

3) Security and Privacy Compliance

The Business Affiliate agrees to maintain the security and privacy of all PHI in compliance with State and Federal laws, including HIPAA, and all other applicable laws.

4) Restrictions on Use and Disclosure

The Business Affiliate agrees not to use or disclose PHI except as permitted by this Agreement, applicable law, or for managing internal business processes.

5) Workforce Awareness and Disciplinary Actions

The Business Affiliate shall not disclose PHI to any member of its workforce without informing them of the privacy and security obligations under this Agreement. Appropriate disciplinary action will be taken for violations.

6) Disclosure to Third Parties

The Business Affiliate shall not disclose PHI to agents or subcontractors unless they agree in writing to abide by this Agreement and applicable State or Federal law.

7) Safeguards

The Business Affiliate agrees to implement safeguards to prevent unauthorized use or disclosure of PHI.

8) Record of Disclosures

The Business Affiliate agrees to maintain records of all disclosures of PHI, detailing the date, recipient’s name and address, subject, description, and purpose. Records must be made available within five (5) working days of a request.

9) Reporting Unauthorized Use or Disclosure

The Business Affiliate agrees to report any unauthorized use or disclosure of PHI, including the remedial action taken.

10) Access to Records

The Business Affiliate agrees to provide access to its internal practices, books, and records relating to the use and disclosure of PHI for HIPAA compliance purposes. Within thirty (30) days of a written request, the Business Affiliate shall provide access to PHI in the requested format.

11) Amendment of PHI

The Business Affiliate agrees to amend PHI upon request by the Health Care Provider within thirty (30) days.

12) Non-compliance Remedies

In the event of non-compliance, the Health Care Provider may:

  • a) Require a compliance plan.
  • b) Require mitigation of any unauthorized use.
  • c) Immediately discontinue providing PHI to the Business Affiliate.

13) Termination

The Health Care Provider may terminate this Agreement for material breach by the Business Affiliate, providing an opportunity to cure within ten (10) days. Failure to cure shall result in immediate termination.

14) Return or Destruction of PHI

Upon termination, the Business Affiliate must return or destroy all PHI. If return or destruction is not feasible, the Business Affiliate must continue to protect PHI in compliance with this Agreement and applicable law.

15) Amendments

The Health Care Provider may amend this Agreement by providing ten (10) days’ written notice to ensure compliance with State and Federal law. The Business Affiliate may choose to discontinue the Agreement, but security and privacy obligations will survive discontinuation.

16) Indemnification

The Business Affiliate agrees to indemnify the Health Care Provider against any losses, claims, or liabilities arising from the Business Affiliate’s actions or omissions.

17) Compliance with HIGH TECH RULES

The Business Affiliate agrees to comply with the HIGH TECH RULES established in February 2010, including PHI protection, password protection, firewall implementation, and document shredding.

© 2024 Implantxdental. Created and operated by Inkwell Marketing LLC