The URL can be used to link to this page

1.03/19/2003 Agreement Cleltl ollhe eircul eo un Danny L. Kolhage Phone: 305-292-3550 Fax: 305-295-3663 Memnrandum To: James Roberts, County Administrator Attn: Maria Z. Fernandez, Administrator Group Insurance From: Isabel C. DeSantis, _' _ I Deputy Clerk ~ Date: Friday, April 25, 2003 At the Board meeting on March 19, 2003, the fOllowing was approved: Business Associate Addendum between Monroe County, Acordia National, Inc. and Keys Physician Hospital Alliance. The Business Associate Agreement covers security of Protected Health Information (PHI) as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule effective April 13, 2003. Enclosed please find duplicate originals of the subject documents for your handling. Copies: Finance County Attorney File J BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ("HIPAA Agreement") is made this 19th day of March 2003, by and between Keys Physician-Hospital Alliance ("Business Associate") and Monroe County Board of County Commissioners ("Client"), and has been entered into to assure the protection and preservation of the confidential and/or protected nature of information to be disclosed or made available by Client itself, or any other entity affiliated with Client, to Business Associate. [If Addendum: This HIP AA Agreement shall serve as an addendum to the agreement entered into between the Business Associate and Client on October 1, 2002 for certain business services ("Service Agreement"). RECITALS WHEREAS, Business Associate has agreed to perform certain services on behalf of or in connection with Client. Those services are: Case Management and Utilization Review services (hereinafter referred to as "Business Associate Services"); WHEREAS, the parties desire to comply with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIP AA") Standards for Privacy of Individually Identifiable Health Information, as amended from time to time; WHEREAS, Business Associate agrees not to use or disclose Protected Health Information (PHI), as defined by the HIPAA regulations at 45 C.F.R. ~ 164.501et seq., other than as permitted or required by this Agreement or as required by law; NOW THEREFORE, for and in consideration of the recitals above and the mutual covenants and conditions herein contained, Client and Business Associate enter into this HIP AA Agreement to provide a full statement of their respective responsibilities. ARTICLE I - DEFINITIONS 1.1 Unless otherwise provided in this HIP AA Agreement, capitalized terms shall have the same meaning as set forth in the HIPAA regulations, 45 C.F.R. Parts 160 and 164. ARTICLE II - SCOPE OF USE OF PHI 2.1 All PHI disclosed to Business Associate by Client shall be retained in confidence by Business Associate, shall not be disclosed to any third parties other than those authorized by this HIPAA Agreement, or as permitted or required by law, without prior written permission of Client, and shall not be used by Business Associate for any purpose except as necessary to perform Business Associate Services. Business Associate acknowledges that the PHI provided by Client may also be protected by law and that public disclosure could be a violation of law potentially resulting in fines and other penalties against Business Associate and Client. Business Associate shall treat all PHI in accordance with applicable state and federal laws and regulations. Business Associate may use PHI received from the Client for the management and administration of its operations, if necessary or requested by the Client for purposes of internal auditing, billing accuracy, or to perform data aggregation relating to healthcare operations, Quality Reviews or Utilization Review of Client. 2.2 Business Associate agrees that it will (a) protect and safeguard from any unauthorized oral or written use or disclosure of all PHI regardless of the type of media on which it is stored (e.g., paper, fiche, etc.), with which it may come into contact, in accordance with applicable statutes and regulations, including, but not limited to, HIP AA; (b) implement and maintain appropriate policies and procedures to protect and safeguard the PHI; and ( c) use appropriate safeguards to prevent use or disclosure of PHI other than the minimum amount necessary as permitted by this HIP AA Agreement or as permitted or required by law. Business Associate acknowledges that Client is relying on the safeguards of Business Associate in selecting Business Associate to provide the Business Associate Services. Business Associate shall promptly notify Client of any material change to any aspect of its privacy safeguards. 2.3 Except as otherwise limited in this HIP AA Agreement, Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. 2.4 Except as otherwise limited in this HIP AA Agreement, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 2.5 Except as otherwise limited in this HIP AA Agreement, Business Associate may use PHI to provide Data Aggregation services to a Covered Entity as permitted by 45 CFR S 164.504 (e )(2)(i)(B). 2.6 Business Associate may use PHI to report violations oflaw to the appropriate Federal and State Authorities, consistent with S 1 64/502(j)(1). 2.7 Business Associate agrees that it will maintain in a separate database or file all original data received from Client, whether or not such is PHI. Upon completion of its performance of Business Associate Services and the termination of this HIP AA Agreement, Business Associate agrees to return such original data to the Client, or to destroy such original data, upon Client's request. 2.8 Business Associate shall not use or include the PHI, nor any extrapolations or normative versions thereof, in any database or other application or program that Business Associate publishes or makes available to a third party or otherwise use PHI received for the purpose of developing information or statistical compilations for use by third parties or for any other commercial exploitation or enterprise without first obtaining Client's specific written permission, which permission Client may withhold in the exercise of its sole discretion. 20f8 2.9 Business Associate shall not reproduce PHI in any form, except as is required for use as authorized herein, without the prior written permission of Client. Each such reproduction shall include the ownership and confidentiality legends of Client. 2.10 To the extent Business Associate uses one or more agents, including subcontractors, to provide services and such subcontractors or agents receive or have access to PHI, Business Associate agrees that it will ensure that each such subcontractor or agent shall agree to all of the same restrictions and conditions to which Business Associate is bound. Each subcontractor or agent shall sign a HIP AA Agreement with Business Associate containing substantially the same provisions as this HIP AA Agreement in accordance with the HIP AA regulations, as amended from time to time. 2.11 Business Associate will report in writing to the Client Privacy Officer any unauthorized use or disclosure of PHI within 24 hours of discovery. Business Associate shall permit Client to investigate any such report and to examine Business Associate's premises, systems, practices, books and records of business. 2.12 Business Associate shall take appropriate action, including but not limited to, instruction to or agreement with, its employees, agents and subcontractors, to maintain the confidentiality of the PHI. 2.13 All PHI and any other documents or records of Client received by Business Associate from Client shall remain the property of Client, shall be used by Business Associate only for the purpose stated in this HIP AA Agreement, and shall be returned to Client (including all whole or partial copies thereof) upon request. ARTICLE III - AMENDMENT OF PHI 3.1 Business Associate agrees to make any amendments to PHI in a designated record set that the Client directs, which comply with 45 C.F.R. ~164.526, at the request of the Client or an individual. 3.2 Business Associate shall promptly incorporate all amendments or corrections to PHI, in compliance with 45 C.F.R. 164.526 requested by Client to do so. ARTICLE IV - AVAILABILITY, AUDITS AND INSPECTIONS 4.1 Business Associate agrees that it will (a) make available PHI in a designated record set to the Client in order to meet the requirements of 45 C.F.R. ~ 164.524 and (b) make available the information to Client in order for the Client to provide an accounting of disclosures in accordance with 45 C.F.R. ~ 164.528. Business Associate will provide such accounting to Client as soon as possible, but not more than five (5) days from the date of request by Client. Each accounting shall provide (i) the date of each disclosure; (ii) the name and address of the organization or person who received the PHI; (iii) a brief description of the information disclosed; and (iv) for disclosures other than those made at the request of the subject, the purpose for which the information was disclosed and a copy of the request or authorization for disclosure. Business Associate shall maintain a process to provide this accounting of disclosures for as long as Business Associate maintains PHI received from or on behalf of Client. 30f8 4.2 Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI, received from Client, or created or received by Business Associate on behalf of Client, available to the Client, or to the Secretary of Health and Human Services, governmental officers and agencies for purposes of determining compliance with 45 C.F.R. Parts 160 and 164. Any audit conducted hereunder shall be conducted during Business Associate's normal business hours; shall not cause disruption to Business Associate's other business activities; and shall be circumscribed to the extent other customers' PHI might be disclosed. ARTICLE V - TERM/TERMINATION 5.1 As provided for under 45 C.F.R. ~ 164.504(e)(2)(iii), Client may immediately terminate this HIP AA Agreement and the attached Service Agreement if the Client makes the determination that Business Associate has breached a material term of this HIP AA Agreement. Alternatively, Client may choose to: (i) provide Business Associate with written notice of the existence of an alleged material breach; and (ii) afford Business Associate an opportunity to cure said alleged material breach upon mutually agreeable terms. In the event of such termination, Client shall not be liable for the payment of any services performed by Business Associate after the effective date of termination. 5.2 If neither termination nor cure is feasible, Client shall report the violation to the Secretary of Health and Human Services. 5.3 Business Associate agrees that, upon termination or expiration of the HIPAA Agreement for whatever reason, it will return or destroy all PHI as directed by Client, if feasible, received from, or created by Client, or created or received by Business Associate on behalf of Client, which Business Associate maintains in any form, and retain no copies of such information. This provision shall apply to PHI in the possession of agents or subcontractors of the Business Associate. An authorized representative of Business Associate shall certify in writing to Client within five (5) business days from the date of termination or expiration of the HIP AA Agreement, that all PHI has been returned or disposed of as provided above and that Business Associate no longer retains such PHI in any form. 5.4 To the extent such return or destruction of PHI is not feasible, Business Associate shall provide Client with notice of the conditions and reasons why the return or destruction of the PHI is not feasible and shall extend the precautions of this HIP AA Agreement to the PHI and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. Business Associate shall remain bound by the provisions of this HIP AA Agreement even after termination, until such time as all PHI has been returned or otherwise destroyed as provided in this Section, and for as long as Business Associate maintains such PHI. 5.5 All rights, duties and obligations established in Section 5.4 of this HIPAA Agreement shall survive termination or expiration of this HIP AA Agreement for any reason. 40f8 ARTICLE VI - INDEMNIFICATION 6.1 Business Associate shall indemnify and hold Client harmless from and against all claims, liabilities, judgments, fines, assessments, penalties, awards or other expenses, fees, and costs of investigation, litigation or dispute resolution, relating directly to or arising directly out of any breach of this HIP AA Agreement by Business Associate. ARTICLE VII - DISCLAIMER 7.1 CLIENT MAKES NO WARRANTY OR REPRESENTATION THAT COMPLIANCE BY BUSINESS ASSOCIATE WITH THIS HIP AA AGREEMENT OR THE HIPAA REGULATIONS WILL BE ADEQUATE OR SATISFACTORY FOR BUSINESS ASSOCIATE'S OWN PURPOSES OR THAT ANY INFORMATION IN THE POSSESSION OR CONTROL OF BUSINESS ASSOCIATE, OR TRANSMITTED OR RECEIVED BY BUSINESS ASSOCIATE, IS OR WILL BE SECURE FROM UNAUTHORIZED USE OR DISCLOSURE. ARTICLE VIII - MISCELLANEOUS 8.1 Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. 8.2 This HIP AA Agreement shall be construed as broadly as necessary for Client to implement and comply with HIP AA and the HIP AA regulations. The parties agree that any ambiguity in this HIP AA Agreement shall be resolved in favor of a meaning that complies and is consistent with HIP AA and the HIP AA regulations. 8.3 All notices and other communications required or permitted pursuant to this HIP AA Agreement shall be in writing, addressed to the party at the address set forth at the end of this HIP AA Agreement, or to such other address as either party may designate from time to time. All notices and other communications shall be mailed by registered or certified mail, return receipt requested, postage pre-paid, or transmitted by overnight courier, by hand delivery or facsimile. All notices shall be effective as ofthe date of delivery. 8.4 Client has entered into this HIP AA Agreement in specific reliance on the expertise and qualifications of Business Associate. Consequently, Business Associate's interest under this HIP AA Agreement may not be transferred or assigned or assumed by any other person, in whole or in part, without the prior written permission of Client. 8.5 This HIPAA Agreement shall be governed by, and interpreted in accordance with, the laws of the State in which Client is located without giving effect to its conflict of laws provisions. The County in which Client is located shall be the sole and exclusive venue for any arbitration, litigation, special proceeding or other proceeding as between parties that may be brought under, or arise out of, the HIPAA Agreement. 8.6 If either party to this Agreement fails in the due performance of any of its obligations under the terms of this Agreement, the other party will have the right, at its election, to sue for damages for such breach and to seek such legal and equitable remedies as may be available to it, including the right to recover all reasonable expenses, which shall include reasonable legal fees and court costs, incurred: (a) to sue for damages; (b) to seek such 50f8 other legal and equitable remedies; and (c) to collect any damages and enforce any court order or settlement agreement including, but not limited to, additional application to the court for an order of contempt. Nothing contained herein shall be construed to restrict or impair the rights of either party to exercise this election. All rights and remedies herein provided or existing at law or in equity shall be cumulative of each other and may be enforceable concurrently therewith or from time to time. 8.7 In the event any term or condition of this Agreement should be breached by either party and thereafter waived by the other party, then such waiver shall be limited to the particular breach so waived and shall not be deemed to waive any other breach either prior or subsequent to the breach so waived. 8.8 This HIPAA Agreement shall be binding upon, and shall inure to the benefit of, the parties hereto and their respective, permitted successors and assigns. 8.9 This HIP AA Agreement may be executed in multiple counterparts, each of which shall constitute an original and all of which shall constitute but one HIP AA Agreement. 8.10 The use of the masculine, feminine or neuter genders, and the use of the singular and plural, shall not be given an effect of any exclusion or limitation herein. The use of the word "person" or "party" shall mean and include any individual, trust, corporation, partnership or other entity. 8.11 The parties acknowledge that monetary remedies may be inadequate to protect their rights with respect to PHI and that, in addition to legal remedies otherwise available, injunctive relief is an appropriate judicial remedy to protect such rights. 8.12 Business Associate agrees to cooperate and participate with Client in its defense of a lawsuit or administrative action of HIP AA violations or in connection with any litigation against third parties to protect the PHI. 8.13 There are no understandings, agreements, or representations relating to the subj ect matter herein, express or implied, not specified herein or in other written agreements signed by the parties. This HIP AA Agreement may not be amended except in writing, which shall be signed by the parties. 8.14 Each party hereby confirms to the other that neither it nor its shareholders, members, directors, officers, agents, employees, subcontractors or members of its workforce have been excluded or served a notice of exclusion or have been served with a notice of proposed exclusion, or have committed any acts which are cause for exclusion, from participation in, or had any sanctions, or civil or criminal penalties imposed under, any federal or state healthcare program, including but not limited to Medicare or Medicaid, or have been convicted, under federal or state law (including without limitation of a plea of nolo contendere or participation in a first offender deterred adjudication or other arrangement whereby a judgment of conviction has been withheld), of a criminal offense related to (a) the neglect or abuse of a patient, (b) the delivery of an item or service, including the performance of management or administrative services related to the delivery of an item or service, under a federal or state program, (c) fraud, theft, embezzlement, breach of fiduciary responsibility, or other financial misconduct in connection with the delivery of a healthcare item or service or with respect to any act or omission in any program operated by or financed in whole or in part by any federal, state 60f8 or local government agency, (d) the unlawful manufacture, distribution, prescription or dispensing of a controlled substance, or ( e) interference with or obstruction of any investigation into any criminal offense described in (a) through (d) above. Each party further agrees to notify the other immediately after such party becomes aware that any of the foregoing representations or warranties may be inaccurate or may become incorrect. 8.15 Notices shall be delivered to Client the in the manner described in Section 8.3 of this HIPAA Agreement. A copy, which shall not constitute notice, shall be sent to: Health Management Associates, Inc. 5811 Pelican Bay Blvd., Suite 500 Naples, FL 34108-2710 Attn: Corporate HIP AA Compliance Manager Phone: (239) 598-3131 Fax: (239) 598-9433 In the event this HIP AA Agreement is entered into on its own merit and is not attached to another agreement, notices shall be delivered as follows: If to Business Associate: Keys Physician-Hospital Alliance c/o Lower Florida Keys Physician Hospital Organization, Inc. P. O. Box 9107 Key West, FL 33040 Attn: Ronald Bierman, Secretary Phone: (305) 294-4599 Fax: (305) 296-0827 If to Client: Monroe County Board of County Commissioners 1100 Simonton Street, Room 2-268 Key West, FL 33040 Attn: Privacy Officer Phone: (305) 292-4448 Fax: (305) 292-4452 with a copy (which shall not constitute service) to: Health Management Associates, Inc. 5811 Pelican Bay Blvd., Suite 500 Naples, FL 34108-2710 Attn: Corporate HIP AA Compliance Manager Fax: (239) 598-9433 Each party named above may change its address and/or that of its representative for notice by the giving of notice thereof in the manner hereinabove provided. 70f8 IN WITNESS WHEREOF, the parties have hereunto set their hands effective the day and year first above written. L)i~ >n ~ CLIENT: Signature Printed Name: ...D ix. ; c... /1'1. Title: /V1a.YoY Date: 03 -/9 - 03 S~Q... 1....111. y' , APPROVED AS TO FORN AND! 1'(" "-I ';! ,; cjiY/2 BY "',',.,~ :3/0Y~1 BUSINESS ASSOCIATE: CORPORATE OFFICE (if applicable): Printed Name: Title: Date: BAA Rev: 12/31/02/gvk Rev: 01/24/03/gvk Rev: 02/20/03/gvk ,., '. 0 m CC: 0 w <: 0 '-'" ....J c...) C"? <s:: ...... Ld x: :1: ~ >= _J U >-- e::: a.. C:) 'z .- 0::: _ c:: -"~--" 0 t.n wo N .c.:- u... u::':::l.J.J 0 c:::: -10 0- ',,=wO':: W ex: -l ..( :d: c-r> :,:.) 0 =. ...- u... =C. ..r_ ('..J (SEAl.) ~DZL~G~~ DEPUlYClERK 80f8 BUSINESS ASSOCIATE ADDENDUM THIS AGREEMENT, made and entered into this 19th day of March, 2003, by and between Monroe County Board of County Commissioners (hereinafter called "Covered Entity") and ACaRDIA NATIONAL (hereinafter called "Business Associate"), is hereinafter set forth: 1. Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in 45 CFR 99 160.103 and 164.501, as the same may be amended from time to time. (a) Business Associate. "Business Associate" shall mean Acordia National. (b) Covered Entity. "Covered Entity" shall mean Monroe County Board of County Commissioners. (c) Individual. "Individual" shall have the same meaning as the term "individual" in 45 CFR 9164.501 and shall include a person who qualifies as a personal representative in accordance with 45 CFR9164.502(g). (d) Privacy Rules. "Privacy Rules" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E. (e) Protected Health Information. "Protected Health Information" shall have the same meaning as the term "protected health information" in 45 CFR 9164.501, limited to the information created or received by Business Associate from or on behalf of Covered Entity. (f) Required By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR 9164.501. (g) Secretary. "Secretary" shall mean the Secretary ofthe Department of Health and Human Services or his or her designee. (h) Designated Record Set. "Designated Record Set" shall have the same meaning as the term "designated record set" in 45 CFR 164.501. II. Obligations and Activities of Business Associate (a) Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law. (b) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. (c) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement. (d) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. (e) Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 9164.524. (f) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 9164.52 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity. (g) Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule. (h) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 9164.528. (i) Business Associate agrees to provide to Covered Entity or an Individual, in time and manner designated by Covered Entity, information collected in accordance with this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 9164.528. III. Permitted Uses and Disclosures by Business Associate 2 (a) Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Administrative Service Agreement by and between Monroe County Board of County Commissioners and Business Associate, provided that such use of disclosure would not violate the Privacy Rules if done by Covered Entity. (b) Covered Entity shall notify Business Associate in writing of any restriction to the use of disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR 9164.522. (c) Disclose PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any of its present or future legal responsibilities provided that (i) the disclosures are required by law, as provided for in 45 C.F.R. 164.501, or (ii) Business Associate has received from the third party written assurances that the PHI will be held confidentially, that the PHI will only be used or further disclosed as required by law or for the purpose for which it was disclosed to the third party, and that the third party will notify the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached, as required under 45 C.F.R. 164.504 (e)(4). IV. Obligation of Covered Entity No later than the effective date of this Agreement, Covered Entity will provide Business Associate with a copy of the Plan Sponsor's certification that the health plan meets and will abide by all HIP AA requirements. With respect to the use and/or disclosure of PHI by Business Associate, the Covered Entity hereby agrees: (a) to use appropriate safeguards to maintain and ensure the confidentiality, privacy, and security of PHI transmitted to Business Associate pursuant to the Agreement, in accordance with the standards and requirements of HIP AA and the HIP AA Regulations, until such PHI is received by Business Associate. (b) to inform Business Associate of any changes in, or withdrawal of, the consent or authorization provided to the Covered Entity by individuals pursuant to 45 C.F.R. 164.506 or 164.508. (c) to notify Business Associate, in writing and in a timely manner, or any arrangements permitted or required of the Covered Entity under 45 C.F.R. Parts 160 and 164 that may impact in any manner the use and/or disclosure of PHI by the Business Associate under the agreement, including, but not limited to, restrictions on the use and/or disclosure of PHI as provided for in 45 C.F.R. 164.522 agreed to by the Covered Entity. (d) that Business Associate may make any use and/or disclosure of PHI permitted under 45 C.F.R. 164.512. 3 V. Term and Termination (a) Term. The Term of this Agreement shall be effective as of April 14, 2003, and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section. (b) Termination for Cause. Upon Covered Entity's knowledge of a material breach by Business Associate, Covered Entity shall provide a reasonable opportunity for Business Associate to cure the breach or end the violation. If such breach is not cured to the satisfaction of the Covered Entity and in a manner consistent with the requirements of HIP AA, this Agreement shall be terminated. (c) Effect of Termination. (1) Except as provided in paragraph (2) of this section, upon termination of this Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information. (2) In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. VI. Miscellaneous (a) Regulatory References. A reference in this Agreement to a section in the Privacy Rule means the section as in effect or as amended, and for which compliance is required. (b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy Rule and the Health Insurance Portability and Accountability Act, Public Law 104-191. (c) Survival. The respective rights and obligations of Business Associate under Section V. @ of this Agreement shall survive the termination of this Agreement. 4 . . . . (d) Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy Rule. IN WITNESS WHEREOF, this contract has been executive by the respective parties on the date and year first written above. COVERED ENTITY By Plan Administrator BUSINESS ASSOCIATE: Acordia National ,()~ >n ~ By: ~,d >4/ Print Name: 7?iGIIA~ '/I UU Print Title: Cil/e.c ~AlI- ,lJrP/~ By: Print Name: b;.)( \~ \\\. S~Q...kQ.,( Print Title: '{'\\ o.",,/c ( . ~,... QQ '^. '\\L, _A '... . \ I. _ .UJ~ :::t o ,-;, z ,~~ ::0 C'? ::.. Or'. fTI;::<.: (J' I O(J' c:-. :z: ::0 (-~ --l(")r :<--l:I: 'J> .." CJ ~ ~ 5 r'-.) C.:::J '::;'::;J <-.'-' ., r rT1 c:; ..." o ::0 > -0 ::u N Ul -0 :3: -'''; ....-..... p, C-) w CJ ;0 o