Laserfiche WebLink
benefitc,x1)ress <br />•,,� l.rnr(it wisr rrlahomhil� di ...��: <br />Benefit Express Services, LLC <br />Technology and Services Agreement <br />(g) Penalties for Noncompliance. The Business Associate acknowledges that it is subject to civil and criminal enforcement for failure to <br />comply with the privacy rule and security rule under the HIPAA Rules, as amended by the HITECH Act. <br />III. Compliance with Electronic Transactions Rule <br />If the Business Associate conducts in whole or part Electronic Transactions on behalf of the Covered Entity for which HHS has <br />established standards, the Business Associate will comply, and will require any Subcontractor or agent it involves with the conduct of <br />such Transactions to comply, with each applicable requirement of the Electronic Transactions Rule. The Business Associate shall also <br />comply with the National Provider Identifier requirements, if and to the extent applicable. <br />IV. Obligations of the Covered Entity <br />(a) Notice of Privacy Practices. Client shall provide BE with the notice of privacy practices that it produces in accordance with 45 CFR <br />Section 164.520, as well as any changes to such notice. BE shall not be responsible for the content of the Notice nor any error or <br />omission in the notice. <br />(b) Notification of Changes and Restrictions. The Covered Entity shall notify the Business Associate of: <br />i. Any limitation(s) in its notice of privacy practices of the Covered Entity in accordance with 45 CFR §164.520, to the extent that <br />such limitation may affect the Business Associate's use or disclosure of Protected Health Information; <br />ii. Any changes in, or revocation of, permission by the Individual to use or disclose Protected Health Information, to the extent that <br />such changes may affect the Business Associate's use or disclosure of Protected Health Information; and <br />iii. Any restriction to the use or disclosure of Protected Health Information that the Covered Entity has agreed to in accordance <br />with 45 CFR §164.522, to the extent that such restriction may affect the Business Associate's use or disclosure of Protected <br />Health Information. <br />(c) Responsibility for Further Disclosures. Client shall be responsible for ensuring that further disclosure by Client of PHI (including, but <br />not limited to, disclosures to employers, plan sponsors, agents, vendors and group health plans) complies with the requirements of <br />HIPAA and applicable federal and state laws. <br />V. Permissible Requests by the Covered Entity <br />The Covered Entity shall not request the Business Associate to use or disclose Protected Health Information in any manner that would <br />not be permissible under the Privacy Rule if done by the Covered Entity. <br />VI. Individual Rights <br />(a) Access. The Business Associate will, within twenty-five (25) calendar days following the Covered Entity's request, make available to <br />the Covered Entity or, at the Covered Entity's direction, to an individual (or the individual's personal representative) for inspection <br />and obtaining copies of the Covered Entity's Protected Health Information about the individual that is in the Business Associate's <br />custody or control, so that the Covered Entity may meet its access obligations under 45 CFR §164.524. Effective as of the date <br />specified by HHS, if the Protected Health Information is held electronically in a designated Record Set in the Business Associate's <br />custody or control. The Business Associate will provide an electronic copy in the form and format specified by the Covered Entity if it <br />is readily producible in such format; if it is not readily producible in such format, the Business Associate will work with the Covered <br />Entity to determine an alternative form and format as specified by the Covered Entity to meet its electronic access obligations under <br />45 CFR 164.524. <br />(b) Amendment. The Business Associate will, upon receipt of written notice from the Covered Entity, promptly amend or permit the <br />Covered Entity access to amend any portion of the Covered Entity's Protected Health Information in a designated record set as <br />directed or agreed to by the Covered Entity, so that the Covered Entity may meet its amendment obligations under 45 CFR §164.526. <br />(c) Disclosure Accounting. The Business Associate will maintain and make available the information required to provide an accounting <br />of disclosures to the Covered Entity as necessary to satisfy the Covered Entity's obligations under 45 CFR §164.528. <br />L Disclosures Subject to Accounting. The Business Associate will record the information specified below ("Disclosure <br />Information") for each disclosure of the Covered Entity's Protected Health Information, not excepted from disclosure accounting <br />as specified below, that the Business Associate makes to the Covered Entity or to a third party. <br />ii. Disclosures Not Subject to Accounting. The Business Associate will not be obligated to record Disclosure Information or <br />otherwise account for disclosures of the Covered Entity's Protected Health Information if the Covered Entity need not account <br />for such disclosures under the HIPAA Rules. <br />iii. Disclosure Information. With respect to any disclosure by the Business Associate of the Covered Entity's Protected Health <br />Information that is not excepted from disclosure accounting under the HIPAA Rules, the Business Associate will record the <br />following Disclosure Information as applicable to the type of accountable disclosure made: <br />1. Disclosure Information Generally. Except for repetitive disclosures of the Covered Entity's Protected Health <br />Information as specified below, the Disclosure Information that the Business Associate must record for each <br />accountable disclosure is (1) the disclosure date, (2) the name and (if known) address of the entity to which the Business <br />