The URL can be used to link to this page

Home My WebLink AboutSystems Design West, LLC 1996-08-2102LA 11 I 920 - 1'35 Business Associate Agreement Between the City of Ukiah and Systems Design West, LLC This Business Associate Agreement ("Agreement") between the City of Ukiah and Systems Design West, LLC is executed to ensure that Systems Design West, LLC will appropriately safeguard protected health information ("PHI") that is created, received, maintained, or transmitted on behalf of the City of Ukiah in compliance with the applicable provisions of Public Law 104-191 of August 21, 1996, known as the Health Insurance Portability and Accountability Act of 1996, Subtitle F —Administrative Simplification, Sections 261, et seq., as amended ("HIPAA"), and with the Public Law 111-5 of February 17, 2009, known as the American Recovery and Reinvestment Act of 2009, Title XII, Subtitle D — Privacy, Sections 13400, et seq., the Health Information Technology and Clinical Health Act, as amended (the "HITECH Act"). A. General Provisions 1. Meaning of Terms. The terms used in this Agreement shall have the same meaning as those terms defined in HIPAA. 2. Regulatory References. Any reference in this Agreement to a regulatory section means the section currently in effect or as amended. 3. Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance with HIPAA. B. Obligations of Business Associate Systems Design West, LLC agrees that it will: 1. Not use or further disclose PHI other than as permitted or required by this Agreement or as required by law; 2. Use appropriate safeguards and comply, where applicable, with the HIPAA Security Rule with respect to electronic protected health information ("e -PHI") and implement appropriate physical, technical and administrative safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement; 3. Report to the City of Ukiah any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including any security incident (as defined in the HIPAA Security Rule) and any breaches of unsecured PHI as required by 45 CFR §164.410. Breaches of unsecured PHI shall be reported to the City of Ukiah without unreasonable delay but in no case later than 60 days after discovery of the breach; 4. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Systems Design West, LLC agree to the same restrictions, conditions, and requirements that apply to Systems Design West, LLC with respect to such information; 5. Make PHI in a designated record set available to the City of Ukiah and to an individual who has a right of access in a manner that satisfies the City of Ukiah's obligations to provide access to PHI in accordance with 45 CFR §164.524 within 30 days of a request; 6. Make any amendment(s) to PHI in a designated record set as directed by the City of Ukiah, or take other measures necessary to satisfy the City of Ukiah's obligations under 45 CFR §164.526; 7. Maintain and make available information required to provide an accounting of disclosures to the City of Ukiah or an individual who has a right to an accounting within 60 days and as necessary to satisfy the City of Ukiah's obligations under 45 CFR §164.528. 8. To the extent that Systems Design West, LLC is to carry out any of the City of Ukiah's obligations under the HIPAA Privacy Rule, Systems Design West, LLC shall comply with the requirements of the Privacy Rule that apply to the City of Ukiah when it carries out that obligation; 9. Make its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Systems Design West, LLC on behalf of the City of Ukiah, available to the Secretary of the Department of Health and Human Services for purposes of determining Systems Design West, LLC and the City of Ukiah's compliance with HIPAA and the HITECH Act; 10. Restrict the use or disclosure of PHI if the City of Ukiah notifies Systems Design West, LLC of any restriction on the use or disclosure of PHI that the City of Ukiah has agreed to or is required to abide by under 45 CFR §164.522; and 11. If the City of Ukiah is subject to the Red Flags Rule (found at 16 CFR §681.1 et seq.), Systems Design West, LLC agrees to assist the City of Ukiah in complying with its Red Flags Rule obligations by: (a) implementing policies and procedures to detect relevant Red Flags (as defined under 16 CFR §681.2); (b) taking all steps necessary to comply with the policies and procedures of the City of Ukiah's Identity Theft Prevention Program; (c) ensuring that any agent or third party who performs services on its behalf in connection with covered accounts of the City of Ukiah agrees to implement reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft; and (d) alerting the City of Ukiah of any Red Flag incident (as defined by the Red Flag Rules) of which it becomes aware, the steps it has taken to mitigate any potential harm that may have occurred, and provide a report to the City of Ukiah of any threat of identity theft as a result of the incident. 12. Comply with all current rules and regulations pertaining to the OIG Compliance Program for ambulance suppliers and special bulletin regarding LEIE recommended screening of employees and any subcontractors. C. Permitted Uses and Disclosures by Business Associate The specific uses and disclosures of PHI that may be made by Systems Design West, LLC on behalf of the City of Ukiah include: 1. The preparation of invoices to patients, carriers, insurers and others responsible for payment or reimbursement of the services provided by the City of Ukiah to its patients; 2. Preparation of reminder notices and documents pertaining to collections of overdue accounts; 3. The submission of supporting documentation to carriers, insurers and other payers to substantiate the healthcare services provided by the City of Ukiah to its patients or to appeal denials of payment for the same; and 4. Other uses or disclosures of PHI as permitted by HIPAA necessary to perform the services that Systems Design West, LLC has been engaged to perform on behalf of the City of Ukiah. D. Termination 1. The City of Ukiah may terminate this Agreement if the City of Ukiah determines that Systems Design West, LLC has violated a material term of this Agreement. 2. If either party knows of a pattern of activity or practice of the other party that constitutes a material breach or violation of the other party's obligations under this Agreement, that party shall take reasonable steps to cure the breach or end the violation, as applicable, and, if such steps are unsuccessful, terminate the Agreement if feasible. 3. Upon termination of this Agreement for any reason, Systems Design West, LLC shall return to the City of Ukiah or destroy all PHI received from the City of Ukiah, or created, maintained, or received by Systems Design West, LLC on behalf of the City of Ukiah that Systems Design West, LLC still maintains in any form. Systems Design West, LLC shall retain no copies of the PHI. If return or destruction is infeasible, the protections of this Agreement will extend to such PHI. Systems Design West, LLC Signature: Title: CE• Agreed to this `2 day of TA -Ai t A R' , .10 Ze Date: 1/7/2020 City of Ukiah Signature: Title: CITY MANAGER Date: