Laserfiche WebLink
Consolidated Agreement FYI Page 24 of 33 <br />NORTH CAROLINA <br />DEPARTMENT OF HEALTH AND HUMAN SERVICES <br />BUSINESS ASSOCIATE ADDENDUM TO CONSOLIDATED AGREEMENT <br />This Agreement is made effective July 1, 2017, by and between] Lee County Health Department ("Covered <br />Entity") and the North Carolina Department of Health and Human Services, Division of Public Health, <br />Administrative, Local, Community Support Section, Health Information System and Local Technical <br />Assistance and Training units ("Business Associate") (collectively the "Parties"). <br />1. BACKGROUND <br />a. Covered Entity and Business Associate are parties to a Memorandum of Understanding, entitled <br />"FY 2018 Consolidated Agreement" (the "MOU"), whereby Business Associate agrees to perform <br />certain services for or on behalf of Covered Entity. <br />b. Covered Entity is a local health department in the State of North Carolina that has been designated in <br />whole or in part by as a "covered entity" for purposes of the HIPAA Privacy Rule. <br />c. The relationship between Covered Entity and Business Associate is such that the Parties believe <br />Business Associate is or may be a "business associate" within the meaning of the HIPAA Privacy Rule. <br />d. The Parties enter into this Business Associate Addendum to the MOU with the intention of complying <br />with the HIPAA Privacy Rule provision that a covered entity may disclose protected health information <br />to a business associate, and may allow a business associate to create or receive protected heath <br />information on its behalf, if the covered entity obtains satisfactory assurances that the business associate <br />will appropriately safeguard the information. <br />2. DEFINITIONS <br />Unless some other meaning is clearly indicated by the context, the following terms shall have the following <br />meaning in this Agreement: <br />a. "Electronic Protected Health Information" shall have the same meaning as the term "electronic protected <br />health information" in 45 C.F.R. § 160.103. <br />b. "HIPAA" means the Administrative Simplification Provisions, Sections 261 through 264, of the federal <br />Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as modified and <br />amended by the Health Information Technology for Economic and Clinical Health ("HITECH") Act, <br />Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of <br />2009, Public Law 111-5. <br />c. "Individual" shall have the same meaning as the term "individual" in 45 C.F.R. § 160.103 and shall <br />include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g). <br />d. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at <br />45 C.F.R. Part 160 and Part 164. <br />e. "Protected Health Information" shall have the same meaning as the term "protected health information" <br />in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on <br />behalf of Covered Entity. <br />f. "Required By Law" shall have the same meaning as the term "required by law" in 45 C.F.R. § 164.103. <br />g. "Secretary" shall mean the Secretary of the United States Department of Health and Human Services or <br />the person to whom the authority involved has been delegated. <br />h. Unless otherwise defined in this Agreement, terms used herein shall have the same meaning as those <br />terms have in the Privacy Rule. <br />3. OBLIGATIONS OF BUSINESS ASSOCIATE <br />a. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or <br />required by this Agreement or as Required By Law. <br />