Terms & Conditions for Blue Assist
- The Doctor is engaged in the provision of professional dental and orthodontic services (the “Practice”) and the Doctor and Doctor’s professional clinical staff (the “Clinical Professionals”) hold all licenses and permits necessary to engage in the Practice in the state in which the professional dental and orthodontic services are rendered (the “Applicable State”).
- The Doctor desires to engage Clear Blue Smiles, Inc. (“CBS”) to provide services relative to consulting and expert advice regarding clear aligner treatment of Doctor’s patient(s).
The Parties hereby agree as follows:
ENGAGEMENT AND AUTHORITY
1.1 Engagement of CBS. On the terms and subject to the conditions contained in this Agreement, the Doctor hereby engages CBS, and CBS hereby accepts engagement by the Doctor, to provide and/or arrange for the provision of the Business Services described in Exhibit A. The Doctor expressly acknowledges that CBS may subcontract with third-parties for the performance of certain Business Services.
1.2 Relationship of Parties. In performing their respective duties and obligations under this Agreement, the Parties are independent contractors. The Parties will not be deemed to be joint venturers, partners or employees of each other. For the avoidance of doubt, the Parties agree that at all times relevant and pursuant to the terms and conditions of this Agreement, the Clinical Professionals are and will be construed to be practicing their professions independently and shall not be deemed or construed to be agents, servants, or employees of CBS.
1.3 Conduct of Professional Practice. The Doctor will solely and exclusively control the provision of professional clinical services, and CBS will neither have nor exercise any control or discretion over the methods by which the Clinical Professionals render professional clinical services. Nothing in this Agreement will be construed to alter or otherwise affect the legal, ethical or professional relationships between and among the Doctor, the Clinical Professionals and their patients, nor does anything in this Agreement abrogate any right, privilege or obligation arising from or related to the physician-patient relationship.
2.1 General Authority.
(a) Except as prohibited by any applicable federal, state, local, municipal, foreign, international, multinational or other constitution, statute, law, rule, regulation, ordinance, code, principle of common law or treaty (“Law”) regarding the practice of dentistry and subject to the limitations set forth in this Agreement, CBS will provide or arrange for the provision of the non-clinical services set forth in Exhibit A (the “Business Services”). Notwithstanding the foregoing, CBS will not provide any service that would constitute the clinical practice of dentistry or the provision of professional dental services.
(b) CBS will provide or cause to be provided, the Business Services consistent with good business practice and in compliance with all applicable Laws, including, but not limited to, the standards, rules and regulations of the United States Department of Health and Human Services and any other federal, state or local government agency or third-party payor exercising authority with respect to, accrediting, or providing reimbursement for, the Doctor or the Practice, including without limitation the Health Insurance Portability and Accountability Act of 1996 and regulations promulgated thereunder (“HIPAA”) and the security provisions of the American Recovery and Reinvestment Act of 2009, also known as the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) and Massachusetts Data Security regulations, 201 C.M.R. 17.00.
2.2 Services CBS May Not Provide. CBS shall not provide any of the following services to the Doctor:
- assigning or designating specific clinical providers to treat specific patients,
- assuming responsibility for the care of patients,
- engaging in any activity that constitutes the practice of dentistry or that would subject CBS to professional or facility licensure requirements under applicable licensure Laws, or
- providing the Doctor with any inducement or remuneration in exchange for recommending to patients any services provided by CBS through any of its programs.
2.4 Dental Records. The Doctor shall maintain a dental record for each patient in such form and containing such information as is required by relevant jurisdictional law or regulation, applicable standards of care, the specific requirements of third party payors and CBS policies. The parties shall keep all patient records and other personal health information confidential and secure in accordance with all HIPAA. The parties shall enter into a Business Associate Agreement in the form attached hereto as Exhibit C.
3.1 Duty to Cooperate. The Parties acknowledge that mutual cooperation is critical to the performance of their respective duties and obligations under this Agreement.
3.2 Clinical Professionals. The Doctor will employ or engage all Clinical Professionals necessary to conduct, manage and operate in a proper and efficient manner the Practice. The Doctor shall ensure that each Clinical Professional maintains: (i) an unrestricted license to practice his or her specialty in the Applicable State; and (ii) good standing with the applicable professional board of the Applicable State.
3.3 Regulatory Matters. The Clinical Professionals will be free, in their sole discretion, to exercise their professional clinical judgment in the course of treating patients, and nothing in this Agreement permits CBS to affect or influence the professional clinical judgment of any Clinical Professional. To the extent that any act or service required or permitted of CBS under any provision of this Agreement is deemed to constitute the practice of dentistry, the ownership or control of a dental practice of the operation of a clinic, such provision of this Agreement will be void ab initio and the performance of such act or service by CBS will be deemed waived by the Doctor and the function will be performed by the Doctor.
COMPENSATION OF CBS
(a) As consideration for the Business Services provided by CBS to the Doctor pursuant to this Agreement, the Doctor shall pay CBS $249 per hour as a consultation fee and in compensation for the time of the CBS doctor.
(b) The Parties have determined the Business Services Fee to be equal to the fair market value of the Business Services, without consideration of the proximity of the Doctor to any referral sources or the volume or value of any referrals from CBS or any of its Affiliates to the Doctor or from the Doctor to CBS or any of its Affiliates, that is reimbursed under any government or private health care payment or insurance program.
(c) Payment of the Business Services Fee is not conditioned upon a requirement that the Doctor make referrals to, be in a position to make or influence referrals to, or otherwise generate business for CBS or any of its Affiliates or a requirement that CBS or any of its Affiliates make referrals to, be in a position to make or influence referrals to, or otherwise generate business for the Doctor. The Business Services Fee does not include any discount, rebate, kickback or other reduction in charge.
TERM AND TERMINATION
5.1 Initial Term; Automatic Renewals. The initial term of this Agreement commences on the effective date of this Agreement and terminates at the end of the consultation services provided by CBS, or otherwise as indicated immediately below.
5.2 Termination. This Agreement may be terminated by
(a) by mutual agreement of the Parties,
(b) by the Doctor immediately and without written notice if CBS breaches any material provision of this Agreement and fails to cure such breach within ten (10) calendar days after receiving written notice from the Doctor describing in reasonable detail the nature of the breach, or
(c) by CBS immediately and without notice upon (i) the Doctor’s breach of this Agreement and failure to cure such breach within ten (10) calendar days after receiving written notice from CBS describing in reasonable detail the nature of the breach; (ii) the suspension, revocation, surrender or termination of the Doctor’s license to practice dentistry in the State; (iii) the Doctor’s failure, at Doctor’s expense, to maintain professional liability insurance, which shall include an extended reporting endorsement (so called “tail coverage”) for claims made after the termination of this Agreement, but which arise from occurrences during the Term of this Agreement, covering the Doctor for the Doctor’s acts or omissions, with coverage limits of at least $1 Million U.S. Dollars per occurrence and $3 Million U. S. Dollars annual aggregate naming CBS as an additional insured; (iv) Doctor’s engagement in conduct that, as determined by CBS in its sole discretion, could cause material harm to the reputation and standing of CBS or that could materially impair the Doctor’s ability to perform and discharge the Doctor’s duties under this Agreement; or (v) the Doctor’s failure to exercise due care in the practice of dentistry or in the discharge of any of the Doctor’s duties.
5.3 Effect of Expiration or Termination. Promptly (but in any event within ten (10) calendar days) after the expiration or termination of this Agreement, the Doctor will, and will cause its Affiliates, directors, managers, officers, equity holders, employees, agents, successors and permitted assigns to, either return to CBS or destroy, delete or erase all written, electronic or other tangible forms of Confidential Information as required under Section 6.2.
6.1 Practice of Dentistry. Nothing in this Agreement will be interpreted as prohibiting the Doctor or any Clinical Professional from (a) obtaining or maintaining membership on the dental staff of any hospital or health care provider, (b) obtaining or maintaining clinical privileges at any hospital or health care provider, or (c) referring patients to any hospital or health care provider. Further, nothing in this Agreement will be interpreted as CBS interfering with the Clinical Professionals’ dental judgement or doctor-patient relationships.
6.2 Force Majeure. Neither Party will be liable for any failure or inability to perform, or delay in performing, such Party’s obligations under this Agreement if such failure, inability or delay arises from an extraordinary cause beyond the reasonable control of the non-performing Party; provided that such Party diligently and in good faith attempts to cure such non-performance as promptly as practicable.
6.3 Representations and Warranties. The Doctor represents and warrants to Business Services Company as follows:
(a) Organization. The Doctor is and during the term of this Agreement shall be organized and validly existing as a professional corporation or limited liability company, as applicable, and in good standing under the Laws of the Applicable State and has and will have the power and authority to own, operate and use its assets and engage in the practice of professional dental services in the Applicable State.
(b) Enforceability. The Doctor has the power and authority to execute, deliver and perform its obligations under this Agreement, each of which has been authorized by all necessary corporate action on the part of the Doctor. This Agreement has been executed and delivered by the Doctor and is a valid and binding obligation of the Doctor, enforceable against it in accordance with its terms, except as enforcement hereof may be limited by bankruptcy, insolvency, fraudulent conveyance, reorganization, moratorium and other similar Laws relating to or affecting the enforcement of creditors’ rights generally and general legal principles governing the availability of equitable remedies.
(c) No Conflicts. Neither the execution or delivery of this Agreement nor the performance by the Doctor of its obligations hereunder will: (i) breach, conflict with or constitute a default under any of the Doctor governing documents, or any material contract, lease, note or other agreement to which the Doctor is a party; (ii) result in the creation or imposition of liens in favor of any third person or entity; or (iii) violate any of the healthcare Laws or other applicable Law.
(d) CBS does not practice dentistry, orthodontics, or any other practice of medicine. Doctor is solely responsible for the selection and use of all clear aligner or other orthodontic products and software regardless of any input from CBS and regardless of the CBS doctor/consultant/employee assisting the Doctor. The final medical/dental/orthodontic decision remains at all times with the Doctor. Notwithstanding anything to the contrary contained in this Agreement, the Parties agree and understand that CBS is merely providing the Business Services for use by Doctor and that the Doctor is fully responsible for all professional obligations and decisions related to all patients, including, without limitation, the responsibility to obtain informed consent, diagnose the patient’s orthodontic needs and condition and to determine, prescribe, and administer the appropriate treatments required for the patient using Doctor’s professional judgment, skills, and training.
6.4 Notices. All notices and other communications required or permitted under this Agreement: (a) must be in writing, (b) will be duly given (i) when delivered personally to the recipient or sent to the recipient by facsimile (with delivery confirmation retained) or (ii) one Business Day after being sent to the recipient by nationally recognized overnight private carrier (charges prepaid) and (c) addressed as follows (as applicable):
If to the Doctor: notice will be transmitted to the email provided by doctor
If to CBS: Clear Blue Smiles, Inc. PO Box 407 St. Louis, MO 63040
or to such other respective address as each Party may designate by notice given in accordance with this Section 9.4.
6.5 Entire Agreement. This Agreement constitutes the complete agreement and understanding among the Parties regarding the subject matter of this Agreement and supersedes any prior understandings, agreements or representations regarding the subject matter of this Agreement.
6.6 Amendments. The Parties may amend this Agreement only pursuant to a written agreement executed by the Parties.
6.7 Non-Waiver. The Parties’ respective rights and remedies under this Agreement are cumulative and not alternative. Neither the failure nor any delay by any Party in exercising any right, power or privilege under this Agreement will operate as a waiver of such right, power or privilege, and no single or partial exercise of any such right, power or privilege will preclude any other or further exercise of such right, power or privilege or the exercise of any other right, power or privilege. No waiver will be effective unless it is in writing and signed by an authorized representative of the waiving Party. No waiver given will be applicable except in the specific instance for which it was given. No notice to or demand on a Party will constitute a waiver of any obligation of such Party or the right of the Party giving such notice or demand to take further action without notice or demand as provided in this Agreement.
6.8 Assignment. The Doctor may not assign this Agreement or any rights under this Agreement, or delegate any duties under this Agreement, without CBS’s prior written consent. CBS may freely assign this Agreement or any rights under this Agreement, or delegate any duties under this Agreement, upon written notice without the Doctor’s consent.
6.9 Binding Effect; Benefit. This Agreement will inure to the benefit of and bind the Parties and their respective successors and permitted assigns. Nothing in this Agreement, express or implied, may be construed to give any Person other than the Parties and their respective successors and permitted assigns any right, remedy, claim, obligation or liability arising from or related to this Agreement. This Agreement and all of its provisions and conditions are for the sole and exclusive benefit of the Parties and their respective successors and permitted assigns.
6.10 Severability. If any court of competent jurisdiction holds any provision of this Agreement invalid or unenforceable, then the other provisions of this Agreement will remain in full force and effect. Any provision of this Agreement held invalid or unenforceable only in part or degree will remain in full force and effect to the extent not held invalid or unenforceable. If any court of competent jurisdiction holds the geographic or temporal scope of any restrictive covenant contained in Article VI invalid or unenforceable, then such restrictive covenant will be construed as a series of parallel restrictive covenants and the geographic or temporal scope of each such restrictive covenant will be deemed modified (including by application of any “blue pencil” doctrine under applicable Law) to the minimum extent necessary to render such restrictive covenant valid and enforceable.
6.11 References. The headings of Sections are provided for convenience only and will not affect the construction or interpretation of this Agreement. Unless otherwise provided, references to “Section(s)” and “Exhibit(s)” refer to the corresponding section(s) and exhibit(s) of this Agreement. Reference to a statute refers to the statute, any amendments or successor legislation and all rules and regulations promulgated under or implementing the statute, as in effect at the relevant time. Reference to a contract, instrument or other document as of a given date means the contract, instrument or other document as amended, supplemented and modified from time to time through such date.
6.12 Construction. Each Party participated in the negotiation and drafting of this Agreement, assisted by such legal counsel as it desired, and contributed to its revisions. Any ambiguities with respect to any provision of this Agreement will be construed fairly as to both Parties and not in favor of or against either Party. All pronouns and any variation thereof will be construed to refer to such gender and number as the identity of the subject may require. The terms “include” and “including” indicate examples of a predicate word or clause and not a limitation on that word or clause.
6.13 Governing Law. THIS AGREEMENT IS GOVERNED BY THE LAWS OF THE STATE OF DELAWARE, WITHOUT REGARD TO CONFLICT OF LAWS PRINCIPLES.
6.14 Each Party hereby (i) waives personal service of any and process upon it and (ii) consents that all services of process be made by registered or certified mail (postage prepaid, return receipt requested) directed to it at its address stated in Section 9.4 and service so made will be complete when received. Nothing in this Section 9.14 will affect the rights of the Parties to serve legal process in any other manner permitted by applicable Law.
6.15 Waiver of Trial by Jury. EACH PARTY HEREBY WAIVES ITS RIGHT TO A JURY TRIAL IN CONNECTION WITH ANY SUIT, ACTION OR PROCEEDING IN CONNECTION WITH ANY MATTER RELATING TO THIS AGREEMENT.
6.16 Counterparts. The Parties may execute this Agreement in multiple counterparts, each of which will constitute an original and all of which, when taken together, will constitute one and the same agreement. The Parties may deliver executed signature pages to this Agreement by facsimile or e-mail transmission. Neither Party may raise as a defense to the formation or enforceability of this Agreement, and each Party forever waives any such defense, either (a) the use of a facsimile or email transmission to deliver a signature or (b) the fact that any signature was signed and subsequently transmitted by facsimile or email transmission.
CBS will provide the Business Services in consultation with the Doctor. The Business Services include one (1) hour of comprehensive consultation services regarding clear aligner treatment of Doctor’s patient(s), including treatment planning advice and all other relevant and useful information as may be deemed necessary and appropriate.
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (“Agreement”) is effective as of Sept 1, 2022 and is by and between __________________ (“Covered Entity”) and Clear Blue Smiles LLC (“Business Associate”).
A. Covered Entity and Business Associate are parties to an agreement or arrangement pursuant to which Business Associate performs certain services for Covered Entity.
B. In connection with the performance of its services, Business Associate may receive from, or create or receive on behalf of Covered Entity health information that is considered PHI (as defined below).
C. To the extent that such PHI is shared between the parties, this Agreement shall apply and shall set forth the party’s obligations with respect to such PHI.
D. The provisions of this Agreement shall become binding on the parties beginning on the date on which PHI is first shared between the parties and shall terminate in accordance with the terms of this Agreement.
NOW, THEREFORE, in consideration of the mutual covenants and agreements contained herein, the parties agree as follows:
Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Rules (as defined below), the HITECH Standards (as defined below) or any future regulations promulgated or guidance issued by the Secretary (as defined below) thereunder. (i) Breach. “Breach” shall have the same meaning as the term “breach” at 45 C.F.R. § 164.402.
(ii) Designated Record Set. “Designated Record Set” shall mean a group of records maintained by or for a covered entity that is:
– The Medical Records & Billing Records of a patient/individuals for a Covered Entity.
– Enrollment, payment, claims adjudication, and case or medical management records systems maintained by a Health Plan.
– Used by the covered entity to make decisions about patients/ individuals, in whole or in part.
The term “record” refers to any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity.
(iii) Electronic Health Record. “Electronic Health Record” shall mean an electronic record of health-related information on an Individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff.
(iv) Electronic PHI. “Electronic PHI” shall have the same meaning as the term “electronic PHI” at 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
(v) HIPAA. “HIPAA” shall mean the Health Insurance Portability and Accountability Act of 1996, as amended, and the implementation regulations thereunder, including without limitation the HIPAA Rules (as defined below) and the HITECH Standards (as defined below), and all future regulations promulgated thereunder.
(vi) HIPAA Rules. “HIPAA Rules” means the Privacy Rule (as defined below) and the Security Rule (as defined below).
(vii) HITECH Standards. “HITECH Standards” means Subtitle D of the Health Information Technology for Economic and Clinical Health Act (“HITECH”), found at Title XIII of the American Recovery and Reinvestment Act of 2009, and any regulations promulgated thereunder, including all amendments to the HIPAA Rules.
(viii) Individual. “Individual” shall have the same meaning as the term “individual” at 45 C.F.R. § 160.103, and any amendments thereto, and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
(ix) Privacy Rule. “Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164.
(x) Protected Health Information. “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” at 45 C.F.R. § 160.103, and any amendments thereto, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
(xi) Required By Law. “Required By Law” shall have the same meaning as the term “required by law” at 45 C.F.R. § 164.103.
(xii) Secretary. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his/her designee.
(xiii) Security Incident. “Security Incident” shall have the same meaning as the term “security incident” at 45 C.F.R. § 164.304.
(xiv) Security Rule. “Security Rule” shall mean the Security Standards for the Protection of Electronic PHI at 45 C.F.R. Parts 160, 162, and 164.
(xv) Unsecured PHI. “Unsecured PHI” shall have the same meaning as the term “unsecured protected health information” at 45 C.F.R. § 164.402.
2. Relationship of Parties
In the performance of the work, duties and obligations described in this Agreement or under any other agreement between the parties, the parties acknowledge and agree that each party is at all times acting and performing as an independent contractor and at no time shall the relationship between the parties be construed as a partnership, joint venture, employment, principal/agent relationship, or master/servant relationship.
3. Ownership of PHI
Business Associate acknowledges that all right, title and interest in and to any PHI furnished to Business Associate vests solely and exclusively with Covered Entity or the Individual to whom such PHI relates.
4. Obligations and Activities of Business Associate
(i) Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement, any underlying agreement between the parties, or as Required By Law.
(ii) Business Associate will make reasonable efforts, to the extent practicable, to limit requests for and the use and disclosure of PHI to a Limited Data Set (as defined in 45 C.F.R. § 164.514(e)(2)) or, if needed by Business Associate, to the minimum necessary PHI to accomplish the intended purpose of such use, disclosure or request, and as applicable, in accordance with the regulations and guidance issued by the Secretary on what constitutes the minimum necessary for Business Associate to perform its obligations to Covered Entity under this Agreement, any underlying agreement, or as Required By Law.
(iii) Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by this Agreement.
(iv) Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity. Business Associate shall comply with the applicable requirements of the Security Rule in the same manner such provisions apply to Covered Entity.
(v) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement.
(vi) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which it becomes aware. To the extent that Business Associate creates, receives, maintains or transmits Electronic PHI, Business Associate agrees to report as soon as practicable to Covered Entity any Security Incident, as determined by Business Associate, involving PHI of which Business Associate becomes aware. Notwithstanding the foregoing, Business Associate and Covered Entity acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and Covered Entity acknowledges and agrees that no additional notification to Covered Entity of such unsuccessful Security Incidents is required. However, to the extent that Business Associate becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, Business Associate shall notify Covered Entity of these attempts and provide the name, if available, of said party. At the request of Covered Entity, Business Associate shall identify the date of the Security Incident, the scope of the Security Incident, Business Associate’s response to the Security Incident, and the identification of the party responsible for causing the Security Incident, if known.
(vii) Following Business Associate’s discovery of a Breach of Unsecured PHI, Business Associate shall notify Covered Entity of the Breach without unreasonable delay, and in no event later than three (3) business days after Business Associate, or any of its employees or agents, discovered the Breach. Such notification shall include, to the extent possible, the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, or disclosed during the Breach and any other information available to Business Associate about the Breach which is required to be included in the notification of the Breach provided to the Individual in accordance with 45 C.F.R. §164.404(c). A Breach of Unsecured PHI shall be treated as discovered as of the first day on which such Breach is known to Business Associate or should have been known to Business Associate by exercising reasonable diligence. If Business Associate (or one of its subcontractors, vendors or agents) is responsible for a Breach of Unsecured PHI, Covered Entity may, at its option, require Business
Associate to provide any of the notifications required by 45 C.F.R. § 164.404 at Business Associate’s expense.
(viii) In accordance with 45 C.F.R. §§ 164.308(b)(2) and 164.502(e)(1)(ii), Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree in writing to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. Moreover, Business Associate agrees to ensure any such agent or subcontractor agrees to implement reasonable and appropriate safeguards to protect Covered Entity’s Electronic PHI.
(ix) Business Associate shall provide access, at the request of Covered Entity, and in a time and manner mutually acceptable to Business Associate and Covered Entity, to PHI in a Designated Record Set to Covered Entity, or, as directed by Covered Entity, to an Individual or another person properly designated by the Individual, in order to meet the requirements under 45 C.F.R. § 164.524. If Business Associate maintains PHI electronically in a Designated Record Set and if the Individual requests an electronic copy of such information, Business Associate must provide Covered Entity, or the Individual or person properly designated by the Individual, as directed by Covered Entity, access to the PHI in the electronic form and format requested by the Individual, if it is readily producible in such form and format; or, if not, in a readable electronic form and format as agreed to by Covered Entity and the Individual. Any fee that Business Associate may charge for such electronic copy shall not be greater than Business Associate’s labor and supply costs in responding to the request.
(x) Business Associate agrees to make any amendment(s) to PHI in its possession contained in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of Covered Entity or an Individual, and in a time and manner mutually acceptable to Business Associate and Covered Entity.
(xi) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. As of the compliance date set forth in the regulations promulgated under HITECH or as otherwise determined by the Secretary, in addition to the accounting of disclosure obligations required under 45 C.F.R. § 164.528, Business Associate shall account for all disclosures of PHI made through an Electronic Health Record in accordance with the HITECH Standards and any future regulations promulgated thereunder.
(xii) Within ten (10) business days (or such other date that Business Associate and Covered Entity may reasonably agree upon) of receiving written notice from Covered Entity that Covered Entity has received a request for an accounting of disclosures of PHI, Business Associate agrees to provide to Covered Entity information collected to permit Covered Entity to make the accounting required in accordance with 45 C.F.R. § 164.528.
(xiii) Business Associate shall make its internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity, available to the Secretary for purposes of determining Covered Entity’s or Business Associate’s compliance with the Privacy Rule.
(xiv) To the extent Business Associate is to carry out Covered Entity’s obligations under the Privacy Rule, Business Associate shall comply with the requirements of the Privacy Rule that apply to Covered Entity in the performance of such delegated obligation.
5. General Use and Disclosure Provisions
Except as otherwise limited in this Agreement: (i) Business Associate reserves the right to use PHI for the proper management and administration of Business Associate, to carry out the legal responsibilities of Business Associate, and to provide data aggregation services to Covered Entity.
(ii) Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity.
(iii) Business Associate may disclose PHI in its possession for the proper management and administration of Business Associate, provided that disclosures are Required by Law, or Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that such PHI will be held confidentially and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the third party, and the third party notifies Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached.
6. Indemnification, Settlement and Procedure
Notwithstanding any agreement by the Parties to the contrary, Business Associate shall indemnify and hold harmless Covered Entity and its directors, officers, affiliates, agents, volunteers, trustees or employees from and against any claim, cause of action, liability, damage, cost or expense, including attorney’s fees and court or proceeding costs, arising out of or in connection with Business Associate’s material breach of its obligations under this Agreement, as well as any violation of or failure of Business Associate to fulfill its obligation under HIPAA, including the unauthorized use or disclosure of PHI, or any failure in security measures affecting PHI by the Business Associate, its subcontractors, vendors or agents, or any person or entity under the Business Associate’s control. The Business Associate’s obligation to indemnify Covered Entity in accordance with this Section will survive expiration or termination of this Agreement. Covered Entity may, at its option, conduct its defense or settlement of any such action arising as described herein, and Business Associate shall cooperate with such defense and settlement.
7. Term and Termination
(i) Term. The term of this Agreement shall commence on the Effective Date, and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is not feasible to return or destroy the PHI, protections are extended to such information, in accordance with the termination provisions in this Section.
(ii) Termination for Cause. Upon Covered Entity’s knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall either:
(1) Provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Agreement if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity; or
(2) Immediately terminate this Agreement if Business Associate has breached a material term of this Agreement and cure is not possible.
Business Associate shall ensure that it maintains the termination rights in this Section in any agreement it enters into with a subcontractor pursuant to Section 4(h) hereof. (iii) Effect of Termination.
(1) Except as provided in paragraph (ii) of this Section, upon termination of this Agreement, for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall not retain copies of the PHI.
(2) In the event that Business Associate determines that returning or destroying the PHI is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction not feasible. Upon determination that return or destruction of PHI is not feasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction not feasible, for so long as Business Associate maintains such PHI.
(i) Regulatory References. A reference in this Agreement to a section in the Privacy Rule or the Security Rule means the section as in effect or as amended and for which compliance is required.
(ii) Amendment. No change, amendment, or modification of this Agreement shall be valid unless set forth in writing and agreed to by both parties. Notwithstanding the foregoing, the parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of this Agreement may be required to ensure compliance with such developments. The parties specifically agree to take such action as may be necessary from time to time for the parties to comply with the requirements of HIPAA. Covered Entity shall provide written notice to Business Associate to the extent that any final regulation or amendment to final regulations promulgated by the Secretary under HITECH requires an amendment to this Agreement to comply with HIPAA. The parties agree to negotiate an amendment to the Agreement in good faith; however, either party may terminate this Agreement upon ninety (90) days written notice to the other party if the parties are unable to reach an agreement.
(iii) Survival. The respective rights and obligations of Business Associate under Section 7 of this Agreement shall survive the termination of this Agreement, unless expressly stated otherwise.
(iv) Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity and Business Associate to comply with HIPAA.
(v) Notice. Any notice, report or other communication required under this Agreement shall be in writing and shall be delivered personally, telegraphed, emailed, sent by facsimile transmission, or sent by U.S. mail.
(vi) Governing Law. The rights, duties and obligations of the parties to this Agreement and the validity, interpretation, performance and legal effect of this Agreement shall be governed and determined by applicable federal law with respect to the Privacy Rule and the Security Rule and otherwise by the laws of Missouri.
(vii) Counterparts. This Agreement may be executed in one or more original counterparts and will become operative when each party has executed and delivered at least one counterpart. Each original counterpart will be deemed to be an original for all purposes, and all counterparts will together constitute one instrument.
(viii) Signatures. This Agreement may be signed electronically and delivered by email, facsimile or similar transmission, and an email, facsimile or similar transmission evidencing execution, including PDF copies of executed counterparts, will be effective as a valid and binding agreement between the Parties for all purposes.
IN WITNESS THEREOF, each party has caused this Agreement to be executed by its duly authorized representative.