Pride Mobility Products Corp.
Pride Mobility Products Corp. Pride Provider (Login Required) Search the Pride Mobility Products Website Find where to buy Pride Mobility Products Facebook YouTube Pride Mobility Products Corp. Pride Provider (Login Required) Search the Pride Mobility Products Website Facebook YouTube

This document must be completed by an officer or authorized employee of the covered entity. The electronic record of the received document is considered the signed authorization.

BUSINESS ASSOCIATE AGREEMENT

All fields (RED BOXES) required.

This Business Associate Agreement ("Agreement"), is entered into by and between Pride Mobility Products Corporation ("Business Associate") and (the "Covered Entity") (each a "Party" and collectively the "Parties"), and is made a part of that certain service agreement or service agreements between the Parties (the "Service Agreement") pursuant to which Business Associate creates, receives, maintains or transmits Protected Health Information (as defined in this Agreement) ("PHI").

NOW, THEREFORE, for good and valuable consideration, the sufficiency of which we hereby acknowledge, the Parties agree as follows:

  1. DEFINITIONS:

    1. Terms used but not otherwise defined in this Agreement shall have the same meaning as the meaning ascribed to those terms in the Health Information Portability and Accountability Act of 1996, as codified at 42 U.S.C. §1320d ("HIPAA"), the Health Information Technology Act of 2009, as codified at 42 U.S.C.A. prec. §17901 ("HITECH Act"), and any current and future regulations promulgated under HIPAA or the HITECH Act, including, without limitation, the HIPAA Final Omnibus Rule issues by the U.S. Department of Health & Human Services published in the Federal Register January 25, 2013 (78 F.R. 5565 et. seq.) (HIPAA, HITECH Act, the Omnibus Rule and any other current and future regulations promulgated under either are referred to as the "Regulations").

    2. Protected Health Information or PHI. "Protected Health Information" or "PHI" shall have the same meaning as the term "Protected Health Information" in 45 CFR §160.103, limited to the information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity, including, but not limited to electronic PHI.

    3. Business Associate shall generally have the same meaning as the term "business associate" as set forth at 45 CFR §160.103 and for the purposes of this Agreement shall mean Pride Mobility Products Corporation. Covered Entity shall generally have the same meaning as the term "covered entity" as set forth at 45 CFR §160.103 and for the purposes of this Agreement shall mean .

    4. Service Agreement refers to that agreement or agreements, whether for a term or for a specific undertaking, and otherwise legally permissible in connection with which Business Associate may create, receive, maintain or transmit PHI in order to perform its obligations as set forth in the Service Agreement or otherwise to carry out and/or fulfill its legal responsibilities or as required by law and as more particularly identified herein.


  2. OBLIGATIONS OF BUSINESS ASSOCIATE

  3. In order that Covered Entity and Business Associate may achieve and maintain compliance with the requirements of HIPAA, Business Associate agrees:

    1. To only use and disclose PHI as permitted by this Agreement or as required by law. Business Associate may (1) use and disclose PHI to perform its obligations as set forth in the Service Agreement; (2) use PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities; (3) disclose PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities, if such disclosure is required by law or if Business Associate obtains reasonable assurances from the recipient that the recipient will keep the PHI confidential, use or further disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient, and notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (4) use PHI to provide data aggregation services relating to the health care operations of Covered Entity; (5) use or disclose PHI to report violations of the law to law enforcement; and (6) use PHI to create de-identified information consistent with the standards set forth at 45 CFR §164.514. Business Associate will not sell PHI or use or disclose PHI for purposes of marketing, as defined and proscribed in the Regulations.

    2. To limit its uses and disclosures of, and requests for, PHI (a) when practical, to the information making up a Limited Data Set; and (b) in all other cases subject to the requirements of 45 CFR §164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request.

    3. To use appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of the PHI, however maintained, including without limitation, electronic PHI, in compliance with sub-part C of 45 CFR Part 164 and to prevent use or disclosure of PHI other than as provided for by this Agreement.

    4. To report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected PHI as required at 45 CFR §164.410 and any Security Incident of which it becomes aware.

    5. To use appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of the PHI in compliance with the Regulations.

    6. In accordance with 45 CFR §164.502(e)(1)(ii) and §164.308(b)(2), to require all of its subcontractors and agents that receive, use or have access to PHI to agree, in writing, to adhere to the same restrictions and conditions on the use or disclosure of PHI that apply to the Business Associate pursuant to this Agreement.

    7. Upon reasonable notice and prior written request, to make available during normal business hours at Business Associate's offices all records, books, agreements, internal practices, policies and procedures relating to the use or disclosure of PHI to the Secretary, in a time and manner designated by the Secretary, for purposes of determining the Covered Entity's compliance with the Regulations, subject to attorney-client and other applicable legal privileges.

    8. To provide documentation regarding any disclosures by Business Associate that would have to be included in an accounting of disclosures to an individual under 45 CFR §164.528 (including without limitation a disclosure permitted under 45 CFR §164.512) and the HITECH Act, within a reasonable amount of time of receipt of a request from Covered Entity.

    9. To make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity's obligations under 45 CFR §164.524.

    10. If, and to the extent that Business Associate possesses an applicable Designated Record Set, within a reasonable amount of time of receipt of a request from the Covered Entity for the amendment of an individual's PHI contained in the Designated Record Set, Business Associate shall provide such information to the Covered Entity for amendment and shall also incorporate any such amendments in the PHI maintained by Business Associate as required by 45 CFR §164.526.

    11. To maintain and make available information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity's obligations under 45 CFR §164.528. (If records are maintained in electronic format, Business Associate will account for all disclosures for at least a three year period.)

    12. To the extent the Business Associate is to carry out one or more of Covered Entity's obligations under sub-part E of 45 CFR Part 164, comply with the requirements of sub-part E that apply to the Covered Entity and the performance of such obligations.

    13. Subject to Section III.C.2. of this Agreement, return to the Covered Entity or destroy, within thirty (30) days of the termination of this Agreement, any and all PHI in its possession and retain no copies (which for purposes of this Agreement shall include without limitation destroying all backup tapes and permanently deleting all electronic PHI).

    14. To mitigate, to the extent practicable, any harmful effects from any use or disclosure of PHI by Business Associate not permitted by this Agreement.

    15. To abide by the requirements not to disclose data to insurers and other health plans if the patient pays for the service in full and requests confidentiality.

    16. Business Associate agrees to notify the designated Privacy Official of the Covered Entity of any use or disclosure of PHI by Business Associate not permitted by this Agreement, any Security Incident involving electronic PHI, and any Breach of Unsecured Protected Health Information within five (5) business days.

      1. Business Associate shall provide the following information to Covered Entity within ten (10) business days of discovery of a breach except when despite all reasonable efforts by Business Associate to obtain the information required, circumstances beyond the control of the Business Associate necessitate additional time. Under such circumstances Business Associate shall provide to Covered Entity the following information as soon as possible and without unreasonable delay, but in no event later than thirty (30) calendar days from the date of discovery of a breach:

        1. the date of the breach;
        2. the date of the discovery of the breach;
        3. a description of the types of unsecured PHI that were involved;
        4. identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired or disclosed; and
        5. any other details necessary to complete an assessment of the risk of harm to the individual.

      2. Covered Entity will be responsible to provide notification to individuals whose unsecured PHI has been disclosed, as well as the Secretary and the media, as required by Sec. 13402 of the HITECH Act, 42 U.S.C.A. § 17932;

      3. Business Associate agrees to pay actual costs for notification and of any associated mitigation incurred by Covered Entity, such as credit monitoring, if Covered Entity determines that the breach is significant enough to warrant such measures.

      4. Business Associate agrees to establish procedures to investigate the breach, mitigate losses and protect against any future breaches, and to provide a description of these procedures and the specific findings of the investigation to Covered Entity in the time and manner reasonably requested by Covered Entity.

      5. The Parties agree that this section satisfies any notices necessary by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to Covered Entity shall be required. For purposes of this Agreement, "Unsuccessful Security Incidents" include activity such as pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of electronic PHI.

  4. III. TERM AND TERMINATION:

    1. Term. This Agreement shall become effective on the date of execution of a Service Agreement, and shall terminate upon the termination or expiration of all Service Agreement(s). Notwithstanding the foregoing, obligations imposed on either party pursuant to applicable law, including, without limitation, the HITECH Act and Regulations, must be complied with only when the particular provisions referenced become effective or compliance becomes required, whichever is later.

    2. Termination for Cause. Either Party may immediately terminate this Agreement and the Service Agreement(s) if such Party makes the determination that the other Party has breached a material term of this Agreement. Alternatively, the terminating Party may choose to provide the other Party with thirty (30) days written notice of the existence of an alleged material breach and an opportunity to cure the breach. If termination is not feasible, the terminating Party shall report the breach to the Secretary.

    3. Effect of Termination.

      1. Upon termination or expiration of this Agreement, Business Associate agrees to return to Covered Entity or destroy all PHI in the possession of Business Associate and/or in the possession of any subcontractor or agent of Business Associate and to retain no copies of the PHI.

      2. In the event that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity a written statement that it is infeasible to return or destroy the PHI and describe the conditions that make return or destruction of the PHI infeasible. Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains the PHI.

  5. MISCELLANEOUS:

    1. Amendments. This Agreement may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the Parties. The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary to achieve and maintain compliance with the requirements of the Regulations.

    2. Regulatory References. Any reference herein to a federal regulatory section within the Code of Federal Regulations shall be a reference to such section as it may be subsequently updated, amended or modified.

    3. Interpretation. Any ambiguity in this Agreement shall be resolved to permit covered entities to comply with HIPAA.

    4. Notices. Any notices hereunder shall be in writing and addressed as follows:

      If to the Business Associate:

      Pride Mobility Products Corp
      182 Susquehanna Ave
      Exeter, PA 18643
      Attention: Compliance Officer

      If to Covered Entity:
      Company Name:
      Street Address:
      City: State: Zip
      Attention:

IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be executed by its duly authorized representative.

Pride Mobility Products Corp.

Date: 9/24/2016
 

By: Julie Piriano
Title: Compliance Officer


COVERED ENTITY

Date:
 

Name:
Title:
Company Name:
Company Account #:
Phone #:
E-Mail:

 By checking this box I agree to the terms and conditions of this agreement (electronic signature)

Pride Mobility Products Corp. © 1995-2016 Pride Mobility Products Corp. All rights reserved. (U.S.) 1-800-800-8586 - (Canada) 888-570-1113
Pride Mobility Products Corporation - Disclosure Statement Pursuant to Cal. Civ. Code 1714.43(a)