.(herein known as “Associate”) to set forth the
expectations and agreement of the parties regarding access to, use or disclosure of Protected Health Information
(“PHI”). For purposes of this Agreement, the term PHI shall be defined consistent with the Health Insurance
Portability and Accountability Act of 1996 (HIPAA) and Regulations enacted there under
by the U.S. Department of Health and Human Services and shall include PHI in any form, whether received
incidentally from Agency or created by Associate using PHI maintained, use or disclosed by Agency.
1. Agency and Associate hereby agree that Associate shall not access PHI maintained, used or disclosed
by Agency, except to the extent PHI is indirectly or incidentally disclosed by Agency to Associate as a byproduct of Agency’s use of PHI or disclosure of PHI to a third party.
2. Associate hereby agrees that Associate and its employees and agents will not at any time or in any
manner, directly or indirectly, access, use, or disclose any PHI for Associate's or its employees’ or agents’
own benefit, or divulge, disclose or communicate in any manner any such PHI to any third party without
the prior written consent of Agency.
3. Associate will implement measures to reduce incidental access to and protect the confidentiality and
integrity of PHI maintained, used or disclosed by Agency.
4. Associate assumes responsibility and liability if PHI is inappropriately accessed, used, or disclosed by
Associate, its employees or agents or as a result of the acts of omissions of Associate, its employees or
agents. Associate shall ensure that all members of its workforce understand and agree to Associate’s
obligations under this Agreement and the consequences for violation of such obligations.
5. Associate shall take appropriate disciplinary action against any member of its workforce who uses or
discloses PHI in violations of this Agreement and applicable law.
6. This Agreement shall commence upon Associate’s provision of services to, or performance of any
function or activity on behalf of, Agency, and the obligations herein shall continue in effect so long as
Associate provides or performs such services.
7. Associate agrees to use appropriate safeguards to prevent access, use or disclosure of PHI not permitted
by this Agreement or applicable law.
8. Agency may amend this Agreement by providing ten (10) days prior written notice to Associate in order to
maintain compliance with State or Federal law. Such amendment shall be binding upon Associate at the
end of the ten (10) day period and shall not require the consent of Associate. Agency and Associate may
otherwise amend this Agreement by mutual written agreement.
9. Associate shall, to the fullest extent permitted by law, protect, defend, indemnify and hold harmless
Agency and his/her respective employees, directors, and agents (“Indemnities”) from and against any and
all losses, costs, claims, penalties, fines, demands, liabilities, legal actions, judgments, and expenses of
every kind (including reasonable attorney fees, including at trial and on appeal) asserted or imposed
against any Indemnities arising out of the acts or omissions of Associate or any SubAssociate of or
consultant of Associate or any of Associate’s employees, directors, or agents related to the performance
or nonperformance of this Agreement.
10. Associate and Agency understand and agree that this Agreement governs Associate’s access to, use and
disclosure of PHI maintained, used or disclosed by Agency for so long as Associate provides services to,
or performs services on behalf of, Agency. This Agreement is not intended and shall not be construed or
interpreted to create an enforceable commitment or obligation for Agency to purchase or receive such
services from Associate or otherwise compensate Associate for such services