Laserfiche WebLink
b. Ensure that any agent or Subcontractor to whom it provides electronic PHI agrees to implement reasonable and appropriate safeguards to <br />protect electronic PHI. <br />10. Additional Requirements from the HITECH Act. Business Associate shall: <br />a. Comply with the HIPAA Rules in the same manner that a Covered Entity is required to comply in the performance of one or more of the <br />Plan's HIPAA obligations. <br />b. Refrain from directly or indirectly receiving remuneration in exchange for any PHI of an Individual unless specifically allowed by HIPAA, <br />c. Comply with the marketing limitations in HIPAA. <br />d. Comply with any required accounting of PHI disclosures as necessary to satisfy the Plan's obligations under the HIPAA Rules. <br />e. Notify the Plan of a Breach of Unsecured PHI, following the discovery of the Breach, without unreasonable delay and in no case later than <br />60 calendar days after discovery of the Breach. Breaches are treated as discovered on the first day on which the Breach is known to Business <br />Associate or, by exercising reasonable diligence, would have been known to Business Associate. The Plan agrees that all other Breach notifications <br />(including but not limited to disclosures to individuals, the Department of Health and Human Services and/or prominent media outlets) are the <br />responsibility of the Covered Entity, as specified in the HITECH Act. <br />D. Responsibilities of Agent of Employer <br />1. Scope of Responsibility. Infinisource performs the services set forth in Section D.2 on behalf of Employer as agent of Employer to assist Employer <br />with Employer's obligations related to the Plan. <br />2. Scope of Services. The following services are performed by Infinisource as Agent of Employer: <br />a. Services that facilitate and report the enrollment and disenrollment of employees and their eligible dependents in the Plan. <br />b. Services that facilitate the payment of premiums under the Plan. <br />3. Scope of Responsibilities of Agent of Employer. Infinisource, as Agent of Employer, agrees to the same conditions and restrictions set forth in <br />Sections C.2 through C.10 to the extent the information received from Employer originated from the Plan (i.e., the information was once PHI). With <br />regard to all other individual identifiable health information, Infinisource agrees to use its best efforts to protect the confidentiality of the information <br />and to only use the Information as necessary to perform services referenced in Section D.2 or as otherwise required or permitted by applicable law. <br />4. Electronic Data Interchange. Employer acknowledges that Agent of Employer is under no obligation to comply with the EDI standard transaction <br />requirements set forth in 45 CFR Parts 160 and 162 and the security rules set forth in 45 CFR §164.302 et seq. with respect to services set forth in <br />Section D,2, <br />E. Termination <br />1. Termination for Cause. If Business Associate violates a material term of this Appendix, Employer may choose to do one of the following: <br />a. Provide an opportunity for Infinisource to cure the breach or end the violation within a reasonable amount of time and terminate this <br />Appendix and/or this Agreement if Infinisource does not cure the breach or end the violation within the time specified by Employer. <br />b. Immediately terminate this Appendix and/or this Agreement if cure is not possible. <br />2. Business Associate Obligations upon Termination. <br />a. Upon termination of this Appendix and/or this Agreement, Infinisource shall return to the Plan or destroy all PHI received from the Plan, or <br />created, maintained or received by Infinisource on behalf of the Plan in any form except to the extent determined infeasible as set forth in Section <br />2b. This provision shall apply to PHI that is in the possession of Subcontractors or agents of Infinisource. Infinisource shall retain no copies of the <br />PHI. <br />b, If Infin€source determines, in its sole discretion, that returning or destroying the PHI is infeasible, Infinisource shall notify the Plan of the <br />conditions that make return or destruction infeasible. In that event, Infinisource shall: <br />• Retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal <br />responsibilities. <br />• Return to the Plan or destroy the remaining PHI that Business Associate still maintains in any form. <br />• Continue to use appropriate safeguards and comply with the HIPAA Rules with respect to electronic PHI to prevent use or disclosure of the <br />PHI, other than as provided for in this Section E, for as long as Business Associate retains the PHI. <br />• Refrain from using or disclosing the PHI retained by Business Associate other than for the purposes for which the PHI was retained and <br />continue to comply with the permitted uses and disclosures that applied prior to termination of this Appendix. <br />• Return to the Plan or destroy the PHI retained by Business Associate when no longer needed for Its proper management and administration <br />or to carry out its legal responsibilities. <br />3. Survival. The obligations of Business Associate under this Section E shall survive the termination of this Appendix and/or this Agreement. <br />Infinisource Service Agreement <br />Fringe Benefit Plan Administration Service Appendix <br />Employer has established a Code §125 Cafeteria Plan ("Cafeteria Plan"), a Code §105 Health Flexible Spending Account ("Health FSA") and/or a Code §129 <br />Dependent Care Flexible Spending Account ("Dependent Care FSA"). In addition, Employer may have established one or more Code §105 Health <br />Reimbursement Arrangements ("HRAs") as described in IRS Notice 2002-45, or a Code §132 Qualified Transportation Fringe Benefit Plan. All such plans <br />shall be referred to collectively as the "Plans'. Employer has asked Infinisource to assist it with its administrative obligations under one or more of the Plans. <br />This Service Appendix describes the rights and responsibilities of Infinisource and Employer with respect to various administrative services provided by <br />Infinisource with respect to the Plans. Infinisource will also provide current and updated Information to Employer relating to compliance with IRS Code <br />Sections 105, 125, 129 and/or 132, including any changes or modifications in compliance requirements, notification language and related steps necessary <br />to act in accord with said changes or modifications. These notifications will be based on Infinisource interpretation as a consultant/benefits administrator <br />of applicable law and should not be construed as tax or legal advice. The rights and obligations outlined below apply only to the extent chosen by Employer <br />on the Fees and Consideration Appendix. This Service Appendix is incorporated into and made a part of the Service Agreement (the "Agreement"). The <br />effective date of this Service Appendix Is the effective date of the Agreement or, if later, the date assigned by infinisource as defined in the Infinisource <br />Client Welcome Letter. The responsibilities of the parties set forth in this Service Appendix are in addition to any responsibilities set forth in the Agreement. <br />If there is a conflict between this Service Appendix and the Agreement, the Agreement controls. <br />A. Responsibilities of Infinisource <br />1. - -r,._ i `; ' . '-; i ,�� ( A . '- -! i� ,�„ is ' i ;rJf-;. ' - <br />i'.; �-. 1 .1lil ) Lli., 1 1. it 1: �"'1 I I t, l .. � ,,c I"':�„ <br />