Laserfiche WebLink
IIII .. <br />Aan <br />Pro,wtadeu, Sok,ilJomi.s ` <br />BUSINESS ASSOCIATE AGREEMENT <br />This Business Associate Agreement ("BAA") is between the "Client" identified on the "Order" <br />("Company") and TriZetto Provider Solutions, LLC ("TriZetto"). Company and TriZetto are each a <br />"Party" and together the "Parties." <br />Company is a Covered Entity or a Business Associate to one or more Covered Entities (see <br />Section 1 for Definitions) and desires to disclose certain information to TriZetto, some of which may <br />constitute Protected Health Information. <br />TriZetto provides certain services to Company pursuant to one or more service agreements <br />("Services Agreement"). These services qualify TriZetto as a Business Associate or Subcontractor <br />Business Associate to Company. <br />The Parties are entering into this BAA to set forth the terms on which TriZetto may use and <br />disclose Protected Health Information. The Parties agree as follows: <br />1. Definitions. Capitalized terms not otherwise defined in this BAA shall have the meanings as <br />set forth in the HIPAA Rules. <br />"HIPAA Rules" means collectively the Health Insurance Portability and Accountability Act of 1996, <br />as amended by the Health Information Technology for Economic and Clinical Health ("HITECH") <br />Act, and its implementing regulations set forth at 45 C.F.R. Parts 160 and 164, including the Privacy, <br />Security, Breach Notification and Enforcement Rules. <br />"Protected Health Information" and "PHI" have the same meaning as the term "protected health <br />information" in 45 C.F.R. § 160.103, as applied to the information created or received by TriZetto <br />from or on behalf of Company. <br />"Security Incident" has the same meaning as "security incident" in 45 C.F.R. § 164.304, excluding <br />immaterial or trivial incidents that occur on a daily basis, such as "scans," "pings," or an <br />unsuccessful attempt to improperly access Electronic PHI that is stored in an information system <br />under its control. <br />2. Obligations and Activities of TriZetto. <br />2.1. Uses and Disclosures of PHI'. TriZetto shall not use or disclose PHI other than as permitted <br />or required by the Services Agreement or as required by law. <br />2.2. Safeguards. TriZetto shall use reasonable and appropriate safeguards in compliance with <br />Subpart C of 45 C.F.R. Part 164 with respect to PHI in electronic format designed to prevent use or <br />disclosure of PHI other than as provided for by this BAA. <br />2.3. Reporting of Improper Use or Disclosure, Breach or Security Incident. TriZetto shall <br />report to Company in writing within 30 days after the Discovery any use or disclosure of PHI not <br />provided for by this BAA, including any Security Incident or Breach of Unsecured PHI. Such notice <br />shall include, to the extent known, the identification of each Individual whose PHI has been or is <br />reasonably believed by TriZetto to have been accessed, acquired, or disclosed. TriZetto shall <br />cooperate with Company in investigating a Breach or Security Incident so that Company may meet <br />Company's obligations under the HIPAA Rules and any other breach notification law. TriZetto agrees <br />TPS BAA 1 <br />Posted/Revised: 05232017 TRIZETTO CONFIDENTIAL/TRADE SECRET <br />