Skip to content
Contact
Subscribe to newsletter Call: (210) 851-8565 Get Directions

BUSINESS ASSOCIATE AGREEMENT (HIPAA)

We do Accounting, Assurance & Tax in San Antonio, TX

J. Prentiss Moore CPA, PC

Accounting and Tax can be tough,
we make it easy.


Stay Updated (210) 851-8565

This Privacy Agreement ("Agreement"), is effective upon signing this Agreement and is

entered into by and between _________________________ ("Covered Entity") and

J. Prentiss Moore CPA, PC (the "Business Associate").

I. Term. This Agreement shall remain in effect for the duration of this Agreement and

shall apply to all of the Services and/or Supplies delivered by the Business Associate

pursuant to this Agreement.

II. HIPAA Assurances. In the event Business Associate creates, receives, maintains,

or otherwise is exposed to personally identifiable or aggregate patient or other medical

information defined as Protected Health Information ("PHI") in the Health Insurance

Portability and Accountability Act of 1996 or its relevant regulations ("HIPAA") and

otherwise meets the definition of Business Associate as defined in the HIPAA Privacy

Standards (45 CFR Parts 160 and 164), Business Associate shall:

(a) Recognize that HITECH (the Health Information Technology for Economic

and Clinical Health Act of 2009) and the regulations thereunder (including 45

C.F.R. Sections 164.308, 164.310, 164.312, and 164.316), apply to a business

associate of a covered entity in the same manner that such sections apply to the

covered entity;

(b) Not use or further disclose the PHI, except as permitted by law;

(c) Not use or further disclose the PHI in a manner that had the Covered Entity

done so, would violate the requirements of HIPAA;

(d) Use appropriate safeguards (including implementing administrative, physical,

and technical safeguards for electronic PHI) to protect the confidentiality,

integrity, and availability of and to prevent the use or disclosure of the PHI other

than as provided for by this Agreement;

(e) Comply with each applicable requirements of 45 C.F.R. Part 162 if the

Business Associate conducts Standard Transactions for or on behalf of the

Covered Entity;

(f) Report promptly to the Covered Entity any security incident or other use or

disclosure of PHI not provided for by this Agreement of which Business

Associate becomes aware;

(g) Ensure that any subcontractors or agents who receive or are exposed to PHI

(whether in electronic or other format) are explained the Business Associate

obligations under this paragraph and agree to the same restrictions and

conditions;

(h) Make available PHI in accordance with the individual’s rights as required

under the HIPAA regulations;

(i) Account for PHI disclosures for up to the past six (6) years as requested by

Covered Entity, which shall include: (i) dates of disclosure, (ii) names of the

Page 2 of 3

entities or persons who received the PHI, (iii) a brief description of the PHI

disclosed, and (iv) a brief statement of the purpose and basis of such disclosure;

(j) Make its internal practices, books, and records that relate to the use and

disclosure of PHI available to the U.S. Secretary of Health and Human Services

for purposes of determining Customer’s compliance with HIPAA; and

(k) Incorporate any amendments or corrections to PHI when notified by Customer

or enter into a Business Associate Agreement or other necessary Agreements to

comply with HIPAA.

III. Termination Upon Breach of Provisions. Notwithstanding any other provision of

this Agreement, Covered Entity may immediately terminate this Agreement if it

determines that Business Associate breaches any term in this Agreement. Alternatively,

Covered Entity may give written notice to Business Associate in the event of a breach

and give Business Associate five (5) business days to cure such breach. Covered Entity

shall also have the option to immediately stop all further disclosures of PHI to Business

Associate if Covered Entity reasonably determines that Business Associate has

breached its obligations under this Agreement. In the event that termination of this

Agreement and the Agreement is not feasible, Business Associate hereby

acknowledges that the Covered Entity shall be required to report the breach to the

Secretary of the U.S. Department of Health and Human Services, notwithstanding any

other provision of this Agreement or Agreement to the contrary.

IV. Return or Destruction of Protected Health Information upon Termination. Upon

the termination of this Agreement, unless otherwise directed by Covered Entity,

Business Associate shall either return or destroy all PHI received from the Covered

Entity or created or received by Business Associate on behalf of the Covered Entity in

which Business Associate maintains in any form. Business Associate shall not retain

any copies of such PHI. Notwithstanding the foregoing, in the event that Business

Associate determines that returning or destroying the Protected Health Information is

infeasible upon termination of this Agreement, Business Associate shall provide to

Covered Entity notification of the condition that makes return or destruction infeasible.

To the extent that it is not feasible for Business Associate to return or destroy such PHI,

the terms and provisions of this Agreement shall survive such termination or expiration

and such PHI shall be used or disclosed solely as permitted by law for so long as

Business Associate maintains such Protected Health Information.

V. No Third Party Beneficiaries. The parties agree that the terms of this Agreement

shall apply only to themselves and are not for the benefit of any third-party beneficiaries.

VI. De-Identified Data. Notwithstanding the provisions of this Agreement, Business

Associate and its subcontractors may disclose non-personally identifiable information

provided that the disclosed information does not include a key or other mechanism that

would enable the information to be identified.

VII. Amendment. Business Associate and Covered Entity agree to amend this

Agreement to the extent necessary to allow either party to comply with the Privacy

Page 3 of 3

Standards, the Standards for Electronic Transactions, the Security Standards, or other

relevant state or federal laws or regulations created or amended to protect the privacy

of patient information. All such amendments shall be made in a writing signed by both

parties.

VIII. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a

meaning that permits Covered Entity to comply with the then most current version of

HIPAA and the HIPAA privacy regulations.

IX. Definitions. Capitalized terms used in this Agreement shall have the meanings

assigned to them as outlined in HIPAA and its related regulations.

X. Survival. The obligations imposed by this Agreement shall survive any expiration or

termination of this Agreement.

Get in touch with J. Prentiss Moore CPA, PC

San Antonio, TX 78258
Call Us: (210) 851-8565