My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Res 2016-077/approving an administrative services agreement with United Healthcare Services, Inc. for the provision of medical, pharmacy, dental, flexible spending accounts (fsa), retiree, online enrollment tool and cobra benefits administration in a tot
San-Marcos
>
City Clerk
>
03 Resolutions
>
2010's
>
2016
>
Res 2016-077/approving an administrative services agreement with United Healthcare Services, Inc. for the provision of medical, pharmacy, dental, flexible spending accounts (fsa), retiree, online enrollment tool and cobra benefits administration in a tot
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/18/2016 2:07:35 PM
Creation date
7/18/2016 1:30:22 PM
Metadata
Fields
Template:
City Clerk
City Clerk - Document
Resolutions
City Clerk - Type
Approving
Number
2016-77
Date
6/21/2016
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
52
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
ys <br />This Business Associate Agreement ( "BAA ") is incorporated into and made part of the Administrative Services Agreement <br />( "Agreement ") between United HealthCare Services, Inc. on behalf of itself and its affiliates ( "Business Associate ") and <br />City of San Marcos ( "Covered Entity ") and is effective on January 1, 2017(Effective Date). <br />The parties hereby agree as follows: <br />1. DEFINITIONS <br />1.1 Unless otherwise specified in this BAA, all capitalized terms used in this BAA not otherwise defined have <br />the meanings established for purposes of the Health Insurance Portability and Accountability Act of 1996 <br />and its implementing regulations as amended from time to time (collectively, "HIPAA "). <br />1.2 "Privacy Rule" means the federal privacy regulations, as amended from time to time, issued pursuant to <br />HIPAA and codified at 45 C.F.R. Parts 160 and 164 (Subparts A & E). <br />1.3 "Security Rule" means the federal security regulations, as amended from time to time, issued pursuant to <br />HIPAA and codified at 45 C.F.R. Parts 160 and 164 (Subparts A & C). <br />1.4 "Services" means, to the extent and only to the extent they involve the receipt, creation, maintenance, <br />transmission, use or disclosure of PHI, the services provided by Business Associate to Covered Entity as set <br />forth in the Agreement, including those set forth in this BAA in Section 4, as amended by written agreement <br />of the parties from time to time. <br />2. RESPONSIBILITIES OF BUSINESS ASSOCIATE <br />With regard to its use and /or disclosure of Protected Health Information (PHI), Business Associate agrees to: <br />2.1 not use and/or disclose PHI except as necessary to provide the Services, as permitted or required by this <br />BAA and/or the Agreement, and in compliance with each applicable requirement of 45 C.F.R. <br />164.504(e), or as otherwise Required by Law; provided that, to the extent Business Associate is to carry <br />out Covered Entity's obligations under the Privacy Rule, Business Associate will comply with the <br />requirements of the Privacy Rule that apply to Covered Entity in the performance of those obligations. <br />2.2 implement and use appropriate administrative, physical and technical safeguards and comply with <br />applicable Security Rule requirements with respect to Electronic Protected Health Information, to prevent <br />use or disclosure of PHI other than as provided for by this BAA and/or the Agreement. <br />2.3 without unreasonable delay, report to Covered Entity (i) any use or disclosure of PHI not provided for <br />by this BAA and/or the Agreement, of which it becomes aware in accordance with 45 C.F.R. <br />164.504(e)(2)(ii)(C); and/or (ii) any Security Incident of which Business Associate becomes aware in <br />accordance with 45 C.F.R. 164.314(a)(2)(i)(C). <br />2.4 with respect to any use or disclosure of Unsecured PHI not permitted by the Privacy Rule that is caused <br />solely by Business Associate's failure to comply with one or more of its obligations under this BAA, <br />Covered Entity hereby delegates to Business Associate the responsibility for determining when any such <br />incident is a Breach. In the event of a Breach, Business Associate shall (i) provide Covered Entity with <br />written notification, and (ii) provide all legally required notifications to Individuals, HHS and/or the <br />media, on behalf of Covered Entity, in accordance with 45 C.F.R. 164 (Subpart D). Business Associate <br />shall pay for the reasonable and actual costs associated with those notifications. <br />2.5 in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 45 C.F.R. 164.308(b)(2), ensure that any <br />subcontractors of Business Associate that create, receive, maintain or transmit PHI on behalf of Business <br />Associate agree, in writing, to the same restrictions and conditions on the use and/or disclosure of PHI <br />that apply to Business Associate with respect to that PHI. <br />2.6 make available its internal practices, books and records relating to the use and disclosure of PHI to the <br />Secretary for purposes of determining Covered Entity's compliance with the Privacy Rule. <br />2.7 after receiving a written request from Covered Entity or an Individual, make available an accounting of <br />disclosures of PHI about the Individual, in accordance with 45 C.F.R. 164.528. <br />43 <br />
The URL can be used to link to this page
Your browser does not support the video tag.