Laserfiche WebLink
013CON EXIS <br />human resourceful' <br />HIPAA BUSINESS ASSOCIATE SCHEDULE <br />This HIPAA Business Associate Schedule (the "HIPAA Schedule") is entered into by Client, on behalf of itself as a group <br />health plan sponsor and one or more of the Group Health Plans maintained by Client, and CONEXIS. This HIPAA <br />Schedule is specifically incorporated into and made a part of this Services Agreement between CONEXIS and Client <br />("Agreement"). CONEXIS recognizes that in the course of performing services for and on behalf of the Group Health <br />Plants) in accordance with the Agreement. CONEXIS will create, receive, or maintain Protected Health Information <br />("PHI") on behalf of the Plan. Consequently, CONEXIS is a "Business Associate" (as defined in 45 CFR § 160.103) of the <br />Plan and is entering into this Schedule as necessary to satisfy the requirements of 45 CFR §§ 164.502(e) and <br />164.504(e)(1). Both Client and CONEXIS acknowledge and agree that CONEXIS is an independent contractor and is not <br />an "agent" of Client. <br />All provisions of this Schedule reflect the requirements of the Health Information Technology for Economic and Clinical <br />Health Act ("HITECH") that are effective as of September 23, 2013. <br />If there is a conflict between the Agreement and this HIPAA Schedule with regard to the subject matter herein, this HIPAA <br />Schedule controls. <br />SECTION 1.0 DEFINITIONS <br />The following terms are capitalized throughout and are specifically defined as follows: <br />1.1 "Group Health Plan" or "Plan" will have the same meaning as the term "group health plan" in 45 CFR § <br />160.103; however, such term shall be limited to the group health plans administered by CONEXIS in <br />accordance with the Agreement. This term does not include any Health Savings Account, as defined in <br />26 USC § 223, for which CONEXIS provides related services in accordance with the Agreement. <br />1.2 "Privacy Breach" will have the same meaning as "Breach" set forth in 45 CFR § 164.402. <br />1.3 "Privacy Rule" will mean the Standards for Privacy of Individually Identifiable Health Information in 45 <br />CFR Part 160 and 164, Subparts A and E. <br />1.4 "Protected Health Information" or "PHI" will have the same meaning as the term "protected health <br />information" in 45 CFR § 160.103 and will include any electronic protected health information as defined <br />in 45 CFR § 160.103. Notwithstanding anything to the contrary herein, PHI will not include information <br />received by CONEXIS from Client or its designee that is related to an individual's enrollment (or <br />disenrollment) in the Plan and is provided to CONEXIS solely for the purpose of assisting Client with its <br />enrollment obligations under the Plan. <br />1.5 "Required by Law" will have the same meaning as the term "required by law" in 45 CFR § 160.103. <br />1.6 "Secretary" will mean the Secretary of the Department of Health and Human Services or his designee. <br />1.7 "Security Incident" will have the same meaning as the term "security incident" in 45 CFR § 164.304. <br />1.8 "Security Rule" will mean the Security Standards for the Protection of Electronic Protected Health <br />Information in 45 CFR § 164.302 at seq. <br />All other terms not specifically defined above shall have the same meanings specifically allocated to <br />such terms by the Privacy and Security Rule. <br />Direct Client Services Agreement 10 V10.0-050114 <br />