Laserfiche WebLink
ADDENDUM] <br />BUSINESS ASSOCIATE ASSURANCE <br />In the event that TriTech Software Systems (referred to herein as "TriTech ") is deemed to be a <br />"Business Associate" of Customer, and Customer is a "Covered Entity," as those terms are defined <br />in 45 C.P.R. § 160.103, TriTech, effective on or after April 14, 2003, or such other implementation <br />date established by law, will carry out its obligations under this Agreement in material compliance <br />with the regulations published at 65 Federal Register 82462 (December 28, 2000) (the "Privacy <br />Regulations ") pursuant to Public Law 104 -191 of August 21, 1996, known as the Health Insurance <br />Portability and Accountability Act of 1996, Subtitle F — Administrative Simplification, Sections <br />261, et seq., as amended ( "HIPAA "), to protect the privacy of any personally identifiable, protected <br />health information ('PHI ") that is collected, processed or learned in connection with TriTech <br />supplied services. In conformity therewith, Contractor agrees that it will use its reasonable best <br />efforts to: <br />• Not use or further disclose PHI except: (i) as permitted under separate TriTech Support <br />Agreement; (ii) as required for the proper management and administration of TriTech in <br />its capacity as a HIPAA Business Associate of Customer, in the event TriTech is deemed <br />to be a Business Associate of Customer for these specified purposes; or (iii) as required by <br />law; <br />• Use appropriate reasonable safeguards to prevent use or disclosure of PHI except as <br />permitted by the TriTech Service Agreement; <br />• Report to Customer any use or disclosure of PHI not provided for by the TriTech Service <br />Agreement of which TriTech becomes aware; <br />• Ensure that. any agents or subcontractors to whom TriTech provides PHI, or who have <br />access to PHI, agree to the same restrictions and conditions that apply to TriTech with <br />respect to such PHI; <br />• Make PHI available to the individual who has a right of access as required under HIPAA <br />in the event TriTech maintains any PHI in a designated record set as defined by 45 C.P.R. <br />§ 164.501; <br />• Make available for amendment and incorporate any amendments to PHI when notified to <br />do so by Customer in the event that TriTech maintains any PHI in a designated record set <br />as defined by 45 C.P.R. § 164.501; <br />• Make available to Customer the information required to provide an accounting of the <br />disclosures of PHI, if any, made by TriTech on Customer's behalf, provided such <br />disclosures axe of the type for which an accounting must be made under the Privacy <br />Regulations; <br />• Make its internal practices, books and records relating to the use and disclosure of <br />Customer's PHI available to the Secretary of the Department of Health and Human <br />Services for purposes of determining Customer's compliance with HIPAA and the Privacy <br />Regulations; <br />• At the termination of the TriTech Service Agreement, return or destroy all PHI received <br />from, or created or received by TriTech on behalf of Customer. In the event the return or <br />Santa Ana System Purchase and Support Agreement — Addendum P <br />Copyright © 2015 TriTech Sorlware, Systems <br />Unpublished: Rights reserved under the copyright laws of the United States <br />Page 20 of 20 <br />25B -188 <br />