Laserfiche WebLink
ADDENDUM <br />BUSINESS ASSOCIATE ASSURANCE <br />In the event that TriTech Software Systems (referred to herein as "TriTech") is deemed to be a <br />"Business Associate" of Customer, and Customer is a "Covered Entity," as those terms are <br />defined in 45 C.F.R. § 160.103, TriTech, effective on or after April 14, 2003, or such other <br />implementation date established by law, will carry out its obligations under this Agreement in <br />material compliance with the regulations published at 65 Federal Register 82462 (December 28, <br />2000) (the "Privacy Regulations") pursuant to Public Law 104-191 of August 21, 1996, known <br />as the Health Insurance Portability and Accountability Act of 1996, Subtitle F — Administrative <br />Simplification, Sections 261, et seq., as amended ("HIPAA"), to protect the privacy of any <br />personally identifiable, protected health information ('PHI') that is collected, processed or <br />learned in connection with TriTech supplied services. In conformity therewith, Contractor agrees <br />that it will use its reasonable best efforts to: <br />■ Not use or further disclose PHI except: (i) as permitted under separate TriTech Support <br />Agreement; (ii) as required for the proper management and administration of TriTech in <br />its capacity as a HIPAA Business Associate of Customer, in the event TriTech is deemed <br />to be a Business Associate of Customer for these specified purposes; or (iii) as required <br />by law; <br />• Use appropriate reasonable safeguards to prevent use or disclosure of PHI except as <br />permitted by the TriTech Service Agreement; <br />• Report to Customer any use or disclosure of PHI not provided for by the TriTech Service <br />Agreement of which TriTech becomes aware; <br />• Ensure that any agents or subcontractors to whom TriTech provides PHI, or who have <br />access to PHI, agree to the same restrictions and conditions that apply to TriTech with <br />respect to such PHI; <br />• Make PHI available to the individual who has a right of access as required under HIPAA <br />in the event TriTech maintains any PHI in a designated record set as defined by 45 C.F.R. <br />§ 164.501; <br />• Make available for amendment and incorporate any amendments to PHI when notified to <br />do so by Customer in the event that TriTech maintains any PHI in a designated record set <br />as defined by 45 C.F.R. § 164.501; <br />■ Make available to Customer the information required to provide an accounting of the <br />disclosures of PHI, if any, made by TriTech on Customer's behalf, provided such <br />disclosures are of the type for which an accounting must be made under the Privacy <br />Regulations; <br />■ Make its internal practices, books and records relating to the use and disclosure of <br />Customer's PHI available to the Secretary of the Department of Health and Human <br />Services for purposes of determining Customer's compliance with HIPAA and the <br />Privacy Regulations; <br />• At the termination of the TriTech Service Agreement, return or destroy all PHI received <br />from, or created or received by TriTech on behalf of Customer. In the event the return or <br />Santa Ana System Purchase and Support Agreement— Addendum F <br />Copyright © 2015.TriTech Software Systems <br />Unpublished: Rights reserved under the copyright laws of the United States <br />Page 20 of 20 <br />