Loading...
AG 13-237RETURN TO: EXT: CITY OF FEDERAL WAY LAW DEPARTMENT ROUTING FORM 1. ORIGINATING DEPT./DIV: T HLtrAaA Ie -S®u pz-C.-e- :�s 2. ORIGINATING STAFF PERSON: UCa41 EXT: 0"S 2- 3. DATE REQ. BY. 4. TYPE OF DOCUMENT (CHECK ONE): • CONTRACTOR SELECTION DOCUMENT (E.G., RFB, RFP, RFQ) • PUBLIC WORKS CONTRACT ❑ SMALL OR LIMITED PUBLIC WORKS CONTRACT ❑ PROFESSIONAL SERVICE AGREEMENT ❑ MAINTENANCE AGREEMENT ❑ GOODS AND SERVICE AGREEMENT ❑ HUMAN SERVICES / CDBG ❑ REAL ESTATE DOCUMENT ❑ SECURITY DOCUMENT (E.G. BOND RELATED DOCUMENTS) ❑ ORDINANCE ❑ RESOLUTION ❑ CONTRACT AMENDMENT(AG #): ❑ iN_TERLOCAL ✓1 5 n OTHER �i L . Q, An S 1 Ls .5 I-t Sb �� (� t-tc✓t a , 5. PROJECT NAME: �1� fL -c^� - [ C & $ ✓I 6. NAME OF CONTRACTOR: IS . L • E✓ A n5 C, rro r4.1 y `I Yl C , ADDRESS: TELEPHONE E -MAIL: FAX: SIGNATURE NAME: TITLE 7. EXHIBITS AND ATTACHMENTS: ❑ SCOPE, WORK OR SERVICES ❑ COMPENSATION ❑ INSURANCE REQUIREMENTS /CERTIFICATE ❑ ALL OTHER REFERENCED EXHIBITS ❑ PROOF OF AUTHORITY TO SIGN ❑ REQUIRED LICENSES ❑ PRIOR CONTRACT /AMENDMENTS F 8. TERM: COMMENCEMENT DATE: ` 12-Le 1201 3 COMPLETION DATE: I 9. TOTAL COMPENSATION $ (INCLUDE EXPENSES AND SALES TAX, IF ANY) (IF CALCULATED ON HOURLY LABOR CHARGE - ATTACH SCHEDULES OF EMPLOYEES TITLES AND HOLIDAY RATES) REIMBURSABLE EXPENSE: ❑ YES ❑ NO IF YES, MAXIMUM DOLLAR AMOUNT: $ IS SALES TAX OWED ❑ YES LINO IF YES, $ PAID BY. ❑ CONTRACTOR ❑ CITY ❑ PURCHASING: PLEASE CHARGE TO: 10. DOCUMENT /CONTRACT REVIEW INITIAL / DATE REVIEWED INITIAL/ DATE APPROVED • PROJECT MANAGER • DIRECTOR • RISK MANAGEMENT (IF APPLICABLE) ❑ LAW 11. COUNCIL APPROVAL (IF APPLICABLE) COMMITTEE APPROVAL DATE: COUNCIL APPROVAL DATE: 12. CONTRACT SIGNATURE ROUTING • SENT TO VENDOR/CONTRACTOR DATE SENT: DATE REC'D: • ATTACH: SIGNATURE AUTHORITY, INSURANCE CERTIFICATE, LICENSES, EXHIBITS INITIAL/ DATE SIGNED • LAW DEPARTMENT • CHIEF OF STAFF ❑ SIGNATORY (MAYOR OR DIRECTOR) ❑ CITY CLERK ❑ ASSIGNED AG# AG# ❑ SIGNED COPY RETURNED DATE SENT: s COMMENTS: 11/9 BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter "Agreement") is between City of Federal Way (hereinafter "Covered Entity ") and R.L. Evans Company. Inc. (hereinafter "Business Associate "). Covered Entity and Business Associate may be referred to herein individually as "Parry" or collectively as "Parties." Covered Entity acknowledges that it is subject to the Privacy Rule (45 CFR Parts 160 and 164) promulgated by the United States Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104 -191. Business Associate provides services or goods to Covered Entity pursuant to one or more contractual relationships hereinafter referred to as "Consultant Services Agreement". In the course of executing Consultant Services Agreement, Business Associate may come into contact with, use, or disclose Protected Health Information (defined in Section 1.7 below). Said Consultant Services Agreement are hereby incorporated by reference and shall be taken and considered as a part of this document the same as if fully set out herein. In accordance with the federal privacy regulations set forth at 45 C.F.R. Part 160 and Part 164, Subparts A and E, which require Covered Entity to have a written contract with each of its Business Associates, the Parties wish to establish satisfactory assurances that Business Associate will appropriately safeguard "Protected Health Information" and, therefore, make this Agreement. 1. DEFINITIONS 1.1. Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms, in 45 CFR §§ 160.103 and 164.501. 1.2. "Individual" shall have the same meaning as the term "individual' in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g). 1.3. "Secretary" shall mean the Secretary of the Department of Health and Human Services or designee. 1.4. "Security Rule" shall mean the Security Standards for Protection of Electronic Protected Health Information in 45 CFR § 160 and § 164, subparts A and C. 1.5. "Privacy Officer" shall have the meaning as set out in its definition at 45 C.F.R. § 164.530(a)(1). 1.6. "Privacy Rule" shall mean the Standards for Privacy for Individually Identifiable Health Information at 45 CFR § 160 and § 164, subparts A and E. 1.7. "Protected Health Information" shall have the same meaning as the term "protected health information" in 45 CFR § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity. 1.8. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR § 164.103. 2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE 2.1. Business Associate agrees to fully comply with the requirements under the Privacy Rule applicable to "business associates," as that term is defined in the Privacy Rule and not use or further disclose Protected Health Information other than as permitted or required by this Agreement, Consultant Services Agreement, or as Required By Law. In case of any conflict between this Agreement and Consultant Services Agreement, this Agreement shall govern. Page 1 of 6 2.2. Business Associate agrees to use appropriate procedural, physical, and electronic safeguards to prevent use or disclosure of Protected Health Information other than as provided for by this Agreement. Said safeguards shall include, but are not limited to, requiring employees to agree to use or disclose Protected Health Information only as permitted or required by this Agreement and taking related disciplinary actions for inappropriate use or disclosure as necessary. 2.3. Business Associate shall require any agent, including a subcontractor, to whom it provides Protected Health Information received from, created or received by, Business Associate on behalf of Covered Entity or that carries out any duties for the Business Associate involving the use, custody, disclosure, creation of, or access to Protected Health Information, to agree, by written contract with Business Associate, to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. 2.4. Business Associate agrees to mitigate, to the extent practicable, any harmffi d effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. 2.5. Business Associate agrees to immediately report to Covered Entity any security incident or any use or disclosure of Protected Health Information, including Electronic Protected Health Information, not provided for by this Agreement 2.6. Business Associate agrees to require its employees, agents, and subcontractors to immediately report, to Business Associate, any use or disclosure of Protected Health Information in violation of this Agreement and to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement. 2.7. If Business Associate receives Protected Health Information from Covered Entity, then Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information to Covered Entity or, as directed by covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524. 2.8. If Business Associate receives Protected Health Information from Covered Entity, then Business Associate agrees to make any amendments to Protected Health Information that the Covered Entity directs or agrees to pursuant to the 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity. 2.9. Business Associate agrees to make its internal practices, books, and records including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, created by or received by Business Associate on behalf of, Covered Entity available to the Secretary of the United States Department of Health in Human Services or the Secretary's designee, in a time and manner designated by the Secretary, for purposes of determining Covered Entity's or Business Associate's compliance with the Privacy Rule. 2.10. Business Associate agrees to document disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosure of Protected Health Information in accordance with 45 CFR § 164.528. 2.11. Business Associate agrees to provide Covered Entity or an Individual, in time and manner designated by Covered Entity, information collected in accordance with this Agreement, to permit Covered Entity to respond to a request by an Individual for and accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528, to provide access to, or deliver such information which shall include, at minimum, (a) date of the disclosure; (b) name of the third party to whom the Protected Health Information was disclosed and, if known, the address of the third party; (c) brief description of the disclosed information; and (d) brief explanation of the purpose and basis for such disclosure. Page 2 of 6 2.12. Business Associate agrees it must limit any use, disclosure, or request for use or disclosure of Protected Health Information to the minimum amount necessary to accomplish the intended purpose of the use, disclosure, or request in accordance with the requirements of the Privacy Rule. 2.13. Business Associate agrees to comply with the applicable requirements of the Security Rule, including the requirement to maintain appropriate administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information. 2.14. To the extent the Business Associate is to carry out one or more of the Covered Entity's obligations under the Privacy Rule, including but not limited to the provision of a notice of privacy practices on behalf of Covered Entity, Business Associate agrees to comply with the requirements of the Privacy Rule that apply to Covered Entity in the performance of such obligations. 2.14.1. Business Associate acknowledges that if Business Associate is also a covered entity, as defined by the Privacy Rule, Business Associate is required, independent of Business Associate's obligations under this Agreement, to comply with the Privacy Rule's minimum necessary requirements when making any request for Protected Health Information from Covered Entity. 2.14.2. Business Associate agrees to adequately and properly maintain all Protected Health Information received from, or created or received on behalf of, Covered Entity and to document subsequent uses and disclosures of such information by Business Associate as may be deemed necessary and appropriate by the Covered Entity. 2.15. If Business Associate receives a request from an Individual for a copy of the individual's Protected Health Information, and the Protected Health Information is in the sole possession of the Business Associate, Business Associate will provide the requested copies to the individual and notify the Covered Entity of such action. If Business Associate receives a request for Protected Health Information in the possession of the Covered Entity, or receives a request to exercise other individual rights as set forth in the Privacy Rule, Business Associate shall notify Covered Entity of such request and forward the request to Covered Entity. Business Associate shall then assist Covered Entity in responding to the request. 2.16. Business Associate agrees to fully cooperate in good faith with and to assist Covered Entity in complying with the requirements of the Privacy Rule. 3. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE 3.1. Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in Consultant Services Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity. 3.2. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information as required for Business Associate's proper management and administration or to carry out the legal responsibilities of the Business Associate. 3.3. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are Required By Law, or provided that, if Business Associate discloses any Protected Health Information to a third party for such a purpose, Business Associate shall enter into a written agreement with such third party requiring the third party to: (a) maintain the confidentiality of Protected Health Information and not to use or further disclose such information except as Required By Law or for the purpose for which it was disclosed, and (b) notify Business Associate of any instances in which it becomes aware in which the confidentiality of the Protected Health Information is breached. Page 3 of 6 3.4. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 42 CFR § 164.504(e)(2)(1)(B). 4. OBLIGATIONS OF COVERED ENTITY 4.1. Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice. 4.2. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, if such changes affect Business Associate's permitted or required uses. 4.3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate's use of Protected Health Information. S. PERMISSIBLE REQUESTS BY COVERED ENTITY 5.1. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity. 6. TERM AND TERMINATION 6.1. Term. This Agreement shall be effective as of the date on which it is signed by both parties and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, Section 6.3. below shall apply. 6.2. Termination for Cause. 6.2.1. This Agreement authorizes and Business Associate acknowledges and agrees Covered Entity shall have the right to immediately terminate this Agreement and Consultant Services Agreement in the event Business Associate fails to comply with, or violates a material provision of, requirements of the Privacy Rule or this Agreement. 6.2.2. Upon Covered Entity's knowledge of a material breach by Business Associate, 6.2.2.1. Covered Entity shall, whenever practicable, provide a reasonable opportunity for Business Associate to cure the breach or end the violation. 6.2.2.2. If Business Associate has breached a material term of this Agreement and cure is not possible or if Business Associate does not cure a curable breach or end the violation within a reasonable time as specified by, and at the sole discretion of, Covered Entity, Covered Entity may immediately terminate this Agreement and Consultant Services Agreement. 6.2.2.3. If neither cure nor termination are feasible, Covered Entity shall report the violation to the Secretary of the United States Department of Health in Human Services or the Secretary's designee. 6.3. Effect of Termination. 6.3.1. Except as provided in Section 6.3.2., upon termination of this Agreement for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of, Covered Entity. This provision shall apply to Page 4of6 Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information. 6.3.2. In the event that Business Associate determines that returning or destroying the Protected Health Information is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction unfeasible. Upon mutual agreement of the Parties that return or destruction of Protected Health Information is unfeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction unfeasible, for so long as Business Associate maintains such Protected Health Information. 7. MISCELLANEOUS 7.1. Regulatory Reference. A reference in this Agreement to a section in the Privacy Rule means the section as in effect or as amended. 7.2. Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy Rule and the Health Insurance Portability and Accountability Act, Public Law 104 -191. Business Associate and Covered Entity shall comply with any amendment to the Privacy Rule, the Health Insurance Portability and Accountability Act, Public Law 104 -191, and related regulations upon the effective date of such amendment, regardless of whether this Agreement has been formally amended. 7.3. Survival. The respective rights and obligations of Business Associate under Section 6.3. of this Agreement shall survive the termination of this Agreement. 7.4. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity and the Business Associate to comply with the Privacy Rule. 7.5. Notices and Communications. All instructions, notices, consents, demands, or other communications required or contemplated by this Agreement shall be in writing and shall be delivered by hand, by facsimile transmission, by overnight courier service, or by first class mail, postage prepaid, addressed to the respective party at the appropriate facsimile number or address, or to such other party, facsimile number, or address as may be hereafter specified by written notice. All instructions, notices, consents, demands, or other communications shall be considered effectively given as of the date of hand delivery; as of the date specified for overnight courier service delivery; as of three (3) business days after the date of mailing, or on the day the facsimile transmission is received mechanically by the facsimile machine at the receiving location and receipt is verbally confirmed by the sender. 7.6. Strict Compliance. No failure by any Party to insist upon strict compliance with any term or provision of this Agreement, to exercise any option, to enforce any right, or to seek any remedy upon any default of any other Party shall affect, or constitute a waiver of, any Party's right to insist upon such strict compliance, exercise that option, enforce that right, or seek that remedy with respect to that default or any prior, contemporaneous, or subsequent default. No custom or practice of the Parties at variance with any provision of this Agreement shall affect, or constitute a waiver of, any Party's right to demand strict compliance with all provisions of this Agreement. 7.7. Severability. With respect to any provision of this Agreement finally determined by a court of competent jurisdiction to be unenforceable, such court shall have jurisdiction to reform such provision so that it is enforceable to the maximum extent permitted by applicable law, and the Parties shall abide by such court's determination. In the event that any provision of this Agreement cannot be reformed, such provision shall be deemed to be severed from this Agreement, but every other provision of this Agreement shall remain in full force and effect. Page 5 of 6 IN WITNESS WHEREOF, COVERED ENTITY LEGAL ENTITY NAME: City of Federal Way TE LEGAL ENTITY NAME: R.L. Evans Company, Inc. Page 6 of 6