This Privacy Agreement ("Agreement"), is effective for all users who choose to use Beehive. Upon creating an account with Beehive, this Agreement is entered into by and between the Customer ("Covered Entity") and Beehive (the "Business Associate").
Business Associate: "Business Associate" shall generally have the same meaning as the term "business associate" at 45 CFR 160.103, and in reference to the party to this agreement, shall mean RPN, LLC. (Beehive)
Covered Entity: "Covered Entity" shall generally have the same meaning as the term "covered entity" at 45 CFR 160.103, and in reference to the party to this agreement, shall mean the Customer.
HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
Obligations and Activities of Business Associate
Business Associate agrees to:
Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;
Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;
Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;
In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information;
Permitted Uses and Disclosures by Business Associate
Business associate may use or disclose protected health information as required by law.
Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by covered entity
Business associate may use protected health information for the proper management and administration of the business associate or to carry out the legal responsibilities of the business associate.
Business associate may disclose protected health information for the proper management and administration of business associate or to carry out the legal responsibilities of the business associate, provided the disclosures are required by law, or business associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies business associate of any instances of which it is aware in which the confidentiality of the information has been breached.
[Optional] Business associate may provide data aggregation services relating to the health care operations of the covered entity
Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions
Covered entity shall notify business associate of any limitation(s) in the notice of privacy practices of covered entity under 45 CFR 164.520, to the extent that such limitation may affect business associate’s use or disclosure of protected health information.
Covered entity shall be responsible for limiting or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect business associate’s use or disclosure of protected health information.
Term and Termination
Term. The Term of this Agreement shall be effective when the Covered Entity creates an account, and shall terminate when this account is closed or deleted.
Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, business associate, with respect to protected health information received from covered entity, or created, maintained, or received by business associate on behalf of covered entity, shall delete all of the information.
Business Associate reserves the right to change the terms and conditions of this HIPAA Addendum at any time to comply with the Privacy Standards, the Stands for Electronic Transactions, the Security Standards, or other relevant state or federals laws or regulations created or amended to protect the privacy of patient information. All such amendments shall be made accessible to the Covered Entity.
Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the then most current version of HIPAA and the HIPAA privacy regulations.
The obligations imposed by this Agreement shall survive any expiration or termination of this Agreement.