This ADDENDUM to the Terms and Conditions for Purchase of SMARTHEART® PRO Device and ECG Review Service (this “Addendum”) is effective as of the date on the Purchase Order (the “Effective Date”), by and between Buyer, identified in the Purchase Order, and SHL Telemedicine USA, Inc., its successors or assigns (“Business Associate”).
WHEREAS, the parties desire to ensure that their respective rights and responsibilities under the Terms and Conditions For Purchase Of Smartheart® Pro Device And ECG Review Service (the “SMARTHEART® PRO Terms and Conditions”) reflect applicable federal statutory and regulatory requirements relating to the access, use and disclosure of health information, including without limitation the Federal Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104 191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 (the “HITECH Act”), and related regulations promulgated by the Secretary (“HIPAA Regulations”).
WHEREAS, to comply with the requirements of the HIPAA Regulations, Business Associate and Buyer have agreed to be bound by the following terms and conditions.
NOW, THEREFORE, in for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:
(a) Use and Disclosure. Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the SMARTHEART® PRO Terms and Conditions, this Addendum or as Required By Law.
(b) Appropriate Safeguards. Business Associate agrees to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 to prevent the use or disclosure of the Protected Health Information other than as provided for by this Addendum.
(c) Reporting. Business Associate agrees to promptly report to Buyer any use or disclosure of Protected Health Information not permitted by this Addendum of which Business Associate becomes aware (including Breaches of Unsecured Protected Health Information as required at 45 CFR 164.410) and any security incident of which it becomes aware.
(d) Subcontractors. Business Associate shall ensure, in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
(e) Access to Designated Record Sets. To the extent that Business Associate possesses and maintains Protected Health Information in a Designated Record Set, Business Associate agrees to provide access, at the request of Buyer, and in the time and manner mutually agreed between Business Associate and Buyer, to Protected Health Information in a Designated Record Set, to Buyer or, as directed by Buyer, to an Individual in order to satisfy Buyer’s obligations under 45 CFR § 164.524.
(f) Amendments to Designated Record Sets. To the extent that Business Associate possesses and maintains Protected Health Information in a Designated Record Set, Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Buyer pursuant to 45 CFR § 164.526, and in the time and manner mutually agreed between Business Associate and Buyer.
(g) Accounting. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to Buyer as necessary to satisfy Buyer’s obligations under 45 CFR 164.528, and to the extent that Business Associate is to carry out one or more of Buyer’s obligation(s) under Subpart E of 45 CFR Part 164, Business Partner will comply with the requirements of Subpart E that apply to Buyer in the performance of such obligation(s).
(h) Access to Books and Records. Business Associate agrees to make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
Business Associate may use and disclose Protected Health Information as required to satisfy its obligations under the SMARTHEART® PRO Terms and Conditions, as permitted herein, or as Required by Law. Business Associate shall use or disclose Protected Health Information only in connection with providing services to Buyer, except that Business Associate may use Protected Health Information (i) for Business Associate’s proper management and administrative services, (ii) to carry out the legal responsibilities of Business Associate or (iii) to provide data aggregation services relating to the health care operations of Buyer, if included under the SMARTHEART® PRO Terms and Conditions.
(a) Limitations in Notice of Privacy Practices. Buyer shall notify Business Associate of any limitation(s) in the notice of privacy practices of Buyer under 45 CFR § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information.
Restrictions to the Use or Disclosure of Protected Health Information. Buyer shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Buyer has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may
(b) affect Business Associate’s use or disclosure of Protected Health Information.
(c) Permissible Use Requests. Except for the permitted uses set forth in Section 3, Buyer will not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Buyer.
(a) Termination Upon Breach of Provisions Applicable to Protected Health Information. Any other provision of the SMARTHEART® PRO Terms and Conditions notwithstanding, in the event of an actual material breach of this Addendum that has not been cured within thirty (30) business days of Business Associate’s receipt of written notice specifying the nature or circumstances of the alleged breach, the SMARTHEART® PRO Terms and Conditions may be terminated by Buyer upon an additional thirty (30) business days written notice to Business Associate.
(b) Effect of Termination of SMARTHEART® PRO Terms and Conditions. In the event of termination or expiration of the SMARTHEART® PRO Terms and Conditions, this Addendum shall terminate subject to Business Associate’s duty to return or destroy Protected Health Information as set forth in Section 4(c) below.
(c) Return or Destruction of Protected Health Information upon Termination. Upon termination of the this Addendum, Business Associate shall, if feasible, either return or destroy all Protected Health Information that is subject to this Addendum and which Business Associate still maintains in any form as provided in the SMARTHEART® PRO Terms and Conditions. To the extent that the SMARTHEART® PRO Terms and Conditions require Business Associate to maintain Protected Health Information, the terms and provisions of this Addendum shall survive termination or expiration of this Addendum and such Protected Health Information shall be used or disclosed solely as authorized or required under the SMARTHEART® PRO Terms and Conditions.
(a) Effect. With respect to the use or disclosure of or access to Protected Health Information, the terms and provisions of this Addendum shall supersede any other conflicting or inconsistent terms and provisions in the SMARTHEART® PRO Terms and Conditions, including all exhibits or other attachments thereto and all documents incorporated therein by reference. Nothing herein shall be construed to require Business Associate to violate the SMARTHEART® PRO Terms and Conditions .
(b) Amendment. Business Associate and Buyer agree to amend further the SMARTHEART® PRO Terms and Conditions and these terms to the extent necessary to allow either party to comply with the Privacy Standards and the Security Standards as the same may be amended or recodified by the Secretary, or other applicable regulations or statutes.
(c) Defined Terms. Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning as defined in the Privacy Standards or Security Standards and corresponding official materials published, issued, or promulgated by the Secretary of the Department of Health and Human Services. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, limited to the information received by Business Associate from or on behalf of Buyer in connection with the SMARTHEART® PRO Terms and Conditions.