Model Business Associate Agreement Template Page 3
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10The Texas Legislature has adopted certain privacy and security requirements that are
more restrictive than those required by HIPAA and HITECH, and such requirements are
applicable to Business Associates as “Covered Entities” as defined by Texas law; and
Because Business Associate and Covered Entity desire to enter into this Business
Associate Agreement, in consideration of the mutual promises set forth in this Agreement and
the applicable Business Arrangements, and other good and valuable consideration, the
sufficiency and receipt of which are hereby acknowledged, the Parties agree as follows:
1.
Business Associate Obligations. Business Associate may receive from Covered Entity,
or create or receive on behalf of Covered Entity, health information that is protected under
applicable state and/or federal law, including without limitation, PHI and EPHI. All references
to PHI herein shall be construed to include EPHI. Business Associate agrees not to use or
disclose (or permit the use or disclosure of) PHI in a manner that would violate the Privacy
Standards, Security Standards the HITECH Act, or Texas law, including without limitation the
nd
provisions of Texas Health and Safety Code Chapters 181 and 182 as amended by HB 300 (82
Legislature), effective September 1, 2012, in each case including any implementing regulations
as applicable (collectively referred to hereinafter as the “Confidentiality Requirements”) if the
PHI were used or disclosed by Covered Entity in the same manner.
2.
Use of PHI. Except as otherwise required by law, Business Associate shall use PHI in
compliance with 45 C.F.R. § 164.504(e). Furthermore, Business Associate shall use PHI (i)
solely for Covered Entity’s benefit and only for the purpose of performing services for Covered
Entity as such services are defined in Business Arrangements, (ii) for Data Aggregation
Services (as hereinafter defined), and (iii) as necessary for the proper management and
administration of the Business Associate or to carry out its legal responsibilities, provided that
such uses are permitted under federal and state law.
For avoidance of doubt, under no
circumstances may Business Associate sell PHI in such a way as to violate Texas Health and
nd
Safety Code, Chapter 181.153, as amended by HB 300 (82
Legislature), effective September
1, 2012, nor shall Business Associate use PHI for marketing purposes in such as manner as to
violate Texas Health and Safety Code Section 181.152, or attempt to re-identify any information
in violation of Texas Health and Safety Code Section 181.151, regardless of whether such
action is on behalf of or permitted by the Covered Entity.
To the extent not otherwise prohibited in the Business Arrangements or by applicable law, use,
creation and disclosure of de-identified health information, as that term is defined in 45 CFR
§ 164.514, by Business Associate is permitted.
3.
Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate
may disclose PHI to any third party persons or entities as necessary to perform its obligations
under the Business Arrangement and as permitted or required by applicable federal or state law.
3.1
Business Associate shall not [and shall provide that its directors,
officers, employees, subcontractors, and agents, do not] disclose PHI to any other
person (other than members of their respective workforce as specified in subsection
3.1(ii) below), unless disclosure is required by law or authorized by the person
whose PHI is to be disclosed. Any such disclosure other than as specifically
THSA– Model Business Associate Agreement
Page 3
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business