My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Agreement between DSHS Division of Behavioral Health and Recovery and KCPHD
>
Meetings
>
2018
>
05. May
>
2018-05-15 10:00 AM - Commissioners' Agenda
>
Agreement between DSHS Division of Behavioral Health and Recovery and KCPHD
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
5/14/2018 12:19:26 PM
Creation date
5/14/2018 12:17:16 PM
Metadata
Fields
Template:
Meeting
Date
5/15/2018
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Alpha Order
g
Item
Request to Approve an Agreement between the Department of Social and Health Services Division of Behavioral Health and Recovery and the Kittitas County Public Health Department
Order
7
Placement
Consent Agenda
Row ID
44613
Type
Agreement
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
57
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
(2) Business Associate shall make any amendments to PHI in a Designated Record Set as directed <br />by DSHS or as necessary to satisfy DSHS's obligations under 45 CFR 164.526 (Amendment of <br />Protected Health Information). <br />18. Subcontracts and other Third Party Agreements. In accordance with 45 CFR 164.502(e)(1)(ii), <br />164.504(e)(1)(i), and 164.308(b)(2), Business Associate shall ensure that any agents, Subcontractors, <br />independent contractors or other third parties that create, receive, maintain, or transmit PHI on <br />Business Associate's behalf, enter into a written contract that contains the same terms, restrictions, <br />requirements, and conditions as the HIPAA compliance provisions in this Contract with respect to such <br />PHI. The same provisions must also be included in any contracts by a Business Associate's <br />Subcontractor with its own business associates as required by 45 CFR 164.314(a)(2)(b) and <br />164.504(e)(5) . <br />19. Obligations. To the extent the Business Associate is to carry out one or more of DSHS's obligation(s) <br />under Subpart E of 45 CFR Part 164 (Privacy of Individually Identifiable Health Information), Business <br />Associate shall comply with all requirements that would apply to DSHS in the performance of such <br />obligation(s). <br />20. Liability. Within ten (10) business days, Business Associate must notify DSHS of any complaint, <br />enforcement or compliance action initiated by the Office for Civil Rights based on an allegation of <br />violation of the HIPAA Rules and must inform DSHS of the outcome of that action. Business Associate <br />bears all responsibility for any penalties, fines or sanctions imposed against the Business Associate for <br />violations of the HIPAA Rules and for any imposed against its Subcontractors or agents for which it is <br />found liable. <br />21. Breach Notification. <br />a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of <br />PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures <br />required by state or federal law. <br />b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any <br />acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not <br />authorized by HIPAA Rules or required by law of which it becomes aware which potentially <br />compromises the security or privacy of the Protected Health Information as defined in 45 CFR <br />164.402 (Definitions). <br />c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within <br />one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by <br />the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or <br />e-mail notification with a faxed or other written explanation of the Breach, to include the following: <br />date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of <br />Breach, origination and destination of PHI, Business Associate unit and personnel associated with <br />the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, <br />telephone number, fax number, and e-mail of the individual who is responsible as the primary point <br />of contact. Business Associate will address communications to the DSHS Contact. Business <br />Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other <br />information requested by DSHS, including advance copies of any notifications required for DSHS <br />review before disseminating and verification of the dates notifications were sent. <br />d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a <br />Breach of unsecured PHI: <br />(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), <br />DSHS Central Contract Services <br />1644CS Prevention Services - County (6-26-2015) Page 28 <br />
The URL can be used to link to this page
Your browser does not support the video tag.