BUSINESS ASSOCIATE AGREEMENT (Confidentiality Agreement)
This Agreement ("Agreement") is between the undersigned and Keystone Insights, LLC, a Wisconsin limited liability company ("Keystone").
The Undersigned is a "Health Care Provider," as defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and that act's implementing rules and regulations (collectively, "HIPAA") or a "Business Associate," as defined by HIPAA, of a "Health Care Provider." Keystone will receive electronic dictations from the Undersigned and shall electronically store, perform transcription services and electronically transfer the transcribed dictation on behalf of the Undersigned which will involve the use or disclosure of individually identifiable electronic protected health information ("PHI") which requires the Undersigned and Keystone to enter into this Agreement.
1. Permitted Use. Keystone is permitted to use and disclose PHI that it creates or receives on the Undersigned's behalf or receives from the Undersigned (or another business associate of the Undersigned) only to perform transcription services, which include the transfer and storage of medical dictations that may contain PHI, as well as the transcription of the dictation by Keystone's third-party subcontractors, or otherwise as required by law. Keystone will make reasonable efforts to use, disclose, and request only the minimum amount of PHI reasonably necessary to accomplish the transcription services.
2. Restricted Access. Keystone will develop, implement, maintain, and use appropriate administrative, technical, and physical safeguards to protect the privacy, confidentiality, integrity and availability of the PHI. The safeguards must reasonably protect the PHI from any intentional or unintentional use or disclosure in violation of HIPAA and shall limit incidental uses or disclosures made pursuant to a use or disclosure otherwise permitted by this Agreement.
3. Subcontractors and Agents. Keystone will require any third-party transcriptionist performing transcription services on its behalf, to which Keystone is expressly permitted by this Agreement to disclose the PHI, to provide reasonable assurance that the subcontractor will comply with the same privacy and security safeguard obligations with respect to the PHI that are applicable to Keystone under this Agreement by entering into a separate agreement with the subcontractor.
4. Permitted Disclosures/Required Access. Keystone shall not use PHI in any way, other than as permitted in this Agreement, and shall not disclose or provide another access to PHI, unless such disclosure is to Keystone's third-party transcriptionists, the Undersigned or is required by law. Keystone must allow access to any records or internal practices upon request from the Undersigned or the Department of Health and Human Services. Keystone shall not directly or indirectly receive remuneration in exchange for any PHI unless the Undersigned or Keystone obtains a valid authorization from the individual. Keystone shall honor and comply with, as applicable, the rights created by HIPAA for patients relating to PHI access, amendment, disclosure accounting and restriction agreements.
5. Unauthorized Disclosures. In the event Keystone becomes aware that a disclosure of PHI has occurred, other than as permitted by this Agreement, Keystone shall immediately take action to minimize the extent of the disclosure and report to the Undersigned the following: (a) what PHI was disclosed, (b) the date of the disclosure, (c) a description of how the disclosure occurred and (d) a description of the steps and measures Keystone has and will take to address the unauthorized disclosure and prevent future disclosures.
6. Termination. This Agreement may be terminated by either party at any time and for any reason. All PHI held by Keystone at the time of termination will be returned or destroyed in accordance with the requirements set forth by HIPAA.
By executing your electronic signature below, you are signing a binding agreement which creates certain obligations for you. Further, you represent that your personal information on record with Keystone is true and correct and you agree to update your personal information with Keystone, as appropriate.