At JDL HealthTech, a division of JDL Technologies Inc., we take HIPAA compliance very seriously, and we maintain compliance in order to serve and support our clients as a HIPAA-compliant Business Associate. Our BA Addendum appears below for your information, and can be completed and signed online as part of your overall agreement for healthcare IT services.
COMPANY NAME ("JDL Technologies.") and the entity listed below ("CUSTOMER") are parties to one or more
agreements under which COMPANY provides services to CUSTOMER (collectively, the "Agreement"). In the event COMPANY
has access to PHI while providing services to CUSTOMER under the Agreement, then COMPANY shall be deemed a Business
Associate of CUSTOMER for the purposes of the Health Insurance Portability and Accountability Act of 1996, as amended (the
"Act"), including the federal privacy regulations (the "Privacy Rule") and the security regulations (the "Security Rule") promulgated
pursuant to HIPAA and codified at 45 C.F.R. parts 160 and 164 (collectively, "HIPAA"). COMPANY and CUSTOMER (each, a
"Party" and collectively the "Parties") desire to amend certain terms of the Agreement as provided in this addendum (the
"Addendum"). In consideration of the mutual covenants and conditions contained in the Agreement and this Addendum, the receipt,
adequacy and sufficiency of which are hereby acknowledged, the Parties acknowledge that the Agreement is hereby amended as
The terms and conditions contained in the Agreement, this Addendum, and any prior addendums, including any attachments
or exhibits, are part of the Agreement and incorporated into the Agreement by reference. By signing this Addendum, the
Parties acknowledge having read and understood this Addendum, and agree to be bound by its terms. In case any term of this
Addendum conflicts with any term of the Agreement, the terms of this Addendum shall prevail.
This Addendum may be executed in counterparts, each of which shall be deemed to be an original, and all of which together
shall constitute one in the same Addendum. For the purposes of this Addendum, a facsimile signature shall be deemed an
JDL Technologies, Inc :
Name: Scott Fluegge
1. Definitions. Unless otherwise defined in this Agreement, capitalized terms shall have the meanings set forth in HIPAA.
2. Disclosure or Use of Protected Health Information ("PHI"). COMPANY shall use and/or disclose PHI received from
CUSTOMER or its authorized submitters only as permitted or required by this Business Associate Amendment or as Required by
Law. COMPANY shall be entitled to disclose and use PHI received from CUSTOMER or its authorized submitters (i) for the purpose
of providing the Services or as otherwise directed or requested by CUSTOMER, (ii) for the proper management and administration of
COMPANY's business, (iii) to carry out COMPANY's legal responsibilities, or (iv) as otherwise permitted or Required By Law.
Without limiting the generality of the foregoing, COMPANY reserves the right at its sole discretion to disclose an Individual's PHI in
response to, and in accordance with, a valid authorization executed by the Individual that meets the requirements set forth in the
Privacy Rule. CUSTOMER authorizes COMPANY to de-identify PHI created or received by COMPANY on behalf of CUSTOMER,
provided that the de-identification conforms to the requirements of the Privacy Rule. The resulting de-identified information may be
used and disclosed by COMPANY to the extent permitted under applicable law, for consideration or otherwise.
3. Safeguards Against Misuse of PHI. COMPANY agrees that it will implement appropriate safeguards to prevent the use or
disclosure of PHI received from CUSTOMER or its authorized submitters other than pursuant to the terms and conditions of this
Business Associate Amendment.
4. Safeguards Related to Integrity of Electronic PHI. COMPANY agrees to implement administrative, physical, and
technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic PHI that
it creates, receives, maintains, or transmits on behalf of CUSTOMER.
5. Security of Electronic PHI. COMPANY shall report to CUSTOMER any Security Incident with respect to Electronic PHI
of which it becomes aware and which has compromised the protections set forth in the Security Rule. This reporting obligation does
not include trivial occurrences, such as scans, "pings" or unsuccessful attempts to penetrate computer networks or servers containing
PHI maintained by COMPANY; provided that, upon CUSTOMER's written request, COMPANY will provide an aggregate report of
the number of such trivial occurrences.
6. Reporting of Disclosures of PHI. COMPANY shall report to CUSTOMER any use or disclosure of PHI in violation of this
Business Associate Amendment as soon as reasonably possible after becoming aware of the disclosure.
7. Agents and Subcontractors. COMPANY shall enter into an agreement with any of its subcontractors or agents that will
have access to any PHI that is subject to this Business Associate Amendment, pursuant to which the agent or subcontractor agrees to
be bound by the same restrictions, terms, and conditions on the use of PHI that apply to COMPANY pursuant to this Business
Associate Amendment. In addition, COMPANY shall enter into an agreement with any of its subcontractors or agents to whom it
provides Electronic PHI, pursuant to which the agent or subcontractor agrees to implement reasonable and appropriate safeguards to
protect the Electronic PHI.
8. Availability of Books and Records. COMPANY hereby agrees to make its internal practices, books, and records relating to
the use and disclosure of PHI received from, or created or received by COMPANY on behalf of, the CUSTOMER reasonably
available to the Secretary of the United States Department of Health and Human Services for purposes of determining CUSTOMER's
compliance with the Privacy Rule and/or the Security Rule.
9. Liability. COMPANY shall indemnify CUSTOMER for any costs or expenses incurred in connection with claims asserted
against CUSTOMER that arise as a result of COMPANY's gross negligence or willful misconduct in handling CUSTOMER's PHI.
10. Assisting with Patients' Rights. COMPANY agrees to make available to CUSTOMER information necessary for
CUSTOMER to make an accounting of disclosures of PHI about an Individual in accordance with 45 CFR 164.528, as amended. In
addition, to the extent COMPANY possesses PHI that constitutes a Designated Record Set, COMPANY agrees, at CUSTOMER's
sole cost and expense, (i) to make available PHI necessary for CUSTOMER to respond to Individuals' requests for access to their PHI
in accordance with 45 CFR 164.524, and (ii) to make available PHI for amendment and to incorporate any amendments or corrections
to the PHI in accordance with 45 CFR 164.526. Notwithstanding the preceding sentence, the parties agree that COMPANY does not
maintain, and shall have no obligation to maintain, any Designated Record Sets on CUSTOMER's behalf. In the event any Individual
requests access to PHI in CUSTOMER's Designated Record Sets directly from COMPANY, COMPANY shall, within thirty (30)
business days, forward such request to the CUSTOMER. Any response to such requests or denials of access to, or amendment of,
CUSTOMER's PHI shall be the responsibility of CUSTOMER. Notwithstanding the above, nothing in this Section is intended to
prevent COMPANY from releasing PHI in response to an Individual's valid authorization.
11. CUSTOMER Obligations. CUSTOMER agrees to obtain any consent or authorization that may be required by the Privacy
Rule or any other applicable law and/or regulation prior to furnishing COMPANY with PHI. CUSTOMER also agrees to inform
COMPANY of any PHI that is subject to any arrangements permitted or required of CUSTOMER under the Privacy Rule that may
materially impact in any manner the use and/or disclosure of PHI by COMPANY under this Business Associate Amendment,
including, but not limited to, restrictions on the use and/or disclosure of PHI as provided for in 45 C.F.R. - 164.522 and agreed to by
CUSTOMER. CUSTOMER shall not request COMPANY to make any use or disclosure of PHI that would not be permitted under
the Privacy Rule if made by CUSTOMER directly.
12. No Third Party Beneficiaries. Nothing expressed or implied in this Business Associate Amendment or the Agreement is
intended to confer, nor shall it confer, upon any person any rights, remedies, obligations or liabilities other than those explicitly
detailed in this Business Associate Amendment or the Agreement.
13. Termination. Failure of COMPANY to comply with any of the provisions contained in this Business Associate Amendment
shall be deemed a breach under the Agreement, and CUSTOMER shall be entitled to exercise all available rights, including
termination, as provided in the Agreement. Upon termination or expiration of the Agreement, COMPANY shall return, destroy or de-identify all PHI received from, or created or received by COMPANY on behalf of, CUSTOMER that remains in COMPANY's
possession or control and shall retain no copies of that PHI, or, if the return or destruction is not feasible in COMPANY's
determination, extend the protections of this Business Associate Amendment to the retained PHI and limit further uses and disclosures
to those purposes that make the return or destruction infeasible.
14. Effective Date. The effective date of this Business Associate Amendment is the effective date of the Agreement, except that
such terms or conditions related to Electronic PHI only shall be effective the later of the applicable Security Rule compliance date for
the CUSTOMER or the effective date of the Agreement