These Standard HIPAA Business Associate Agreement Terms and Conditions ("HIPAA Addendum") shall be incorporated into the Service Agreement for Customers that are Covered Entities (as defined below) and that provide Protected Health Information ("PHI")(as defined below) to PatientPop in connection with the services they have purchased. These terms supplement and are made part of the purchase agreement between PatientPop and Customers ("Underlying Agreement") in order to comply with the federal Standards for Privacy of Individually Identifiable Health Information, located at 45 C.F.R. Part 160 and Part 164, Subparts A through E ("Privacy Rule") and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the "HITECH Act").
WHEREAS, in order to ensure that Covered Entity and Business Associate remain in compliance with the HIPAA Rules and other applicable federal and state laws and regulations regarding the disclosure of PHI to Business Associate, the parties have agreed to enter into this Agreement.
NOW THEREFORE, Covered Entity and Business Associate agree as follows:
"Protected Health Information" or "PHI" shall have the meaning set forth in the Privacy Rule, limited to information that Business Associate creates, accesses or receives from or on behalf of Covered Entity. PHI includes EPHI.
"Privacy Rule" means the Standards for Privacy of Individually Identifiable Health Information, codified at 45 CFR parts 160 and 164, Subparts A, D and E, as currently in effect.
"Security Incident" shall have the same meaning as the term "security incident" at 45 CFR 164.304.
"Security Rule" means the Standards for Security for the Protection of Electronic Protected Health Information, codified at 45 CFR parts 160 and 164, Subpart C, as currently in effect.
"Unsecured Protected Health Information" or "Unsecured PHI" shall have the same meaning as the term "unsecured protected health information" in 45 CFR § 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.