Attachment B:  HIPAA Business Associate Contract

Rock Solid Foundation, LLC, 1460 E. Whitestone Blvd., Cedar Park, Texas, 78613 expressly agree and contract as follows:

​

Rock Solid, in order to meet ORGANIZATION’s HIPAA and DHHS regulatory requirements, agrees to and will provide such reasonable assurances and further asserts that it has or will implement and/or maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure the integrity and confidentiality of all PHI that it receives or possesses from ORGANIZATION. 

 

Rock Solid, LLC further agrees to and will protect all PHI against reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized uses or disclosures of the information.

 

ORGANIZATION and Rock Solid agree as follows: 

 

          1.  Rock Solid assures ORGANIZATION that Rock Solid will appropriately safeguard protected health information made available to or obtained by                      Rock Solid. 

                 

          2.  Rock Solid agrees to comply with applicable requirements of law relating to PHI and with respect to any task or other activity that Rock Solid                            performs on behalf of ORGANIZATION to the extent ORGANIZATION would be required to comply with such requirements. 

 

The agreement of Rock Solid set forth in items 1 and 2 above, and the additional provisions relating to permitted and required uses and disclosures thereof that shall be from time to time provided to Rock Solid by ORGANIZATION in accordance with applicable law constitute a contract between ORGANIZATION and Rock Solid establishing the permitted and required uses and disclosures of such PHI by Rock Solid. 

 

 

          1.  Rock Solid agrees that he/she/they will-¬

               A.  Not use or further disclose such information other than as permitted or required by this Agreement. 

               B.  Not, except as necessary for the proper management and administration and performance of Rock Solid’s duties under this Agreement and the                        Contractor Agreement, use, reproduce, disclose, or provide to third parties any confidential documents or information relating to the                                      ORGANIZATION or clients of ORGANIZATION without the prior written consent or authorization of ORGANIZATION or of ORGANIZATION’s                      client(s). If Rock Solid uses such information for the purposes set forth above, it will do so only if the disclosure is required by law or if Rock Solid                      obtains reasonable assurances from the person(s) to whom the information is disclosed that the information disclosed will be held confidential and                    will be used or further disclosed only as required by law or for the purpose for which Rock Solid disclosed it to the person(s). Rock Solid shall also                    ensure that the person(s) to whom Rock Solid so discloses information notifies ORGANIZATION of any instances of breach of confidentiality that                      such person is aware of. 

          2.      Rock Solid shall ensure that its personnel, employees, affiliates, and agents maintain the confidentiality of client health information and business                        information of ORGANIZATION. 

          3.      Rock Solid shall not use or further disclose the information in a manner that would violate the requirements of applicable law if done by                                  ORGANIZATION. 

          4.      Rock Solid shall use appropriate safeguards to prevent use or disclosure of such information other than as provided for by this Agreement. 

          5.      Rock Solid shall report to ORGANIZATION any use or disclosure of such information not provided for by this Agreement of which Rock Solid                          becomes aware. 

          6.      Rock Solid shall ensure that any subcontractors or agents to whom Rock Solid provides PHI received from ORGANIZATION agree to the same                        restrictions and conditions that apply to Rock Solid with respect to such information. 

          7.      Rock Solid shall make available PHI in accordance with applicable law. 

          8.      Rock Solid shall provide individuals who are the subject of PHI received from ORGANIZATION their rights as made applicable to business                              associates of covered entities. 

          9.      Rock Solid shall maintain standard records pursuant to this agreement and to provide such records and other necessary information to                                    ORGANIZATION as may be requested or required in writing and as permitted by law. Rock Solid agrees that all records kept in connection with t                    this Agreement are subject to review and audit by ORGANIZATION upon reasonable notice and written request by ORGANIZATION. 

        10.      Make Rock Solid’s internal practices, books, and records relating to the use and disclosure of PHI received from ORGANIZATION available to the                    Secretary of DHHS for purposes of determining ORGANIZATION’s compliance with applicable law (in all events, Rock Solid shall immediately                        notify ORGANIZATION upon receipt by Rock Solid of any such request and shall provide ORGANIZATION copies of any such materials). 

        11.      Upon termination of this Agreement by either party for any reason, Rock Solid shall return or destroy all PHI received from ORGANIZATION that                      Rock Solid is not required to maintain by State or Federal law. Rock Solid shall remain obligated not to use, disclose, or provide such information                      to third parties unless and until otherwise required to do so by law. Rock Solid shall incorporate any amendments or corrections to PHI when                            notified pursuant to applicable law. Rock Solid shall maintain comprehensive general liability insurance throughout the term of this Agreement in                        minimum limits of $1,000,000 per occurrence or per claim. In the event Rock Solid secures claims insurance coverage, it agrees to purchase an                      unlimited reporting endorsement upon the cancellation or termination of said coverage. Rock Solid agrees to provide ORGANIZATION a                                certificate of insurance evidencing such coverage prior to the effective date of this Agreement and any renewals thereof. If Rock Solid proposes to                    voluntarily cancel or not renew any existing coverage, change the carrier thereof, change the terms thereof, or reduce the limits of such coverage,                    Rock Solid, shall give written notice thereof to ORGANIZATION, specifying the nature and proposed date of such proposed cancellation,                              nonrenewal, change, or reduction. If such proposed cancellation, nonrenewal, change, or reduction is not acceptable to ORGANIZATION,                            within 30 days after receipt of notice from Rock Solid, ORGANIZATION may notify Rock Solid of the termination of this Agreement effective upon                    the date of such proposed cancellation, non-renewal, change, or reduction. 

         12.     Rock Solid agrees to indemnify and hold harmless ORGANIZATION, its Board of Directors, officers, agents, employees, and personnel (                                “Indemnified Party”) from and against any and all claims, demands, suits, losses, causes of action, or liability that the Indemnified Party may                            sustain as a result of Rock Solid’s breach of its duties or the indemnifying party’s errors or omissions within the terms of this Agreement or vicarious                      liability of ORGANIZATION for any act or conduct of Rock Solid  that constitutes fraud, misrepresentation, or violation of any law, including                            violation of any statute or regulation applicable to the conduct of Rock Solid provided pursuant to this Agreement. This indemnification shall i                            include reasonable expenses, including attorney’s fees incurred by defending such claims and damages incurred by reason of the indemnifying                        party’s failure to comply with applicable laws, ordinances, and regulations or for damages caused by the indemnifying party. 

         13.     ORGANIZATION may terminate this Agreement without penalty or recourse if ORGANIZATION determines that Rock Solid has violated a                              material term of the provisions of this Agreement. 

 

Rock Solid agrees that this Agreement may be amended from time to time by ORGANIZATION if and to the extent required by the provisions of 42 U.S.C. 1171 et seq. enacted by the HIPAA and regulations promulgated there under in order to assure that this Agreement is consistent with those regulations.