Provider Registration

  • 1. Create Profile
  • 2. Enter Contacts
  • 3. create bundles
  • 4. review & submit
   
MUTUAL NON-DISCLOSURE AGREEMENT (MNDA) and
HIPAA BUSINESS ASSOCIATE AGREEMENT (BAA)

MUTUAL NON-DISCLOSURE AGREEMENT (MNDA)
THIS MUTUAL NON-DISCLOSURE AGREEMENT is effective as of the date of Provider's acceptance of this Agreement via electronic signature (the "Effective Date").

Access HealthNet, LLC ("AHN") and Provider may discuss a possible business relationship and either party might share information with the other party that is considered to be proprietary and confidential. Such information will be disclosed for the aforesaid purpose and for no other purpose in accordance with the following understandings:

1. Confidential Information.

1.1 Each party shall: (i) maintain any information, whether written or otherwise, related to the business and/or technology of the other party that it receives from the other party (collectively, "Confidential Information") in strict confidence at all times; and (ii) not disclose, use, transmit, inform or make available to any entity, person or body any of the disclosing party's Confidential Information except for the purpose of evaluating and engaging in discussions concerning a potential business relationship between the parties or as expressly permitted by the disclosing party in writing prior to disclosure.

1.2 Confidential Information shall include, but not be limited to: (i) business plans, methods and practices; (ii) personnel, customers, and suppliers; (iii) inventions, processes, methods, products, patent and patent applications, and other proprietary rights; and (iv) specifications, drawings, sketches, models, samples, tools, software, computer programs, technical information, and/or other related information.

1.3 Confidential Information is proprietary and confidential and constitutes the disclosing party's trade secrets. The receiving party shall have no right, title or interest in or to the disclosing party's Confidential Information. The receiving party may not use (or disclose to a third party for such party's use of) Confidential Information in competition with the disclosing party. The receiving party shall treat all Confidential Information in a confidential manner to the extent permitted by applicable law. Nothing in this Agreement shall be deemed a limitation or waiver by either party of any rights or protections of the disclosing party under the Wisconsin Uniform Trade Secrets Acts and the federal Defend Trade Secrets Act.

1.4 All Confidential Information shall remain the property of the disclosing party. The receiving party shall use the same care and discretion to avoid disclosure of Confidential Information as it uses with its own similar information that it does not wish disclosed, but in no event less than a reasonable standard of care.

1.5 Unless permitted in writing by the disclosing party, the receiving party shall not: (i) decompile, disassemble, reverse engineer or otherwise attempt to reduce the other party's Confidential Information; (ii) attempt to determine any source code, algorithms, methods or techniques embodied in any Confidential Information; (iii) copy, modify, adapt, transfer, translate, disclose, rent, lease, grant a security interest in, or license the other party's Confidential Information, or any portion thereof; (iv) create derivative works based upon the other party's Confidential Information, or any portion thereof; or (v) remove any copyright or proprietary notices or labels in or on the other party's Confidential Information.

2. Permitted Disclosures

2.1 The receiving party may disclose the other party's Confidential Information to its employees and employees of permitted subcontractors and affiliates who have a need to know (each, an "Affiliate"); provided, however, that before disclosure to any Affiliate, the receiving party shall have a written agreement with Affiliate sufficient to require the Affiliate to treat the Confidential Information in accordance with this Agreement.

2.2 The restrictions set forth in this Agreement, shall not apply to any Confidential Information which the receiving party can demonstrate: (i) is or becomes known to the public through no breach of this Agreement; (ii) was previously known by the receiving party without any obligation to hold it in confidence; (iii) is received from a third party free to disclose such information without restriction; (iv) is independently developed by the receiving party without the use of the Confidential Information of the disclosing party; or (v) is approved for release by the prior written authorization of the disclosing party, but only to the extent of such authorization.

2.3 The receiving party may disclose Confidential Information that is required to be disclosed by law, regulation, or a valid order of a court or other state or United States governmental body, but only to the extent and for the purpose of such required disclosure, and only if the receiving party first notifies the disclosing party of the order and permits the disclosing party to seek an appropriate protective order.

3. Further Obligations.

3.1 The receiving party shall return to the disclosing party any and all records, notes and other written, printed or tangible materials pertaining to the Confidential Information of the disclosing party immediately on the written request of the disclosing party.

3.2 Upon the effective date of the termination of this Agreement, the receiving party shall destroy or return to the disclosing party all written material containing any Confidential Information of the disclosing party and if applicable, confirm the destruction of the Confidential Information upon written request, provided that the receiving party may retain copies of the Confidential Information to the extent required to comply with applicable law, and provided further, that nothing herein shall require the alteration, modification, deletion or destruction of backup tapes or other back up media made in the ordinary course of business.

4. Miscellaneous.

4.1 The parties agree that the disclosing party will suffer irreparable injury if its Confidential Information is made public, released to a third party, or otherwise disclosed in breach of this Agreement and that the disclosing party shall be entitled to obtain injunctive relief against a threatened breach or continuation of any such breach and, in the event of such breach, an award of actual and exemplary damages.

4.2 Nothing in this Agreement shall be construed to constitute an agency, partnership, joint venture, or other similar relationship between the parties.

4.3 Neither party will, without prior approval of the other party, make any public announcement of or otherwise disclose the existence or the terms of this Agreement.

4.4 This Agreement in no way creates an obligation for either party to disclose information to the other party or to enter into any other agreements. This Agreement may only be amended in writing signed by both parties.

4.5 This Agreement shall remain in effect for the longest period permitted by law and may only be terminated upon the mutual written agreement of both parties. The requirement to protect the Confidential Information subject to this Agreement shall survive termination of this Agreement.

4.6 This Agreement shall be governed by the laws of the State of Wisconsin. This Agreement shall be enforced in the courts of the State of Wisconsin.

4.7 In the event of litigation to enforce the terms of this Agreement, the prevailing party shall be entitled to recover all reasonable costs and expenses, including attorneys' fees and court costs incurred in such litigation, in addition to any other relief granted.

HIPAA BUSINESS ASSOCIATE AGREEMENT (BAA)
THIS HIPAA BUSINESS ASSOCIATE AGREEMENT is effective as of the date of Provider's acceptance of this Agreement via electronic signature (the "Effective Date").

WHEREAS, for purposes of HIPAA (defined below), Provider provides various healthcare services to individuals enrolled in a program offered by Access HealthNet, LLC (the "AHN Program") and Provider is classified as a Covered Entity (defined below);

WHEREAS, AHN performs or assists in performing an activity on behalf of Provider involving the use or disclosure of PHI (defined below) that is created or received by AHN for, from or on behalf of Provider;

WHEREAS, for purposes of HIPAA, AHN is a business associate of Provider; and

WHEREAS, this Agreement modifies any future written or oral agreement or arrangements between the parties (collectively with existing agreements and arrangements between the parties), including the agreement that Provider and AHN will execute related to Provider's provision of services under the AHN Program (the "Provider Agreement").

IN CONSIDERATION of the above recitals and covenants contained in this Agreement, the parties agree as follows:

1. Permitted Uses and Disclosures of Protected Health Information.

1.1 Provision of Services. AHN provides services related to the AHN Platform that involve the use and/or disclosure of PHI ("Services"). Except as otherwise specified herein, AHN may make any and all uses of PHI necessary to perform its obligations on behalf of Provider. All other uses not authorized by this Agreement are prohibited. Moreover, AHN may disclose PHI for the purposes authorized by this Agreement only: (i)to its employees, subcontractors and agents, in accordance with this Agreement or applicable law; (ii)as directed by Provider; or (iii)as otherwise permitted under applicable law and/or by the terms of this Agreement including, but not limited to, Section 1.2.2 below.

1.2 Business Activities of AHN. Unless otherwise limited herein, AHN may:

1.2.1 Use PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of AHN provided that such uses are permitted under state and federal confidentiality laws.

1.2.2 Disclose PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of AHN, provided that AHN represents to Provider, in writing, that: (i) the disclosure is required by law, as provided for in 45 C.F.R. §164.103; or (ii) AHN has received from the third party written assurances regarding its confidential handling of such PHI as required under 45 C.F.R. § 164.504(e)(4) and the third party notifies AHN of any breaches in the confidentiality of PHI.

1.2.3 AHN's proper management and administration does not include the use or disclosure of PHI for its marketing purposes or to support marketing.

1.3 Additional Activities of AHN. In addition to using PHI to perform Services, AHN may:

1.3.1 If Services include data aggregation services, aggregate PHI in its possession with protected health information that AHN has in its possession through its capacity as a Business Associate provided that the purpose of such aggregation is to provide Provider with data analyses relating to the Health Care Operations (defined below) of Provider.

1.3.2 If the Provider Agreement provides for de-identification or when explicitly authorized by Provider, de-identify the PHI, provided that the de-identification conforms to the requirements of 45 C.F.R. §164.514, and further provided that Provider maintains the documentation required by 45 C.F.R. §164.514(b), which may be in the form of a written assurance from AHN. Pursuant to 45 C.F.R. §164.502(d)(2), de-identified information does not constitute PHI and is not subject to the terms of this Agreement.

2. Responsibilities of AHN.

2.1 Use and Disclosure of PHI. With regard to its use and/or disclosure of PHI, AHN hereby agrees to do the following:

2.1.1 Use and/or disclose PHI only as permitted or required by this Agreement or as otherwise required by law, provided that such use or disclosure would not violate HIPAA if done by Provider.

2.1.2 Report to Provider's Compliance Officer (defined below), in writing, any use and/or disclosure of PHI that is not permitted or required by this Agreement of which AHN becomes aware as required under HIPAA, and any Security Incident (defined below) of which it becomes aware.

2.1.3 Establish procedures for mitigating, to the greatest extent possible, any deleterious effects from any improper use and/or disclosure of PHI or Security Incident AHN reports to Provider.

2.1.4 Use commercially reasonable efforts to maintain the security of PHI and to prevent unauthorized use and/or disclosure of PHI.

2.1.5 Comply with any additional requirements of HITECH (defined below) that relate to privacy and security and that are made applicable with respect to Business Associates.

2.1.6 Along with its agents or subcontractors, if any, only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure. AHN agrees to comply with the guidance of the Secretary of the U.S. Department of Health and Human Services (the "Secretary") on what constitutes "minimum necessary".

2.1.7 Require all of its subcontractors and agents that receive or use, or have access to, PHI to agree, in writing, to adhere to the same restrictions and conditions on the use and/or disclosure of PHI that apply to AHN pursuant to this Agreement.

2.1.8 Make available all records, books, agreements, policies and procedures relating to the use and/or disclosure of PHI to the Secretary for purposes of determining Provider's compliance with HIPAA, subject to attorney-client and other applicable legal privileges.

2.1.9 Use and disclose to its subcontractors, agents or other third parties, and request from Provider, only the minimum PHI necessary to perform or fulfill a specific function or purpose required or permitted hereunder.

2.1.10 Implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of ePHI (defined below) as required by HIPAA and any guidance issued by the Secretary pursuant to HITECH.

2.1.11 Ensure that any agent, including a subcontractor to whom AHN provides ePHI, agrees to implement reasonable and appropriate safeguards to protect the ePHI.

2.1.12 Report to Provider's Compliance Officer, in writing, any Security Incident of which AHN becomes aware.

2.1.13 Provide its employees and workforce members who will have access to PHI with general HIPAA related training and education prior to allowing such employees' and workforce members' access to PHI.

2.2 Safeguards Against Misuse of Information. AHN acknowledges that the HIPAA Rules and HITECH apply directly to AHN and agrees to comply with such rules and regulations as applicable. AHN shall develop, implement, maintain and use appropriate administrative, physical and technical security measures to preserve the confidentiality, integrity and availability of all electronically maintained or transmitted PHI created, received, maintained or transmitted for, from, or on behalf of, Provider.

2.3 Reporting of a Breach. AHN shall report to Provider's Compliance Officer, in writing, any Breach (defined below) of Unsecured PHI (defined below). A Breach of Unsecured PHI shall be treated as "discovered" as of the first day on which such Breach is known to AHN or, by exercising reasonable diligence, would have been known to AHN.

2.4 Investigation of Breach. AHN shall immediately conduct an investigation of a Breach in coordination with Provider and report its findings to Provider.

2.5 Coordination of Breach Notification. AHN shall cooperate with Provider with respect to any required Breach notifications.

2.6 Mitigation. AHN shall mitigate, to the extent practicable, any harmful effect that is known to AHN of a misuse or unauthorized disclosure of PHI by AHN in violation of the requirements of this Agreement.

2.7 Access to PHI. AHN shall make available to Provider the PHI it requests for so long as AHN maintains the PHI. If any individual requests access to PHI about the individual directly from AHN, AHN shall notify Provider of its receipt of such a request. At Provider's option or when required by law, AHN shall make available and provide a right of access to the PHI to the individual, at the times and in the manner required under HIPAA.

2.8 Accounting of Disclosures of Protected Health Information. AHN shall record for each disclosure of PHI to its subcontractors, agents or other third parties: (i) the date of the disclosure; (ii) the name and address (if known) of the person or entity to whom AHN made the disclosure; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure. AHN need not record such disclosure information that this Agreement or Provider in writing permits or requires for the purpose of Provider's treatment activities, payment activities or health care operations, except as may otherwise be required by applicable law. AHN shall provide to Provider such information as is requested by Provider to permit Provider to respond to a request by an individual for an accounting of the disclosures of the individual's PHI in accordance with 45 C.F.R. §164.528.

2.9 No Sale of Protected Health Information. AHN shall not directly or indirectly receive remuneration in exchange for any PHI unless AHN: (i) has obtained prior written approval from Provider; and (ii) has received a valid written authorization from the individual that specifies that AHN can further exchange PHI about the individual for remuneration, in accordance with the requirements of 45 C.F.R. §164.508 and HITECH. The foregoing provision shall not apply to any transfer of funds in accordance with the Provider Agreement.

3. Responsibilities of the Provider.

3.1 Changes in Individual Permission to Use or Disclose PHI. Provider shall notify AHN of any changes in, or revocation of, the permission by an individual to use or disclose his/her PHI, to the extent that such changes may affect AHN's use or disclosure of PHI.

3.2 Restrictions on Use or Disclosure of PHI. Provider shall notify AHN of any restriction on the use or disclosure of PHI that Provider has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect AHN's use or disclosure of PHI.

4. Term and Termination.

4.1 Term. This Agreement shall become effective as of the date set forth above and shall continue in effect until all obligations of the parties have been met under the Provider Agreement, unless terminated as provided in this Section4. In addition, certain provisions and requirements of this Agreement shall survive its expiration or other termination in accordance with Section4.3, below.

4.2 Termination by Provider. Provider may immediately terminate this Agreement and the Provider Agreement, any other provision of the Provider Agreement notwithstanding, if Provider makes the determination, that AHN has breached a material term of this Agreement. Alternatively, Provider may choose to: (i) provide AHN with written notice of the existence of an alleged Breach; and (ii) afford AHN an opportunity to cure said alleged Breach. Failure to cure in the manner set forth in this Agreement is grounds for the immediate termination of this Agreement and the Provider Agreement, any other provision of the Provider Agreement notwithstanding.

4.3 Effect of Termination. After the termination of this Agreement and the Provider Agreement, AHN shall, at Provider's option and if it is feasible to do so, return to Provider or destroy all PHI in its possession and retain no copies (which for purposes of this Agreement shall include destroying all backup tapes) pursuant to 45 C.F.R. § 164.504(e)(2)(I), and provide Provider with written certification that all PHI in its possession has been returned to Provider or destroyed and the method by which the PHI was destroyed. Prior to returning or destroying the PHI, AHN shall recover any PHI in the possession of its subcontractors or agents. Alternatively, if it is not feasible for AHN to return or destroy the PHI, AHN shall promptly notify Provider in writing. The notification shall include: (i) a statement that AHN has determined that it is infeasible to return or destroy the PHI in its possession; and (ii) the specific reasons for such determination. AHN shall extend any and all protections, limitations and restrictions contained in this Agreement to AHN's use and/or disclosure of any PHI retained after the termination of this Agreement, and to limit any further uses and/or disclosures to the purposes that make the return or destruction of the PHI infeasible. If it is infeasible for AHN to obtain from a subcontractor or agent any PHI in the possession of the subcontractor or agent, AHN shall promptly provide a written explanation to Provider and require the subcontractor or agent to agree to extend any and all protections, limitations and restrictions contained in this Agreement to the subcontractor's or agent's use and/or disclosure of any PHI retained after the termination of this Agreement, and to limit any further uses and/or disclosures to the purposes that make the return or destruction of the PHI infeasible. Any termination of the Provider Agreement as provided in this Section 4 shall be without liability or further obligation of the part of Provider, except those provisions that survive any termination of the Provider Agreement. The respective rights and obligations of AHN and Provider under the this Agreement solely with respect to PHI AHN retains in accordance with this Section4.3 because it is not feasible to return or destroy such PHI, shall survive termination of this Agreement.

5. Miscellaneous.

5.1 Amendments; Waiver. This Agreement may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the parties. The foregoing sentence notwithstanding, upon the effective date of any law, final regulation or amendment to final regulations promulgated by the U.S. Department of Health and Human Services or other governmental agency with respect to PHI, this Agreement shall automatically amend such that the obligations they impose on AHN remain in compliance with these regulations. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.

5.2 No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

5.3 Incorporation. Notwithstanding any other provision of this Agreement, any provisions now or hereafter required to be included in this Agreement by applicable state and federal law including, without limitation, HIPAA and HITECH, shall be binding upon and enforceable against the parties and be deemed incorporated herein, irrespective of whether or not such provisions are expressly set forth in this Agreement.

5.4 Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits the parties to comply with HIPAA and HITECH.

5.5 Statutory and Regulatory References. All references in this Agreement to any law or regulation are to the provision as currently in effect and as subsequently, updated, amended or revised.

5.6 Definitions. Terms used but not otherwise defined in this Agreement shall have the same meaning as set forth in HIPAA.

6. Definitions.

6.1 "Breach" means the acquisition, access, use or disclosure of PHI in a manner not permitted under HIPAA which compromises the security or privacy of the PHI and shall have the meaning as set forth in its definition at 45 C.F.R. §164.402.

6.2 "Compliance Officer" shall have the meaning as set out in the description of "Privacy Officer" and "Security Officer" in HIPAA.

6.3 "Electronic Protected Health Information/ePHI" shall have the meaning as set forth in its definition at 45 C.F.R. §160.103. For purposes of this Agreement, ePHI shall be limited to the ePHI that AHN creates, receives, maintains, or transmits for, from or on behalf of Provider.

6.4 "Health Care Operations" shall have the meaning as set forth in its definition at 45 C.F.R. §164.501.

6.5 "HIPAA" means the Health Insurance Portability and Accountability Act of 1996 and the rules and regulations promulgated under these statutes (including, 45 CFR Part 160, Part 162, and Part 164).

6.6 "HITECH" means the Health Information Technology for Economic and Clinical Health Act, which was included in the American Recovery and Reinvestment Act of 2009.

6.7 "Protected Health Information/PHI" shall have the meaning as set out in its definition at 45 C.F.R. §160.103. PHI includes, without limitation, Electronic Protected Health Information as defined herein. For purposes of this Agreement, PHI shall be limited to the PHI that AHN creates, receives, maintains, or transmits for, from, or on behalf of Provider.

6.8 "Security Incident" shall have the meaning as set out in its definition at 45 C.F.R. §164.304.

6.9 "Unsecured PHI" means PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary of the U.S. Department of Health and Human Services and shall have the meaning as set out in its definition at 45 C.F.R. §164.402.

BY CLICKING "I AGREE", PROVIDER ACKNOWLEDGES THAT IT HAS READ THESE AGREEMENTS, THAT IT UNDERSTANDS THESE AGREEMENTS AND THEIR TERMS AND CONDITIONS, AND THAT PROVIDER AGREES TO BE BOUND BY THESE AGREEMENTS AND THEIR TERMS AND CONDITIONS. IF PROVIDER DOES NOT AGREE WITH THESE AGREEMENTS, PROVIDER SHALL NOT CLICK "I AGREE".
You must agree to terms and conditions to continue