This HIPAA Business Association Addendum (this “HIPAA Addendum”) is an addendum to your Product Terms and Conditions (and incorporated therein by reference). This HIPAA Addendum defines the rights and responsibilities of each of us with respect to Protected Health Information as defined in the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder, including the HITECH Act and Omnibus Rule, as each may be amended from time to time (collectively, “HIPAA”). This Agreement shall be applicable only in the event and to the extent MX Layer meets, with respect to you, the definition of a Business Associate set forth at 45 C.F.R. §160.103, or applicable successor provisions.
“Agreement” shall have the same meaning as given in the General Terms and Conditions.
“Business Associate” shall mean the MX Layer entity from which you purchase Services.
“CFR” shall mean the Code of Federal Regulations.
“Individual” shall have the same meaning as the term “individual” in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g).
“Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.
“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103, limited to the information received by Business Associate from or on behalf of Customer.
“Required By Law” shall have the same meaning as the term “required by law” in 45 CFR § 164.103.
“Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information, located at 45 CFR Part 160 and Subparts A and C of Part 164.
“Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee.
You agree that you will not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by you.
You agree to comply with those security obligations identified in the General and Product Terms, and to implement, purchase, or maintain appropriate safeguards (including security appliances, services, and practices) as required for you to comply with the Security and Privacy rules as applicable to you.