HIPAA Business Associate Agreement

We Are Changing the World Of Collections
 

This collection services agreement ("Agreement") made and entered into This ____day of __________, 20__ by and between ________________________ ("Healthcare Provider"), a _______________ (Insert name of state of incorporation) not for profit/for profit (Select one) corporation and National Asset Management, Inc. a Pennsylvania corporation, ("Business Associate").

WITNESSETH

WHEREAS, Healthcare Provider is a “covered entity” as defined in the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) and the Electronic Transaction, Security and Privacy Standards (the “Standards”) promulgated by the Department of Health and Human Services (“HHS”) thereunder, which Standards are set forth in 45 C.F.R. Parts 142, 160, 162 and 164.

WHEREAS, Healthcare Provider’s direct and indirect use and disclosure of individually identifiable health information is subject to HIPAA and the Standards.

WHEREAS, Healthcare Provider is desirous of obtaining services to assist in the collection of accounts receivable;

WHEREAS, Business Associate is, for purposes of the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996, as amended, and the Standard published thereunder, a "Business Associate;" and

WHEREAS, Business Associate wishes to provide third party accounts receivable collection services upon the terms and conditions herein stated.

NOW THEREFORE, in consideration of the foregoing covenants and promises, the adequacy and sufficiency of which is hereby acknowledged, the parties mutually agree to the following terms and conditions:

 I. GENERAL TERMS AND CONDITIONS

 1.1 Description of Collection Services

Business Associate shall perform third party collection services on referred patient accounts receivable within the limits of the Health Insurance Portability and Accountability Act, HIPAA 1996 Health and Human Services Department Standards for Individually Identifiable Health Information, 45 C.F.R. Parts 142,160, 162 and 164, the Fair Debt Collection Practices Act, 15 U.S.C. 1692 et.seq., applicable Medicare and Medicaid rules and regulations and other state, federal and local laws.

1.2 Customary and Standard Third Party Collection Procedures

Customary and standard third party collection services performed under this Agreement shall include payment activities that relate to the individual to whom healthcare services are provided or the responsible party on the account receivable. Payment activities may include: Data extraction; Data aggregation services Performance of location information services; Mailing of collection notices; Telephone requests for payment; Establishment of repayment plans; Obtaining payment under a contract for reinsurance (including stop loss insurance and excess of loss insurance), and related health care data processing; Review of health care services with respect to coverage under a health plan or justification of charges.

1.3 Necessary Information to Effectuate Services

Healthcare Provider authorizes Business Associate to commence customary and standard third party collection procedures to effectuate payment of a referred account when Healthcare Provider provides Business Associate with the patient/responsible party information and which pertains to a patient's account receivable.

Business Associate has determined that, in order to perform the services for the Healthcare Provider specified in Section 1.2 hereof, the following information regarding the patient to whom healthcare services were rendered and the responsible party for payment of such services (if not the patient) constitutes information regarding the patient and the responsible party that may be needed by the Business Associate.

The parties agree that the following information may be necessary for the Business Associate to reasonably effectuate services under this Agreement:

Name and address of responsibility party

Name and address of patient;

Date of birth of responsible party;

Date of birth of patient;

Social security number of responsible party;

Social security number of patient;

Payment history pertaining to the account;

Name and address of any healthcare provider and or health plan pertaining to the account;

Driver's license number of responsible party if available;

Driver's license number of patient, if available;

Upon Business Associate's receipt of a written request from patient requesting verification of the account information, Healthcare Provider shall provide Business Associate with an itemization of the services and the date(s) such service(s) were rendered to the patient and which pertain to the account receivable referred to Business Associate pursuant to this Agreement or shall provide the verification of the account information directly to the patient; and Insurance information. The parties agree that each of the above listed items is reasonably necessary for the Business Associate to perform services under this Agreement and to comply with applicable law.

1.4 Limitations on Use and Disclosure of Minimum Necessary Information The parties agree that the Business Associate may use and disclose the above listed information for the proper management and administration of the Business Associate and to carry out the legal responsibilities of the Business Associate, including but not limited to its duties under the Fair Debt Collection Practices Act and as otherwise provided in this Agreement.

1.5 Role Based Controls Business Associate agrees to use reasonable efforts and implement reasonable controls to limit access, use and further disclosure, in whole or in part, of the Information to those employees, officers, directors, authorized agents, vendors and subcontractors whose ability to perform their job functions or render services to the Business Associate may require such access, use or disclosure of Information. Authorized agents, vendors and subcontractors of Business Associate include, but may not be limited to, its attorneys, accountants and accounting service providers, providers of hardware, software and middleware used in connection with services to the Healthcare Provider and technical support service providers.

1.6 Right to Withdraw Accounts Receivable Upon written notification, Business Associate agrees to return account information at the request of Healthcare Provider if the return of such information does not invalidate the Business Associate's right to otherwise receive compensation on any particular account subject to this provision.

1.7 Right to Refuse to Perform Services Upon receipt of notice that an account receivable referred to Business Associate is subject to restrictions on the use or disclosure of protected health information, Business Associate may, at its sole discretion, return the account receivable to Healthcare Provider without penalty.

1.8 Electronic Data Exchange Healthcare Provider and Business Associate shall adhere to the electronic data exchange protocols as provided in Health and Human Services Department Standards for Individually Identifiable Health Information, 45 C.F.R. Parts 142.

II. TERM OF AGREEMENT

This Contract sets forth the minimum terms and conditions under which the Business Associate provides services to Healthcare Provider. Nothing herein shall obligate either party to provide or to purchase services described herein, and either party may terminate this Agreement at any time for any reason.

III. COMPENSATION AND REPORTING REQUIREMENTS

3.1 Calculation of Commissions Earned Business Associate's commission shall be calculated according to the following formula: 30% of Gross Recovery.

3.2 Compensation for Withdrawn Accounts Receivable Business Associate shall be compensated in accordance with Section III of this Agreement with respect to any payments received by either the Business Associate or the Healthcare Provider on an account receivable subject to this Agreement as of the date said account is withdrawn by Healthcare Provider.

3.3 Statement of Payments Collected Upon request, Business Associate will provide a Statement of Payments Collected on behalf of Healthcare Provider to Healthcare Provider's Director of Patient Financial Services or his or her designee.

IV. HOLD HARMLESS AND INDEMNIFICATION

Business Associate and Healthcare Provider shall mutually protect, indemnify and hold harmless each other, their officers and employees from all claims, suits, actions, attorney's fees, costs, expenses, damages, judgments or decrees arising out of the failure by either party to comply with all applicable federal, state and local laws and regulations enacted now or to be enacted in the future as the same may apply to the subject matter of this Agreement and all claims, suits, actions, costs, attorney's fees, expenses, damages, judgments or decrees by reason of any injury to persons or property caused by the other party, their officers, or employees in the performance of the work and services under this Agreement.

V. TRANSFER, ASSIGNMENT, USE OF SUBCONTRACTORS

5.1 Use of Subcontractors or Agents To the extent Business Associate uses agents or subcontractors to assist it in performance of services under this Agreement and performance by the agents or subcontractors necessitates their access to, use or disclosure of any item of Information, Business Associate will not provide its agents or subcontractors any Information unless the agent or subcontractor has agreed, in writing, that the provisions of this Agreement relating to the use, access, disclosure or audit of information are binding upon and applicable to the agent or subcontractor to the same extent such provisions are binding on, and applicable to, the Business Associate.

5.2 Access to Subcontractor or Agency Agreements Business Associate shall provide Healthcare Provider with copies of any subcontractor or agent contracts upon request throughout the term of this Agreement.

VI. MUTUAL ASSURANCES

6.1 Healthcare Provider Assurances

In addition to all other representations, terms and conditions provided in this Agreement, Healthcare Provider represents and agrees that: Accounts referred to Business Associate pursuant to this Agreement are in default; Healthcare Provider has and shall obtain throughout the term of this Agreement, all necessary consents under 45 C.F.R. §164.506(c ), sufficient to permit the disclosure of protected health information to Business Associate and to permit Business Associate to perform services incidental to this Agreement.

The uses and disclosures of protected health information under this Agreement are consistent and in accordance with Healthcare Provider's privacy policies and procedures adopted pursuant to the Health and Human Services Department Standards for Individually Identifiable Health Information, 45 C.F.R. Parts 142,160, 162 and 164; Healthcare Provider shall immediately notify Business Associate of any restrictions placed on the use of protected health information pertaining to a referred account with sufficient detail so as to allow Business Associate to honor such restrictions; If Healthcare Provider knows or has reason to know that the consumer for whom it has or does provide service disputes the account, is represented by an attorney or has filed bankruptcy, Healthcare Provider shall notify Business Associate of this knowledge upon receipt thereof;

6.2 Business Associate Assurances

In addition to all other representations, terms and conditions provided in this Agreement, Business Associate represents and agrees that with respect only to the information provided by the Healthcare Provider or “health information” obtained by the Business Associate in connection with services rendered for the Healthcare Provider under the Agreement that: Business Associate shall not use or further disclose Information pertaining to the recipient of Healthcare Provider's services or any responsible party on a referred account other than as permitted or required by this Agreement or as allowed by law; Business Associate shall use appropriate safeguards to prevent the use or disclosure of the Information pertaining to the recipient of Healthcare Provider's services or any responsible party on a referred account other than as provided for in this Agreement;

Business Associate shall notify Healthcare Provider of any use or disclosure of the information not provided for by this Agreement of which it becomes aware; Business Associate shall make available protected health information in accordance with the Health and Human Services Department Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. § 164.524; Business Associate shall make available for amendment and incorporate any amendments to protected health information in accordance with the Health and Human Services Department Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. § 164.526; Healthcare Provider has determined that the uses and disclosures of the Information specified in this Agreement, whether by Healthcare Provider, Business Associate or their authorized agents and subcontractors are made and authorized as part of treatment, payment and healthcare operations relating to the Healthcare Provider.

Business Associate will use its reasonable best efforts to maintain records of any use or disclosure of Information not provided for in this Agreement by the Business Associate, its officers, directors, employees, agents and subcontractors and, to the extent known by the Business Associate, report to the Healthcare Provider any use or disclosure by such persons not authorized by this Agreement and provide such information to the Healthcare Provider upon written request of the Healthcare Provider, which request shall be made only in connection with an accounting request made to the Healthcare Provider under the then applicable HIPAA Standards. Information regarding any unauthorized use or disclosure of Information shall be maintained by Business Associate for a period of not less than six (6) years from the date of such unauthorized use or disclosure.

Business Associate shall make its internal practices, books and records relating to the use and disclosure of protected health information received from, or created or received by the Business Associate on behalf of the Healthcare Provider, available to the Health and Human Services Secretary for the purposes of determining the Healthcare Provider's compliance with the Health and Human Services Department Standards for Individually Identifiable Health Information, 45 C.F.R. Parts 142, 160, 162 and 164.

Business Associate shall train appropriate staff so as to assure compliance with this Agreement and the Health and Human Services Department Standards for Individually Identifiable Health Information, 45 C.F.R. Parts 142, 160, 162 and 164. Business Associate's obligation to provide Information, to make corrections or amendments to Information, to respond to the written instruction/request of the Healthcare Provider; or to deliver Information and documentation to the Healthcare Provider shall only be as directed, in writing, by the Healthcare Provider.

VII. INDEPENDENT CONTRACTOR

7.1 Independent Contractor Status The parties expressly agree hereto that Business Associate is an independent contractor. Nothing in this Agreement is intended, nor shall be construed to create, an employer-employee relationship or a joint venture relationship, or to allow Healthcare Provider to exercise direction or control over the manner or method by which Business Associate performs the Services which are the subject matter of this Agreement.

VIII. DOCUMENT RETENTION, AUDIT, INSPECTION AND REPRODUCTION

8.1 Document Retention Necessary to Verify Costs

Pursuant to 42 U.S.C. 1395X (v)(1)(I) and 42 C.F.R. 402.300 - 402.304, the parties agree that Business Associate shall, until the expiration of four (4) years after the furnishing of the services pursuant to this Agreement, retain and make available, upon written request by the Secretary of the US. Department of Health and Human Services, or upon written request by the US. Comptroller General, or any of their duly authorized representatives, the contact and books, documents and records of Business Associate that are necessary to verify the nature and extent of the costs of the services under this Agreement.

8.2 Costs of Reproduction

Healthcare Provider shall reimburse Business Associate for reasonable costs and expenses that it incurs to search, restore, compile, photocopy or otherwise reproduce and deliver information, data or documents pertaining to services provided under this Agreement whether requested by the Healthcare Provider, its agents and representatives, the person for whom healthcare services were provided, the responsible party on the referred account, the Department of Health and Human Services or any other person or entity entitled to such information by operation of law or contract.

 

8.3 Limitations on Interaction with Recipients of Healthcare Provider's Services

Business Associate's communications with any recipient of Healthcare Provider's services shall be limited to communications incidental to its performance of accounts receivable collection services to effectuate payment.

8.4 Audit

Business Associate shall make any relevant records available for an audit at its office at reasonable times upon reasonable prior written notice to Business Associate during the Agreement period, said audit to be performed by Healthcare Provider's patient accounting staff, Healthcare Provider's internal auditors or their outside accounting firm selected and compensated by Healthcare Provider.

IX. SECURITY AND MAINTENANCE OF CONFIDENTIAL INFORMATION

9.1 Security Business Associate shall at all times during this Agreement maintain security procedures in accordance with the Health and Human Services Department Standards for Security of Individually Identifiable Health Information.

9.2 Maintenance of Confidential Information Business Associate agrees to hold in confidence and safeguard all information which is submitted or provided by Healthcare Provider or any data, information, discoveries, materials and compilations developed pursuant to this Agreement (collectively referred to as "Information"). Business Associate agrees not to disclose any information received of Healthcare Provider pursuant to this Agreement that would violate the requirements of the Health and Human Services Department Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164 if done by the Healthcare Provider. Business Associate further represents that neither Business Associate, nor any agents or subcontractors of Business Associate, will disclose any Information other than as permitted or required by this Agreement or law. Business Associate will take reasonable precautions to prevent the use or disclosure of Information other than as provided in this Agreement or required by law and will report any use or disclosure of Information not allowed under this Agreement or required by law to Healthcare Provider. In addition, Business Associate represents and agrees that any agents or subcontractors of Business Associate shall be contractually required to agree to the same restrictions and conditions pertaining to the use and disclosure of Information as required by Business Associate pursuant to this Agreement. Nothing in this section shall prohibit the Business Associate from sending the patient a copy of the bill issued by the Healthcare Provider or prohibit the use of the bill as evidence in a court proceeding.

X. NOTICES

All notices required under this Agreement shall be given in writing and shall be sent by US Mail, first class postage pre-paid, to the following address: If to Business Associate: National Asset Management Inc. 348 Merchant Street Ambridge, PA 15003 Attn: Tomas J. Boris Esq.

Healthcare Provider: _________________ _________________ __________________ Attn: ___________________

XI. MODIFICATIONS AND AMENDMENTS

This Agreement, or any of its provisions may be modified or amended at any time during its term, but only by an agreement in writing, signed by both parties, stating which provisions of this Agreement are so amended and setting out such amendment or modification in full.

XII. GOVERNING LAW

This Agreement shall be governed by the laws of the State of where the collection agency is located regardless of conflict of law principles.

XIII. TERMINATION

13.1 Termination Upon Notice

This Agreement may be terminated by either party in whole or in part with thirty (30) days written notice. Upon termination of this Agreement, Business Associate shall immediately cease all collection activity for Healthcare Provider and return all patient account information and related documents to Healthcare Provider. Upon termination, Business Associate shall, within thirty (30) days, remit outstanding collections net of Business Associate's commissions, received by Business Associate on behalf of Healthcare Provider.

13.2 Termination Upon Breach

Healthcare Provider, by written notice, may terminate this Agreement in whole or in part if Business Associate breaches any material terms or conditions of this Agreement. Healthcare Provider shall notify Business Associate of such default and Business Associate shall be given ten (10) days to correct the breach. Business Associate shall be deemed to have defaulted if it fails to correct the breach within such ten (10) day period.

13.3 Post Termination Events

Upon termination of this Agreement for breach, Business Associate shall immediately cease all collection activity for Healthcare Provider and if requested shall return all patient account information and related documents to Healthcare Provider. Upon termination, Business Associate shall, within thirty (30) days, remit outstanding collections net of Business Associate's commissions, received by Business Associate on behalf of Healthcare Provider. To the extent feasible and regardless of the reason for termination of this Agreement, Business Associate shall return or destroy all protected health information [as defined by the Health and Human Services Department Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164], received from, or created or received by the Business Associate on behalf of the Healthcare Provider that the Business Associate still maintains in any form. Business Associate shall retain no copies of such information or, if such return or destruction is not feasible, Business Associate shall extend the protections of this Agreement to the protected health information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible.

XIV. ASSIGNMENT

Either party may assign the agreement to its affiliate. Otherwise, the parties must obtain the advance written consent of the other party before assigning this Agreement. The parties shall not unreasonably withhold their consent. For purposes of this provision an affiliate means any person (individual, corporation, company, voluntary association, partnership, limited liability company) that directly or indirectly controls, or is under common control with, or is controlled by the party. "Control" (including with its correlative meanings, "controlled by and "under common control with") means possession directly or indirectly, of power to direct or cause the direction of management or policies. IN WITNESS WHEREOF, the parties have executed this Agreement the day and year noted in the first paragraph to this Agreement.

BUSINESS ASSOCIATE HEALTHCARE PROVIDER National Asset Management Inc.. _____________________________________ By:______________________________ By: _________________________________ Printed Name: Printed Name: ________________________ Title: Title: ________________________________