Davis Wright Tremaine LLP Davis Wright Tremaine LLP
Practice Areas - HIPAA publications & resources
Home

Practice Areas - HIPAA
 

Legal Services

Related Practice Areas

Advisory Bulletins

Publications & Resources

HIPAA Search
 

 
News to Use
Recruiting
DWT in the Community
Seminars & Training
Bookstore
Lawyer Directory
Office Locations
Search & Site Map

HIPAA Business Associate Contract

The Health Insurance Portability and Accountability Act of 1996 requires health care providers and health plans who are "covered entities" under HIPAA to obtain written assurances of confidentiality from their business associates before disclosing individually-identifiable health information. These assurances are called a "business associate contract." We recognize that we are the business associate of our covered entity clients who disclose protected health information to us to obtain legal services from us. We offer the following assurances to them:

Download printable copy of contract
 View the Business Associate Subcontract Addendum - Privacy and Security


Business Associate Contract for Privacy and Security


To our Covered Entity Clients:

At Davis Wright Tremaine LLP, we recognize that we may be your business associate under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (“HIPAA”) if you are a covered entity and we receive protected health information from you in the course of providing legal services. This contract supplements and serves as an addendum to our existing engagement letter and our Standard Terms of Engagement and replaces, in its entirety, any business associate contract you may have received from us in the past. Terms used in this contract have the meanings given them in HIPAA. Additionally, any reference to “protected health information” will refer to such information in any medium, unless specifically referred to as “electronic protected health information.” Our sending you this contract does not imply that we have made a determination that you are a covered entity.

To assist you in complying with HIPAA, and in consideration of our ongoing relationship, we agree as follows to the extent that you are a covered entity and that we possess or have created any protected health information or electronic protected health information on your behalf:

1. We may use protected health information for the purpose of providing legal services to you. Nothing in this contract permits any use or disclosure that you are not permitted to make under HIPAA, except that we may use and disclose protected health information for the proper management and administration of our law firm and to carry out our legal responsibilities, as long as, in the case of any disclosure for these purposes, either:
  1.1 The disclosure is required by law; or
  1.2 We obtain reasonable assurances from the person to whom we disclose the protected health information that it will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed to such person, and that the person will notify us of any instances of which it is aware in which the confidentiality of the information has been breached.
2. We will:
  2.1 Not use or further disclose your protected health information except as permitted or required by this contract, by our engagement for legal services by you, or as required by law.
  2.2 Use appropriate safeguards to prevent use or disclosure of your protected health information other than as permitted by this contract and implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on your behalf.
  2.3 Report to you any use or disclosure of your protected health information not provided for by this contract, including any security incident involving electronic protected health information, of which we become aware. The timing of the report will be consistent with the level of risk reasonably likely to be presented by the use, disclosure, or incident.
  2.4 Ensure that our agents, including any subcontractors, to whom we provide your protected health information agree to the restrictions and conditions that apply to us with respect to such information and, with respect to any electronic protected health information, agree to implement reasonable and appropriate safeguards to protect it.
  2.5 Make available your protected health information to you so you can meet your obligations to provide individual access to such protected health information, if you instruct us to do so.
  2.6 Make available your protected health information so you can meet your obligations to amend incomplete or inaccurate protected health information and incorporate any amendments as you may instruct.
  2.7 Report to you, upon your request, all disclosures of protected health information by us, as necessary to enable you to comply with your obligation to account for uses and disclosures of protected health information. We will report only those disclosures for which you would be required to provide an accounting. For example, if (as is usually the case) we are engaged to assist you with matters relating to treatment, payment, or health care operations, then we will not report uses and disclosures within the scope of that engagement, because you are not obligated to account for uses and disclosures for these purposes. We, however, will report disclosures that otherwise are subject to an accounting, for example, if we disclose protected health information in response to a discovery request.
  2.8 Make our internal practices, books, and records relating to the use and disclosure of protected health information available to the Secretary of the United States Department of Health and Human Services (“Secretary”), for purposes of determining your compliance with your legal obligations. Unless otherwise required by law or authorized by you in writing, however, we will not disclose any confidential or privileged information that we receive from you or create on your behalf to the Secretary. This contract does not waive or amend either the attorney-client privilege, the attorney work product doctrine, or other privileges or protections.
  2.9 Upon termination of our attorney-client relationship, return or destroy all protected health information that we maintain in any form and retain no copies of such information or, if return or destruction is not feasible, extend the protections of this contract to such information and limit further use and disclosure of the information to those purposes that make the return or destruction of the information infeasible. Because of our responsibility to maintain a record of the services we provide, return or destruction of the information will generally not be feasible.
3. You may immediately terminate your relationship with us if you determine that we have violated a material term of this contract.
4. Nothing express or implied in this contract is intended to, or does, confer upon any other person or entity any rights, remedies, obligations, or liabilities whatsoever.
5. This contract is to be interpreted consistently with our obligation of reasonable care in the performance of our professional services on your behalf as our client.

This contract is effective the later of April 20, 2005 or the date this contract is executed with respect to provisions that reference electronic protected health information and the date this contract is executed with respect to all other protected health information.

 
Davis Wright Tremaine LLP
Home | Practice Areas | News To Use | Recruiting | DWT in the Community
Seminars & Training | Bookstore | Lawyer Directory | Office Locations | Search & Site Map
Davis Wright Tremaine LLP Davis Wright Tremaine LLP