FlexAmerica, Inc. Business Associate Contract
This Business Associate Addendum (“Addendum”), effective on the later of April 14, 2003 or the Compliance Date (defined in
Section 5.3 below) is entered into by and between FlexAmerica, Inc. at 6500 Rock Spring Drive, Suite 105, Bethesda, MD 20817
and _____________________________________________________________________.
1. BACKGROUND AND PURPOSE. The Parties have entered into one or more contracts which require FlexAmerica, Inc.
to be provided with, have access to, and/or create Protected Health Information (PHI) that is subject to the federal privacy
regulations issued pursuant to the Health Insurance Portability and Accountability Act ("HIPAA") and codified at 45
C.F.R. parts 160 and 164 ("Privacy Rule") (the “Underlying Contract(s)”). This Addendum shall supplement and/or
amend each of the Underlying Contract(s) only with respect to FlexAmerica, Inc.’s receipt, use and creation of PHI under
the Underlying Contract(s) to allow Customer to comply with section §164.502(e) of the Privacy Rule. Except as so
supplemented and/or amended, the terms of the Underlying Contract(s) shall continue unchanged and shall apply with full
force and effect to govern the matters addressed in this Addendum and in each of the Underlying Contract(s).
2. DEFINITIONS. Unless otherwise defined in this Addendum, all capitalized terms used in this Addendum have the
meanings ascribed in the Privacy Rule, provided, however, that
2.1 “PHI” shall mean Protected Health Information, as defined in 45 C.F.R. § 164.501, limited to the information
FlexAmerica, Inc. received from or created or received on behalf of Customer as Customer’s Business Associate.
2.2 “Electronic PHI” means PHI that is transmitted by or maintained in an electronic media as that term is defined in 45
CFR 160.103.
2.3 “Security Incident” means a Security Incident as set forth in 45 CFR 164.304, which generally includes any attempted or
successful unauthorized access, use, disclosure, modification or destr