Exhibit B – Execution PageLOGISTICARE SOLUTIONS, LLC PROVIDER:_________Printed Name: _______________________ Printed Name: _______________________Title: _____________________________ Title: ______________________________Signature: __________________________ Signature: ___________________________Date: _____________________________ Date: ______________________________<strong>Wisconsin</strong> NET ProgramVersion: March 25 2011Page 32
EXHIBIT CBUSINESS ASSOCIATE AGREEMENTBUSINESS ASSOCIATE AGREEMENT<strong>Provider</strong> Name:This Business Associate Agreement (“Agreement’) is entered into as of ______________200____, by and between LGTC and <strong>Provider</strong> (“BUSINESS ASSOCIATE”) to comply with the PrivacyRule promulgated pursuant to the Health <strong>In</strong>surance Portability and Accountability Act of 1996(“HIPAA”), regulations promulgated under HIPAA, and the Health <strong>In</strong>formation Technology forEconomic and Clinical Health Act (“HITECH Act”).Whereas, LGTC and BUSINESS ASSOCIATE are parties to a pre-existing agreement (the “PriorAgreement”), pursuant to which BUSINESS ASSOCIATE provides services to LGTC; andWhereas, in connection with services provided under the Prior Agreement, LGTC makes available toBUSINESS ASSOCIATE certain Protected Health <strong>In</strong>formation that is confidential and must be affordedspecial treatment and protection;Now therefore, the Parties agree as follows:1. Definitions. The following terms shall have the meaning ascribed to them in this Section. Othercapitalized terms shall have the meaning ascribed to them in the context in which they first appear.a. HIPAA shall mean the Health <strong>In</strong>surance Portability and Accountability Act of 1996, PublicLaw 104-191.b. HIPAA Regulations shall mean the regulations promulgated under HIPAA by the UnitedStates Department of Health and Human Services at 45 C.F.R. Parts 160, 162, and 164, including withoutlimitation the <strong>In</strong>terim Final Rule regarding Breach Notification for Unsecured Protected Health<strong>In</strong>formation, dated August 24, 2009 and effective September 23, 2009.c. HITECH Act shall mean the Health <strong>In</strong>formation Technology for Economic and ClinicalHealth Act, Title XIII of Division A and Title IV of Division B of the American Recovery and <strong>In</strong>vestmentAct of 2009, Public Law 111-5, enacted on February 17, 2009.d. <strong>In</strong>dividual shall mean the person who is the subject of the Protected Health <strong>In</strong>formation, andshall include a person who qualifies as a personal representative of that person.e. Protected Health <strong>In</strong>formation (“PHI”) means individually identifiable health information(as defined in 45 CFR 164.501, or elsewhere, as applicable), limited to the information created orreceived by BUSINESS ASSOCIATE from or on behalf of LGTC. It includes information that relates tothe past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of health care to anindividual; and that (a) identifies the individual; or (b) with respect to which there is a reasonable basis tobelieve the information can be used to identify the individual.f. Secretary shall mean the Secretary of the Department of Health and Human Services(“HHS”) and any other officer or employee of HHS to whom the authority involved has been delegated.g. Unsecured Protected Health <strong>In</strong>formation (“Unsecured PHI”) shall mean PHI that is notsecured through the use of technology or methodology specified by the Secretary in guidance.h. Breach shall mean the unauthorized acquisition, access, use, or disclosure of PHI whichcompromises the security or privacy of such information, except where an unauthorized person to whomsuch information is disclosed would not reasonably have been able to retain such information. Exceptionsto this definition exist for cases in which: (1) the unauthorized acquisition, access, or use of PHI isunintentional and made by an employee or individual acting under authority of a covered entity orbusiness associate if such acquisition, access, or use was made in good faith and within the course and<strong>Wisconsin</strong> NET ProgramVersion: March 25 2011Page 33