Fleet Logo
PayMode Electronic Payment and Remittance
PayMode Logo
Top Green Bar
News PayMode Learn More Enroll Log On Demo Contact
 
PayMode® Policies and Practices
> Policy Index > Next Policy
PayMode
Blue Rule


Health Care Information Privacy Amendment to Clareon Terms of Use

This Health Care Information Privacy Amendment to Clareon Terms of Use (this "Amendment") shall apply to you:

(i) if you are a "Covered Entity," as defined in the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191 ("HIPAA"), and you provide to us, or we create or receive on your behalf, at any time on or after April 14, 2003 "Protected Health Information," as defined in the Standards for Privacy of Individually Identifiable Health Information promulgated by the U.S. Department of Health and Human Services pursuant to HIPAA and codified at 45 CFR part 160 and part 164, subparts A and E (the "Privacy Rule"); or

(ii) if you are a "Business Associate," as defined in HIPAA, of one or more Covered Entities, and you provide to us, or we create or receive on your behalf or on behalf of your Covered Entity customer(s), at any time on or after April 14, 2003, Protected Health Information belonging to your Covered Entity customer(s).

If you are a Covered Entity under HIPAA, this Amendment is for the purpose of complying with the requirement that Covered Entities enter into a "Business Associate Agreement" with any of their service providers that receive Protected Health Information from, or create or receive Protected Health Information on behalf of, the Covered Entity in the course of providing services to the Covered Entity.

If you are a Business Associate to whom this Amendment applies by virtue of subparagraph (ii) above, this Amendment is for the purpose of permitting you to comply with your obligation under your business associate agreement(s) with your Covered Entity customer(s) to pass on your obligations under such agreement(s) to any third-party service providers to whom you provide your customers' Protected Health Information.

As Clareon, in the course of providing you with PayModeŽ (the "Service"), may be or become (i) your Business Associate, as defined in the Privacy Rule, or (ii) a third-party service provider with respect to you as the Business Associate of one or more Covered Entities, we and you (together, the "parties") agree that this Amendment shall serve as such Business Associate Agreement, or third-party service provider agreement, as the case may be, for purposes of HIPAA.

Although not a Covered Entity under HIPAA, a Business Associate to whom this Amendment applies pursuant to the above paragraph shall be governed by the same obligations as are set forth herein for a Covered Entity under HIPAA.

The parties recognize that Clareon is not required to maintain and does not maintain Protected Health Information in a Designated Record Set as those terms are defined in 45 CFR §164.502.

The parties hereby agree to the following terms and conditions with respect to Protected Health Information received from, or created or received by Clareon on behalf of, the Covered Entity in connection with the Service:

I. Definitions

Capitalized terms used herein, but not otherwise defined in this Amendment, shall have the meanings given to such terms in the Privacy Rule.

A. Individual.. "Individual" shall have the same meaning as the term "individual" in 45 CFR § 164.501 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502 (g).

B. Law: "Law" shall mean HIPAA and all regulations promulgated thereunder.

C. Protected Health Information. "Protected Health Information" shall have the same meaning as the term "Protected Health Information" in 45 CFR § 164.501, limited to the information created or received by Clareon from or on behalf of Covered Entity.

D. Required by Law. "Required by Law" shall have the same meaning as the term "required by law" in 45 CFR § 164.501 ("a mandate in law that compels a covered entity to make a use or disclosure of protected health information and that is enforceable in a court of law").

E. Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services, or his or her designee.

II. Obligations and Activities of Clareon

A. No Unauthorized Disclosure. Clareon shall not use or disclose Protected Health Information other than in accordance with this Amendment, as permitted by Law, or as Required by Law.

B. Safeguards. Clareon shall use reasonable safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Amendment.

C. Access to Internal Practices, Books, and Records. Upon reasonable notice, and at Covered Entity's expense, Clareon shall make Protected Health Information and books and records relating to the use and disclosure of Protected Health Information available to Covered Entity or the Secretary in a reasonable time and manner, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule./p>

D. Referral for Accounting of Disclosures. Clareon shall refer to Covered Entity all requests by Individuals for information about, or an accounting for disclosures of, their own individual Protected Health Information in accordance with 45 CFR § 164.528. Covered Entity acknowledges and agrees that it, and not Clareon, has sole responsibility for responding to such requests.

E. Documentation of Disclosures. Clareon shall use reasonable efforts to document disclosures of Protected Health Information, other than (i) disclosures for Treatment, Payment or Healthcare Operations, (ii) authorized disclosures that are incidental to another permissible disclosure, (iii) disclosures not subject to the Law's accounting requirements, or (iv) disclosures for other purposes permitted by Law, including for the proper management and administration of Clareon's business, to the extent reasonably required for Covered Entity to respond to a request by an Individual for an accounting for disclosures of Protected Health Information in accordance with 45 CFR § 164.528. Based upon the nature of the relationship between the parties and the capacity in which Protected Health Information is expected to be received from, or created or received by Clareon on behalf of, Covered Entity, the parties acknowledge that there would appear to be no disclosed Protected Health Information that would be subject to such an accounting.

F. Access to Documented Disclosures to be Provided. (i) At Covered Entity's expense, Clareon shall use reasonable efforts to provide to Covered Entity information collected in accordance with Section II.E., if any, to the extent reasonably required to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.

G. Agreement with Subcontractors. Clareon shall include in any written agreement with any agents, including subcontractors, to whom it provides Protected Health Information in connection with providing the Service or otherwise on behalf of Covered Entity, assurances that such Protected Health Information will be treated and handled under conditions that are no less stringent than those that apply to Clareon under this Amendment.

H. Duty to Report Unauthorized Disclosures. Clareon shall report to Covered Entity any use or disclosure of Protected Health Information not provided for by this Amendment and prohibited by Law of which it becomes aware.

III. Permitted Uses and Disclosures by Clareon

A. Performance of Services for Covered Entity. Except as otherwise provided in this Amendment, Clareon may use or disclose Protected Health Information (i) as is reasonably necessary to perform the Service and any other functions, activities, or services for, or on behalf of, Covered Entity; (ii) for the proper management and administration of Clareon as determined by Clareon in its sole discretion; or (iii) as may otherwise be Required by Law or permitted by Law.

B. Disclosure by Whistleblowers and Workforce Member Crime Victims. Notwithstanding anything to the contrary in this Amendment, Clareon may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 42 CFR § 164.502(j)(1).

C. De-identified Information. Protected Health Information that has been de-identified by Clareon in accordance with 42 CFR § 164.514 may be used and disclosed by Clareon in the normal course of its business.

IV. Covered Entity to Obtain Authorizations

Covered Entity shall bear sole responsibility for determining whether authorization is required to disclose any specific Protected Health Information to Clareon, and shall obtain proper authorization prior to disclosing such Protected Health Information to Clareon.

V. Permissible Requests by Covered Entity

Covered Entity agrees, represents and warrants that it shall not provide or request Clareon to use or disclose Protected Health Information in any manner that would not be permissible under Law if done by Covered Entity.

VI. Term and Termination

A. Term. The term of this Amendment shall begin on April 14, 2003, if the Service was inaugurated prior to such date, or upon the inauguration of the Service, if the Service was or is inaugurated after such date (the inaugural date of the Service to be referred to herein as the "Effective Date") and shall continue for as long as Protected Health Information is being exchanged by Covered Entity and Clareon, except as this Amendment may otherwise be terminated pursuant to Section VI.B. Protected Health Information received from, or created or received by Clareon on behalf of, Covered Entity prior to the Effective Date shall be excluded from the coverage of this Amendment.

B. Termination.

    (i) Automatically: This Amendment shall terminate automatically upon termination, for any reason, of the PayModeâ Service, or upon such prior date as Covered Entity shall cease to disclose Protected Health Information to Clareon.

    (ii) For Cause: Either party may terminate this Amendment for a material breach by the other party if such breach is not cured within thirty (30) days of receipt of written notice thereof.

C. Effect of Termination. Upon termination of this Amendment, Clareon shall, if feasible, return or destroy all Protected Health Information received from, or created or received by Clareon on behalf of, Covered Entity that Clareon still maintains in any form and retain no copies of such information. If Clareon determines that such return or destruction is infeasible due to legal requirements, record retention obligations, or other valid business reasons, Clareon shall extend the protections of this Amendment to the Protected Health Information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible.

VII. General Provisions

A. Amendment. Clareon shall amend this Amendment as necessary pursuant to the requirements of any future HIPAA-related regulations, including but not limited to final HIPAA security regulations, in order to permit Covered Entity to comply with such requirements. Clareon will prepare any necessary amendment(s) to this Amendment and provide it/them to Covered Entity by means of an e-mail notice to Covered Entity highlighting the changes and by posting the changes at www.fleet.paymode.com/policies. The parties agree that such amendment shall be deemed effective immediately upon receipt of such e-mail notice by Covered Entity, or upon such later date as shall be specified in the notice or in the amendment itself.

B. Entire Agreement. This Amendment constitutes the entire Agreement between the parties concerning the subject matter hereof, and supersedes all prior oral and/or written agreements between the parties relating thereto. If there is a conflict between this Amendment and any provision(s) of the Terms of Use that govern the Service, the terms of this Amendment shall prevail.

C. Governing Law. The contract law of the state of Maine shall govern this Amendment.

D. Regulatory References: A reference in this Amendment to a section in the Privacy Rule means the section as in effect from time to time.

E. Survival. The obligations of the parties under Sections II and IV of this Amendment shall survive the termination of this Amendment until such time as the parties have destroyed or returned all of the Protected Health Information received from the other.

F. Third Party Beneficiaries. There are no third party beneficiaries of this Amendment and no other person or entity shall have rights arising from the same.

Version 1.1 (09-24-03)





© 2003 FleetBoston Financial Corporation. All rights reserved. PayMode Policies and Practices.