Electronic Health Record Access Agreement (Yakima Valley Memorial)
This is an Agreement ("EHR Access Agreement") between Yakima Valley Memorial ("Yakima Valley Memorial") and the undersigned ("Company"), to which Yakima Valley Memorial has agreed to provide access to its electronic health record ("EHR Data"), subject to the terms of this EHR Access Agreement and Yakima Valley Memorial policy. The Effective Date of this Agreement shall be the date upon which access provisioning is approved for Company, pursuant to Yakima Valley Memorial policy.
Company understands and agrees to all the following terms and conditions, as a condition of such EHR Data access:
1. Authorized Users; Access. Access shall be limited to Company workforce users who have applied for and been granted access to Yakima Valley Memorial EHR Data ("Authorized Users"). Authorized User access shall be contingent on existence of an unexpired EHR Access Agreement covering user's access, and user's continued compliance with the EHR Access Agreement terms and Yakima Valley Memorial policies and procedures. Company expressly acknowledges and accepts responsibility for each user granted access to the EHR Data. Access will be provided via TLS secured HTTPS. As technology evolves, Yakima Valley Memorial may alter the method for access.
EHR Data access is provided for the following purpose: treatment (the "Purpose"). Access shall be "read-only". Access to Yakima Valley Memorial's EHR Data is a privilege that Yakima Valley Memorial may revoke at any time. Yakima Valley Memorial reserves the right to revoke access without notification, in response to an actual or suspected Breach (defined below) of this EHR Access Agreement. Should the Company fail to comply with Yakima Valley Memorial security policies and procedures, revocation of access privileges will satisfy the HIPAA sanction requirement found at 45 CFR § 164.308(a)(1)(ii)(C).
2. Privacy and Confidentiality. Company and its Authorized Users shall access EHR Data only for the specific Purpose described above. Company and Authorized Users shall at all times treat EHR Data as strictly confidential and shall not disclose EHR Data, or otherwise make EHR Data available to any other person or entity, except with the prior written consent of Yakima Valley Memorial, or as may be required by law. Company agrees to specifically protect, and require Authorized Users to specifically protect, the confidentiality of the personally identifiable health and other proprietary information that is part of the EHR Data. Company, and its Authorized Users, shall comply with applicable Yakima Valley Memorial policies and procedures regarding privacy and confidentiality and cooperate with Yakima Valley Memorial in complying with regulatory requirements related to access, including patient restrictions and accounting of disclosures.
This EHR Access Agreement is not intended to, and shall not grant, to Company, or any Authorized User, a right to access any other records besides the EHR Data, nor access any records for any other Purpose. Company shall insure that its Authorized Users do not access information on family members, friends, or co-workers unless such access is a required part of job functions and consistent with the Purpose. Company shall further prohibit its Authorized Users from in any way divulging, copying, screen printing, releasing, selling, altering, posting online, destroying or forwarding EHR Data.
The foregoing privacy and confidentiality requirements continue to apply, even after Company or its Authorized Users no longer have access to the EHR Data, or this EHR Access Agreement has been terminated.
If Company has entered into a Business Associate Agreement ("BAA") with Yakima Valley Memorial, then in the event of any conflict between the BAA and this EHR Access Agreement, the terms of the BAA shall apply.
3. Breach. Company shall report to Yakima Valley Memorial any use or disclosure not authorized by this EHR Access Agreement of patient information or other confidential or proprietary information ("Breach"), without unreasonable delay but not later than ten (10) calendar days following discovery of such Breach; and cooperate with Yakima Valley Memorial's investigation and requests for information. As applicable, the report shall include the identification of each patient whose confidential health or other information has been or is reasonably believed to have been compromised and other information as requested by Yakima Valley Memorial.
4. Security. Company agrees that any individual passcode issued to its Authorized User must be used ONLY by that Authorized User and may not be shared with anyone else, because it uniquely identifies the Authorized User and the Authorized User's usage activity. The passcode may periodically expire. Company acknowledges that Yakima Valley Memorial may periodically audit the Authorized User's access to the EHR Data and that Company agrees to provide information reasonably required for such audits within five (5) business days of the request. Yakima Valley Memorial may periodically require the Authorized User to provide information to verify his/her identity.
Authorized Users shall have received annual HIPAA Compliance Training.
If any Authorized User is terminated from or leaves the employment of Company, or no longer requires access to Yakima Valley Memorial's EHR, Company shall immediately report such change to Yakima Valley Memorial's Help Desk at (509) 5575-8176. Company's failure to so notify Yakima Valley Memorial constitutes a Breach of this EHR Access Agreement, including for purposes of section 6 below.
5. Unauthorized Use. Company agrees that failure to comply with these confidentiality, privacy and security requirements or using the EHR Data in an unauthorized manner will be treated as a Breach of this EHR Access Agreement. If Company suspects a violation of privacy or security, it shall immediately report the incident to Yakima Valley Memorial's Privacy Officer at 509-225-2006.
6. Indemnification. Company indemnifies and holds Yakima Valley Memorial harmless from any claims, liabilities, losses, damages, fines, penalties or costs and expenses (including reasonable attorneys' fees) arising out of, or related to: (i) a Breach of this EHR Access Agreement, or (ii) the acts or omissions of Company, an Authorized User, or other directors, officers, employees or agents of Company under this EHR Access Agreement. This indemnification shall survive termination or expiration of this EHR Access Agreement, and shall be in addition to any indemnification set forth in a BAA.
7. Ownership of EHR Data. Yakima Valley Memorial shall be the sole owner of the EHR Data, including any adaptations or copies of the EHR Data, and ownership of the EHR Data shall include any associated intellectual property rights.
8. Governing Law. This EHR Access Agreement shall be construed and interpreted in accordance with the laws of the State of Washington. In the event of a dispute, such dispute shall be first referred to nonbinding mediation with a mediator mutually agreeable to both parties. If the parties are unable to resolve the dispute through mediation, the forum for any additional proceedings shall be Yakima County, Washington.
9. Notices. In the event of a Breach, Company shall provide written notice to Yakima Valley Medical Center, Attn: Privacy Officer, 2811 Tieton Drive, Yakima, WA, 98902.
10. Compliance with Law. The parties hereto shall comply with applicable laws and regulations governing their relationship, including, as applicable, the Health Insurance Portability and Accountability Act ("HIPAA") codified at 45 C.F.R. parts 160 through 164, and its implementing regulations, the Washington Uniform Healthcare Information Act (RCW 70.02), and any other federal or state laws or regulations governing the arrangements described in this EHR Access Agreement.
11. Term; Termination. This EHR Access Agreement shall commence as of the Effective Date and shall continue only through the date of the next required Yakima Valley Memorial EHR Access Agreement re-attestation (as determined by Yakima Valley Memorial). The terms, conditions and instructions regarding confidentiality, privacy and security of the EHR Data shall survive the expiration or termination of this EHR Access Agreement. Either party may terminate this EHR Access Agreement at any time for any reason. Notwithstanding the foregoing, Yakima Valley Memorial reserves the right to suspend or terminate EHR Data access for the Company and/or any of its Authorized Users, in the event Yakima Valley Memorial has reasonable cause based on privacy or security concerns, as determined in its sole discretion.
12. Miscellaneous. This EHR Access Agreement is not assignable in whole or in part by Company without the prior written consent of Yakima Valley Memorial. This EHR Access Agreement sets forth the parties' entire agreement and supersedes all prior oral and written agreements relating to the subject matter. Neither Company, nor any Authorized User or other workforce member of Company, shall be considered an employee of Yakima Valley Memorial.
I understand and agree to all the terms and conditions of the preceding EHR Access Agreement.
Do you agree to all the terms and conditions of the preceding EHR Access Agreement?