To request a PACS account, complete this form. A member of the RAI IT Department will contact you within 3 business days to complete your request. If you need immediate access, please contact our IT department .
Electronic Patient Information Confidentiality & Access Administration Agreement
THIS ELECTRONIC PATIENT INFORMATION CONFIDENTIALITY AND ACCESS ADMINISTRATION AGREEMENT (this "Agreement") is made and entered into on this
*Date by and between Radiology Affiliates Imaging ("RAI"), having an address at 2501 Kuser Road, Hamilton, New Jersey 08691 and
*Practice Name *Street Address *State *Zip Code
Both RAI and the Practice are also, at times, referred to herein as a "Party" and collectively as the "Parties."
WHEREAS, RAI provides radiology services to some of the Practice's patients.
WHEREAS, RAI receives individually identifiable protected health information ("PHI"), as defined by the Health Insurance Portability and Accountability Act of 1996 and its implementing administrative simplification regulations (45 CFR Parts 160-164) (together "HIPAA"), regarding the Practice's patients in connection with RAI's provision of radiology services.
WHEREAS, RAI maintains PHI within its electronic information system (the "Information System"), and RAI's physicians and workforce, as well as certain of the Practice's physicians and workforce (together, the "System Users"), require access to this PHI in order to treat such patients.
WHEREAS, RAI and the Practice are obligated and committed to complying with HIPAA, and RAI seeks to provide its services to the Practice in a manner that supports such HIPAA compliance. NOW THEREFORE, RAI and the Practice hereby agree as follows:
1. Information System Access Responsibilities. The Practice shall be responsible for its physicians' and workforce's access to the Information System in accordance with "the Practice's Information System Responsibilities," which is attached hereto and made a part of this Agreement as Exhibit "A". RAI shall be responsible for the administration of access to the Information System in accordance with "RAI's Information System Responsibilities," which is attached hereto and made a part of this Agreement as Exhibit "B".
2. Use and Disclosure of PHI The Parties agree that RAI's use of PHI is for the purpose of providing radiology services to the Practice's and its patients and that RAI is permitted to use and disclose PHI for this purpose. The Parties also agree that RAI may use and disclose PHI as may be necessary for RAI management and administration, as permitted by HIPAA. The Parties further agree that RAI may disclose PHI if such disclosure is required by law.
3. Sub-contractors, Agents, & Employees Both RAI and the Practice shall, to the extent applicable, require that their subcontractors, agents and employees having access to the PHI, comply with the terms of this Agreement.
4. Terms & Termination (a) The term of this Agreement shall be for one (1) year from the Effective Date, unless sooner terminated in accordance with the terms hereof. Thereafter, this Agreement shall automatically renew for successive one (1) year renewal terms unless terminated effective at the end of any renewal term by either Party upon ninety (90) days prior written notice. (b) In addition, without limiting any other rights contained in this Agreement, if either party shall fail to perform any of the duties, obligations or responsibilities to be performed by it pursuant to this Agreement and such default shall continue and not be resolved to the reasonable satisfaction of the other party for a period of ten (10) days after written notice describing the claimed default has been given by the other party, the party serving such notice may terminate this Agreement immediately upon written notice. Such rights of termination shall be in addition to and without limitation upon the other rights of the party serving the notice of termination.
5. Assignment Except as otherwise provided herein, this Agreement may not be assigned by any party without the prior written consent of the other party. Notwithstanding the foregoing, RAI may assign this Agreement to any of its affiliates or subsidiaries.
6. No Third Party Beneficiaries Nothing express or implied in the Agreement is intended to confer, nor shall anything herein confer, upon any person other than RAI and the Practice, and their respective successors or permitted assigns, any rights, remedies, obligations, or liabilities whatsoever.
7. Limitation This Agreement is not intended to create a business associate relationship as the term "business associate" is defined by HIPAA, nor is it intended to create any other independent contractor relationship between the Parties, or to change any currently existing relationship between the Parties.
8. Termination of Access
RAI reserves the right to, in its sole discretion, terminate the access to the Information System by any System User in order to remedy or prevent a breach of confidentiality of PHI.
9. Entire Agreement; Counterparts This Agreement may be executed in counterparts which, when combined, shall constitute the entire agreement among the Parties. Each executed counterpart shall be considered as original. Facsimile and PDF signatures shall be binding and shall be deemed as original signatures. The Exhibits to this Agreement shall be considered a part hereof as if set forth in the body of this Agreement in full.
10. Amendments This Agreement may be amended at any time by mutual agreement of the parties, provided that before any amendment shall be operative or valid, it shall be reduced to writing and signed by the parties hereto.
11. Construction; Governing Law This Agreement shall be interpreted in accordance with, and the rights of the parties hereto shall be determined by, the laws of the State of New Jersey. The Courts of the State of New Jersey shall have sole jurisdiction over any controversy between the parties whether arising hereunder or otherwise. Venue for any action arising hereunder or otherwise between the parties shall be in New Jersey.
12. Agreement to Conduct Transactions Electronically The Parties agree that until termination of this Agreement: (a) all transactions for or regarding the use of the Information System may be conducted electronically; and (b) communications of any nature with the Parties or their agents may be sent to any electronic address that the Parties or their agents have provided, unless the Parties both agree in writing that certain of the Parties' addresses will only be used for certain kinds of communications. If the Parties do not wish to deal with each other electronically, do not enter into this Agreement or, if already entered into, terminate this Agreement. Termination of this Agreement will not affect acts or obligations taken or incurred before termination. If applicable law, now or later, requires the Parties to communicate with each other nonelectronically, RAI reserve the right to charge a lawful fee for doing so. RAI also reserves the right to provide all or any part of its services non-electronically. If RAI does so, those non-electronic services will still be governed by this Agreement (unless the Parties enter into a different agreement on a form provided by RAI).
13. Representation of Authority Each individual whose signature appears under the Parties' names below hereby represents and warrants that he or she has the appropriate authority to bind that Party on whose behalf he or she has signed, and that no further corporate action is necessary to establish a binding agreement between the Parties as to the matters addressed herein.
14. Waiver The failure of a party hereto to insist upon strict adherence to any term of this Agreement on any occasion shall not be considered a waiver or deprive that party of the right thereafter to that term or any other term of this Agreement.
15. Severability If any provision of this Agreement shall be declared invalid or illegal for any reason whatsoever, then notwithstanding such invalidity or illegality, the remaining terms and provisions of the within Agreement shall remain in full force and effect in the same manner as if the invalid or illegal provisions had not been contained herein.
16. Headings The paragraph headings in this Agreement are solely for convenience or reference and shall not affect its interpretation.
17. Notice Whenever, under the provisions of this Agreement, notice is required to be given, it shall be in writing and shall be deemed given when mailed, certified or registered mail, return receipt requested, addressed to the parties at the addresses set forth above.
Do not accept this Agreement until you have reviewed it. This agreement contains disclosures to you and also includes your promises, representations and warranties.
EXHIBIT A - THE PRACTICE'S INFORMATION SYSTEM RESPONSIBILITIES
The Practice shall be responsible for performing the following activities with respect to access to the issuance and maintenance of usernames and passwords for the Information System:
1. specifying and implementing the policies and procedures for access control that are required by HIPAA;
2. determining which of its physicians and workforce members should be identified as System Users by virtue of the fact that such individuals have a job-related need to access the Information System;
3. establishing requirements that must be met before a System User can be granted access privileges (i.e., a username and password) to the Information System;
4. developing a method for System Users to request access privileges to the Information System;
5. reviewing all access privilege requests to determine whether they meet the established requirements (i.e., for a job-related need);
6. developing a process to track each access privilege request and whether such request was approved or denied;
7. assigning all approved System Users a unique username;
8. establishing procedures for updating access when System Users require initial access, increased access or termination of access;
9. ensuring that only individuals with a need to know have access to the Information System;
10. training all approved System Users regarding appropriate access to and use of Information System; and
11. notifying RAI in event of unauthorized access or use of Information System or other breach of HIPAA Privacy and Security Rules.
EXHIBIT B - RAI'S INFORMATION SYSTEM RESPONSIBILITIES
RAI shall be responsible for performing the following activities with respect to access to the Information System:
1. configuring the Information System so that usernames and passwords assigned by RAI will allow access to the Information System;
2. identifying and authenticating usernames and passwords that are used to log into the Information System (However, RAI does not assume responsibility for determining if a username and password are incorrectly used by a person to whom they are not assigned, or if the access associated with a username and password is used in a way that is not authorized for that username and password.);
3. ensuring that access to the Information System and access activity can be traced to a specific System User;
4. ensuring that the necessary data is available to support access audits and other functions related to Information System access; and
5. determine if any changes are needed, and implement such changes, for technical access control mechanisms in the Information System.
Contact Information
*First Name
*Last Name
*Title
*Date
*Email
Are you a referring physician? Please provide the NPI.
*Is this a password reset? Yes No
*Acceptance of Agreement
Submit