Fill - Free fillable Business Partner Security Agreement (Center for Health Information and Analysis) PDF form

Business Partner Security Agreement - Page 1 of 3

Business Partner Security Agreement

This Data Reporting Security Agreement (“Agreement”) is made as of

between the Center for Health Information and Analysis (“CHIA”) and

Date

Business Partner Company Name (please print)

Type of Entity (Hospital, Long Term Care Facility, Carrier, etc.)

This Agreement describes the terms and conditions by which the Data Reporter will submit data through

CHIA’s web-based submission platforms or SFTP.

SECTION 1:

DEFINITIONS

In this Agreement, the following terms have the following meanings:

Agreement Administrator - The person designated by the Data Reporter that will manage User access to CHIA’s

submission platform for the Data Reporter. This person will create/request new User accounts, manage existing User

accounts and reset User passwords.

Data Reporter - Entities that report information to CHIA.

Web-Based Submission Platforms – CHIA allows access to file submission platforms (e.g. CHIA Submissions, CHIA-

INET), which are accessed via an internet browser connection to a secured website. CHIA will furnish all connection

details required for successful connection dependent on the type of file submitted to CHIA (e.g. Hospital Financial

Reporting, MA APCD, Case Mix). CHIA’s Internet websites securely collect information from Data Reporters and allow

Users to download reports related to the information submitted.

Patient-Level Data - Data required to be submitted to CHIA by regulation that includes patient-level data elements

that are protected from disclosure by HIPAA, M.G.L. c. 66A and/or the Fair Information Practices Act. Patient-level data

includes, but is not limited to, detailed information about a person (name, SSN, medical record number, date of birth,

etc), data contained in inpatient case mix and discharge data, emergency department data, outpatient observation data,

and free care application and all claims data.

Data Encryption / Security – CHIA utilizes proprietary software programs (e.g. FileSecure and SENDS) for Data

Reporters to encrypt and decrypt shared files.

User - A person authorized by the Data Reporter to submit data to CHIA through CHIA’s Submission Platform(s) that has

executed a CHIA-INET/Submissions Platform User Agreement and to which CHIA has granted access to CHIA’s

submission platform. A User may be a Data Reporter employee or contractor, or an employee of a Data Reporter

contractor or intermediary.

User Agreement - The Agreement executed between Data Reporter and their employee(s) or representative(s)

acknowledging that they are aware and will abide by the terms and conditions of use set forth in this agreement.

SFTP (Secure File Transfer Protocol) – Software client (varies by submitter) used to securely transfer data to CHIA after

encryption.

Business Partner Security Agreement - Page 2 of 3

The parties agree as follows:

SECTION 2: RESPONSIBILITIES OF THE PARTIES

The Data Reporter will use CHIA’s web-based platforms or SFTP to successfully transmit encrypted data filings. The Data

Reporter will require each User to execute a User Agreement. The Data Reporter will retain the original User Agreement for

each User they allow access to CHIA’s submission platforms. User agreements must be signed annually to ensure staff is

aware of their security obligations. The Data Reporter shall provide the User Agreement(s) to CHIA upon request.

The Data Reporter will authorize access to at least one Agreement Administrator. The Agreement Administrator

representing the Data Reporter will authorize access only to persons that need to submit or retrieve required data.

The Data Reporter will institute appropriate password controls for each User and will ensure that each User accesses

CHIA’s submission platform(s) using only his or her own user ID and password and will not share this information with

any other person. The Data Reporter will immediately notify CHIA when a User is no longer authorized to access

CHIA’s submission platform due to resignation, termination, or breach of a term of this Agreement or the User

Agreement or have the Agreement Administrator delete the User account.

CHIA will approve valid system access to each User the Agreement Administrator requests. The Data

Reporter must utilize CHIA’s encryption software tools to encrypt data containing patient-level data using

File Secure or SENDS before submitting such data.

Confidential Data Reporting Security Agreement

The Data Reporter shall institute appropriate password controls for each User and shall regularly run anti-virus software

to prevent the input or uploading of any viruses or other disabling or malicious code capable of disrupting or disabling

computer hardware or software.

The Data Reporter will retain a copy of any data submitted via CHIA’s submission platform(s) sufficient to enable it to

resubmit if the original submission is lost or destroyed before it is processed by CHIA.

The Data Reporter is solely responsible for the preservation, privacy, and security of data in its possession, including

data in transmissions received from CHIA. Use of an intermediary shall not relieve the Data Reporter of any risks

or obligations assumed by it under this Agreement, or under applicable law and regulations. The Data Reporter agrees:

(a) not to copy, disclose, publish, distribute or alter any data, data transmission, or the control structure applied to

transmissions, or use them for any purpose other than the purpose for which the Data Reporter was specifically

given access and authorization by CHIA;

(b) not to obtain access to any data, transmission, or CHIA’s systems by any means or for any purpose other than as

CHIA has expressly authorized the Data Reporter; and

immediately notify CHIA to arrange for its return or

resubmission as CHIA directs. After such return

or resubmission, the Data Reporter will immediately delete all copies of such data remaining in its possession.

Each party will take reasonable steps to ensure that the information submitted in each electronic transmission is timely,

complete, accurate and secure, and will take reasonable precautions to prevent unauthorized access to (a) its own

and the other party’s transmission and processing systems, (b) the transmissions themselves, and (c) the control

structure applied to transmissions between them.

Each party agrees to notify the other party immediately if an employee or agent, including any User, has breached the

Agreement or any provision of this Agreement. Such notification will include the identity of such individuals and the nature

of the breach. CHIA shall have the right, at its own expense and after reasonable notice, to conduct an audit of Data

Reporter during normal working hours to determine if Data Reporter is in compliance with the terms of this Agreement.

CHIA may terminate this Agreement, and the Data Reporter’s access to CHIA’s Submission Platform, at any time if it

determines that the Data Reporter is not in compliance with the terms of this Agreement.

Each party is responsible for all costs, charges, or fees it may incur by transmitting electronic transmissions to, or

receiving electronic transmissions from, the other party. Each party will provide and maintain at its own expense the

personnel, equipment, software, training, services and testing necessary to implement the requirements of this Agreement.

Each party shall regularly run anti-virus software to prevent the input or uploading of any viruses or other code capable

of disrupting or disabling computer hardware or software.

This Agreement will expire when the Data Reporter no longer submits to or receives data from CHIA’s submission

platform(s), or upon termination by CHIA. Termination of this Agreement will not relieve the Data Reporter of its

obligations under this Agreement with respect to CHIA data received by the Data Reporter before the effective date of the

termination.

Business Partner Security Agreement - Page 3 of 3

Confidential Data Reporting Security Agreement (continued)

The signer of this agreement must be legally authorized to sign on behalf of the Data Reporter’s company.

Preferably, the signer should be the COO, CFO or other person.

Data Reporter Information

Data Reporter Authorized Signature and Date

Printed Name of Signer

Title of Signer

Telephone Number

E-mail Address

Address

City, State, Zip Code

Federal Employer Identification Number

Center for Health Information and Analysis

(CHIA) Administrator Information

CHIA Authorized Signature

Printed Name of CHIA Administrator

Title of CHIA Administrator

Telephone Number

E-mail Address

Address

City, State, Zip Code

I hereby designate the following employee as the user

account administrator for our Data Reporting entity. This person will have the authority to add, modify and delete

users for our entity as well as reset passwords for the use of file submission platforms, administered by CHIA. I will

promptly notify the CHIA of any changes in this person’s employment status with our company.

Print User Name:

E-mail Address:

User Phone:

CHIA will contact the designated administrator listed above with instructions and assist them in getting started in

this role.

click to sign

signature

click to edit

click to sign

signature

click to edit

Download
Save PDF to desktop

Email
Email completed PDF

Send for Signing
Email for others to sign

Print
Print document

NAME

Business Partner Security Agreement (Center for Health Information and Analysis)

View Audit Log
Print With Audit Log
Duplicate Document

Fill Online, Printable, Fillable, Blank Business Partner Security Agreement (Center for Health Information and Analysis) Form

Related forms

Fillable Business Partner Security Agreement (Center for Health Information and Analysis)

Fill Online, Printable, Fillable, Blank Business Partner Security Agreement (Center for Health Information and Analysis) Form

Related forms

First 20 documents completely FREE!