Sign In Get Started!
Brief Your Project

Maverick Creative Group HIPAA Statement

Maverick Creative Group has received independent third-party verification that it complies with the rules and regulations of HIPAA. For more details, please contact privacy@maverickcreativegroup.com.

Business Associate Agreement for Maverick Creative Group “Covered Entity” Customers

These Standard HIPAA Business Associate Agreement Terms and Conditions (“HIPAA Addendum”) shall be incorporated into the Master Service Agreement for Customers that are Covered Entities (as defined below) that provide Protected Health Information (“PHI”)(as defined below) to Maverick Creative Group in connection with the services they have purchased. These terms supplement the purchase agreement between Maverick Creative Group and Customers (“Underlying Agreement”) in order to comply with the federal Standards for HIPAA of Individually Identifiable Health Information, located at 45 C.F.R. Part 160 and Part 164, Subparts A through E (“HIPAA Rule”) and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the “HITECH Act”).

1. CATCH-ALL DEFINITIONS

The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.

2. SPECIFIC DEFINITIONS

Terms used, but not otherwise defined, in this HIPAA Addendum shall have the same meaning as those terms in the Privacy Rule or the HITECH Act:

  • “Breach” shall have the same meaning given to such term under 42 U.S.0 § 17921.
  • “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Maverick Creative Group.
  • “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean [Insert Name of Covered Entity].
  • “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
  • “Individual” shall have the same meaning as the term “individual” in 45 C.F.R. §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
  • “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of the Covered Entity.
  • “Required by Law” shall have the same meaning as the term “required by law” in 45 C.F.R. §160.103.
  • “Unsecured PHI” shall have the same meaning given to such term under the HITECH Act and any guidance issued pursuant to this act.

3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE

Maverick Creative Group agrees to:

  • Use and Disclosure of PHI: Maverick Creative Group shall not use or disclose PHI other than as permitted or required by this HIPAA Addendum or as Required by Law. Maverick Creative Group shall not use or disclose PHI for fundraising or marketing purposes.
  • Safeguards: Maverick Creative Group shall use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.
  • Mitigation: Maverick Creative Group shall mitigate, to the extent practicable, any harmful effect that is known to Maverick Creative Group of a use or disclosure of PHI by Maverick Creative Group in violation of the requirements of this HIPAA Addendum.
  • Reporting: Maverick Creative Group shall report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware.
  • Disclosure to Agents and Subcontractors: Ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Maverick Creative Group agree to the same restrictions, conditions, and requirements that apply to Maverick Creative Group with respect to such information.
  • Designated Record Set: Maverick Creative Group shall provide access, at the request of Covered Entity, to PHI in a Designated Record Set in order to meet the requirements under 45 C.F.R. § 164.524.
  • Internal Practices, Policies and Procedures: Maverick Creative Group shall make available its internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Maverick Creative Group on behalf of, Covered Entity available to the Covered Entity and to the Secretary of Health and Human Services (“Secretary”) for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule and the HITECH Act.
  • Accounting for Disclosures: Maverick Creative Group agrees to maintain the information required to provide an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and to make this information available to the Covered Entity upon the Covered Entity’s request in order to allow the Covered Entity to respond to an Individual’s request for accounting of disclosures.
  • Security Obligations: Maverick Creative Group shall implement appropriate safeguards as are necessary to prevent the use or disclosure of PHI otherwise than as permitted by the Underlying Agreement or this HIPAA Addendum.

4. PERMITTED USES AND DISCLOSURES BY MAVERICK CREATIVE GROUP

Except as otherwise limited in this HIPAA Addendum, Maverick Creative Group may use or disclose PHI to perform functions, activities, or services for or on behalf of the Covered Entity as specified in the Underlying Agreement, provided such use or disclosure would not violate the Privacy Rule including, but not limited to, each applicable requirement of 45 C.F.R. § 164.504(e) and the HITECH Act.

5. PROVISIONS FOR COVERED ENTITY TO INFORM BUSINESS ASSOCIATE OF PRIVACY PRACTICES AND RESTRICTIONS

  • Notice of Privacy Practices: The Covered Entity shall notify Maverick Creative Group of any limitation(s) in the notice of privacy practices of the Covered Entity under 45 C.F.R. § 164.520, to the extent that such limitations may affect Maverick Creative Group’s use or disclosure of PHI.
  • Changes in Permission: The Covered Entity shall notify Maverick Creative Group of any changes in, or revocation of, permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect Maverick Creative Group’s use or disclosure of PHI.
  • Notification of Restrictions: The Covered Entity shall notify Maverick Creative Group of any restriction to the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect Maverick Creative Group’s use or disclosure of PHI.
  • Permissible Requests by Covered Entity: The Covered Entity shall not request Maverick Creative Group to use or disclose PHI in any manner that would not be permissible under the Privacy Rule and the HITECH Act if done by Covered Entity. Exceptions if certain provisions are made; Data aggregation, Management and administration and Legal responsibilities of Maverick Creative Group (one or more may apply).

6. TERM AND TERMINATION

  • Term: The Term of this HIPAA Addendum shall be effective as of the first day that the Covered Entity provides PHI to Maverick Creative Group and shall terminate when all of the PHI provided by the Covered Entity to Maverick Creative Group, or created or received by Maverick Creative Group on behalf of the Covered Entity, is destroyed or returned to the Covered Entity, or if it is infeasible to return or destroy PHI, protections are extended to such information in accordance with the termination provisions in this Section.
  • Termination for Cause: Maverick Creative Group authorizes termination of this Agreement by the Covered Entity, if the Covered Entity determines Maverick Creative Group has violated a material term of the Agreement:
    • Provide 60 days advance written notice specifying the nature of the breach or violation to Maverick Creative Group. Maverick Creative Group shall have 60 days from the date of the notice in which to remedy the breach or violation. If such corrective action is not taken within the time specified, this HIPAA Addendum and the Underlying Agreement shall terminate at the end of the 60 day period without further notice or demand.
    • Immediately terminate this HIPAA Addendum and the Underlying Agreement if Maverick Creative Group has breached a material term of this HIPAA Addendum and cure is not possible.
    • Report the violation to the Secretary if neither cure of the breach nor termination of this HIPAA Addendum and the Underlying Agreement are feasible.
  • Obligation of Maverick Creative Group Upon Termination:
    • Upon termination of this HIPAA Addendum or the Underlying Agreement, for any reason, Maverick Creative Group shall return or destroy all PHI received from Covered Entity, or created, maintained or received by Maverick Creative Group on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Maverick Creative Group. Maverick Creative Group shall retain no copies of the PHI.
    • Upon termination of this Agreement for any reason, Maverick Creative Group, with respect to PHI received from Covered Entity, or created, maintained, or received by Maverick Creative Group on behalf of the Covered Entity, shall:
      • Retain only that PHI which is necessary for Maverick Creative Group to continue its proper management and administration or to carry out its legal responsibilities;
      • Return to the Covered Entity [or, if agreed to by Covered Entity, destroy] the remaining PHI that Maverick Creative Group still maintains in any form;
      • Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI to prevent use or disclosure of the PHI, other than as provided for in this Section, for as long as Maverick Creative Group retains the PHI;
      • Not use or disclose the PHI retained by Maverick Creative Group other than for the purposes for which such PHI was retained and subject to the same conditions set out that applied prior to termination;
      • Return to Covered Entity [or, if agreed to by Covered Entity, destroy] the PHI retained by Maverick Creative Group when it is no longer needed by Maverick Creative Group for its proper management and administration or to carry out its legal responsibilities;
    • In the event that Maverick Creative Group determines that returning or destroying PHI is not feasible, Maverick Creative Group shall notify Covered Entity in writing of the conditions that make return or destruction infeasible. If return or destruction of the PHI is infeasible, Maverick Creative Group shall extend the protections of this HIPAA Addendum to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Maverick Creative Group maintains such PHI.

7. MISCELLANEOUS IN ADDITION TO TERMS AND CONDITIONS

  • Regulatory References: A reference in this HIPAA Addendum to a section in the Privacy Rule or the HITECH Act means the section as in effect or as amended.
  • No Third Party Beneficiaries: Nothing in this HIPAA Addendum shall be considered or construed as conferring any right or benefit on a person not party to this HIPAA Addendum nor imposing any obligations on either Party hereto to persons not a party to this HIPAA Addendum.
  • Amendments: Maverick Creative Group reserves the right to change the terms and conditions of this HIPAA Addendum at any time. Maverick Creative Group will notify the Covered Entity of any material changes to this HIPAA Addendum by sending the Covered Entity an e-mail to the last e-mail address the Covered Entity provided to Maverick Creative Group or by prominently posting notice of the changes on Maverick Creative Group’s website. Any material changes to this HIPAA Addendum will be effective upon the earlier of thirty (30) calendar days following Maverick Creative Group’s dispatch of an e-mail notice to the Covered Entity or thirty (30) calendar days following Maverick Creative Group’s posting of notice of the changes on its website. These changes will be effective immediately for new Maverick Creative Group Clients. Please note that at all times the Covered Entity is responsible for providing Maverick Creative Group with its most current e-mail address. In the event that the last e-mail address that the Covered Entity has provided Maverick Creative Group is not valid, or for any reason is not capable of delivering to the Covered Entity the notice described above, Maverick Creative Group’s dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. If the Covered Entity does not agree with the changes to this HIPAA Addendum, the Covered Entity must notify Maverick Creative Group prior to the effective date of the changes that the Covered Entity wishes to terminate its subscription to the applicable Maverick Creative Group services. Continued use of the Maverick Creative Group services following notice of such changes shall indicate the Covered Entity’s acknowledgment of such changes and agreement to be bound by the terms and conditions of such changes.
  • Interpretation: The provisions of this HIPAA Addendum shall prevail over the provisions of any other agreement that exists between the Parties that may conflict with, or appear inconsistent with, any provision of this HIPAA Addendum, the Privacy Rule or the HITECH Act.
  • No Third Party Beneficiaries: The Business Associate and Covered Entity do not intend, nor does anything expressed or implied in this Agreement intend to confer, upon any person other than the Business Associate and Covered Entity and their respective successor or assigns, any rights, remedies, obligations or liabilities whatsoever.
  • Independent Contractor: The Business Associate is performing services pursuant to the Agreement and for all purposes hereunder, the Business Associate’s status shall be that of an independent contractor.