Alliance for Patient Medication Safety

Order

Billing Information

Location Information

Copy Billing Information

User Information

To log into your account, a text message will be sent to this mobile number.
Mobile Opt-Out: If you choose to opt-out of mobile two-factor, an APMS representative will contact you to arrange an alternate method.

Payment Information

Apply Promocode

Alliance for Patient Medication Safety?
Business Associate Agreement

Updated BAA August 2013

This BUSINESS ASSOCIATE AGREEMENT (this "BA Agreement") is made by and between the Pharmacy ("Provider") and the Alliance for Patient Medication Safety® ("Business Associate") (Provider and Business Associate shall be referred to herein individually, as a "Party" and together, as the "Parties"), Capitalized terms used in this BA Agreement without definition shall have the respective meanings assigned to such terms by the administrative simplification section of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended by HITECH (as defined in Section 1.3 of this BA Agreement) (collectively, "HIPAA").
RECITALS
WHEREAS, Provider and Business Associate are parties to an agreement setting forth services that require Business Associate to have access to Protected Health Information (the "Participation and Confidentiality Agreement"); and
WHEREAS, it is the intent of Provider and Business Associate to append this BA Agreement to the Participation and Confidentiality Agreement for the Parties to comply with HIPAA.
NOW THEREFORE, in consideration of the mutual premises and covenants contained herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Provider and Business Associate agree as follows:
AGREEMENT

  • GENERAL PROVISIONS
    • Effect.  The provisions of this BA Agreement shall control with respect to Protected Health Information Business Associate receives from or on behalf of Provider, and the terms and provisions of this BA Agreement shall supersede any conflicting or inconsistent terms and provisions of the Participation and Confidentiality Agreement, including all exhibits or other attachments thereto and all documents incorporated therein by reference, to the extent of such conflict or inconsistency.  This BA Agreement shall not modify or supersede any other provision of the Participation and Confidentiality Agreement.
    • No Third Party Beneficiaries.  The Parties have not created and do not intend to create by this BA Agreement any third party rights, including, but not limited to, third party rights for Individuals.
    • HIPAA Amendments.  The Parties acknowledge and agree that the Health Information Technology for Economic and Clinical Health Act and its implementing regulations ("HITECH") imposes new requirements with respect to privacy, security and breach notification applicable to business associates (collectively, the "HITECH BA Provisions").  The provisions of HITECH and the HITECH BA Provisions are hereby incorporated by reference into this BA Agreement as if set forth in this BA Agreement in their entirety. Notwithstanding anything to the contrary, the HITECH BA Provisions will be effective on the Effective Date or such subsequent date as may be specified in HITECH.
  • OBLIGATIONS OF BUSINESS ASSOCIATE
    • Use and Disclosure of Protected Health Information Business Associate may use and disclose Protected Health Information as permitted or required under this BA Agreement or as Required By Law, but shall not otherwise use or disclose any Protected Health Information.  Business Associate shall not and shall assure that its employees, other agents and contractors do not use or disclose Protected Health Information received from Provider in any manner that would constitute a violation of HIPAA if so used or disclosed by Provider.  Without limiting the generality of the foregoing, Business Associate is permitted to use or disclose Protected Health Information as set forth below:
      • Business Associate may use Protected Health Information internally for Business Associate's proper management and administration or to carry out its legal responsibilities.
      • Business Associate may disclose Protected Health Information to a third party for Business Associate's proper management and administration, provided that (1) the disclosure is Required by Law, or (2) Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that the Protected Health Information will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the third party, and the third party notifies Business Associate of any instances of which it is aware in which the confidentiality of the Protected Health Information has been breached. 
      • Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Provider if required or permitted under the Participation and Confidentiality Agreement or this BA Agreement.
      • Business Associate may de-identify Protected Health Information, consistent with the applicable HIPAA requirements, specifically 45 C.F.R. § 164.514(b).
    • Safeguards.  Business Associate shall use appropriate safeguards to prevent the use or disclosure of Protected Health Information other than as permitted or required by this BA Agreement.  In addition, Business Associate shall comply with the applicable provisions of 45 C.F.R. Part 164, Subpart C to the extent that Business Associate creates, receives, maintains, or transmits Electronic Protected Health Information on behalf of Provider.
    • Minimum Necessary Standard To the extent required by the "minimum necessary" requirements of HIPAA, Business Associate shall only request, use and disclose the minimum amount of Protected Health Information necessary to accomplish the purpose of the request, use or disclosure. To the extent practicable, Business Associate shall only request, use or disclose a Limited Data Set and shall comply with the minimum necessary guidance to be issued by the Secretary pursuant to HITECH.
    • Mitigation.  Business Associate shall take reasonable steps to mitigate, to the extent practicable, any harmful effect (that is known to Business Associate) of a use or disclosure of Protected Health Information by Business Associate in violation of this BA Agreement.
    • Agreements by Third Parties.  In accordance with 45 C.F.R. §§ 164.308(b)(2) and 164.502(e)(1)(ii), Business Associate shall obtain and maintain a written agreement with each agent or subcontractor that creates, receives, maintains, or transmits Protected Health Information on behalf of Business Associate which agreement shall bind the agent or subcontractor to the same obligations that Business Associate has under this BA Agreement with respect to the Protected Health Information.
    • Reporting of Improper Disclosures of Protected Health Information.
      • Business Associate shall, without unreasonable delay, but in no event later than ten (10) business days after becoming aware of any acquisition, access, use, or disclosure of Protected Health Information in violation of this BA Agreement by Business Associate, its employees, other agents or contractors ("Unauthorized Use or Disclosure"), report such Unauthorized Use or Disclosure to Provider.  Without limiting the foregoing, Business Associate shall report the Unauthorized Use or Disclosure even if it determines that the Unauthorized Use or Disclosure did not compromise the privacy or security of the Protected Health Information. 
      • Business Associate shall, without unreasonable delay, but in no event later than ten (10) business days after becoming aware of any Security Incident, report it to Provider.  Notwithstanding the foregoing, Business Associate and Provider acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings, failed log-in attempts, and port scans, and Provider acknowledges and agrees that no additional notification to Provider of such unsuccessful Security Incidents is required. 
      • Business Associate shall, without unreasonable delay, but in no event later than ten (10) business days after discovery of a Breach of Unsecured Protected Health Information report such Breach to Provider. 
      • Business Associate shall reimburse Provider for all costs, expenses and damages (including reasonable attorneys fees) associated with any notifications to individuals or mitigation steps taken by Provider to comply with HIPAA or state law resulting from any Unauthorized Use or Disclosure, Security Incident or Breach caused directly by Business Associate's actions or omissions.  This reimbursement obligation shall survive the expiration or earlier termination of the Participation and Confidentiality Agreement and this BA Agreement.
    • Access to Protected Health Information.  Within ten (10) business days of a request by Provider for access to Protected Health Information about an Individual contained in any Designated Record Set of Provider maintained by Business Associate, Business Associate shall make available to Provider such Protected Health Information for so long as Business Associate maintains such information in the Designated Record Set.  If Business Associate receives a written request for access to Protected Health Information directly from an Individual, Business Associate shall forward such request to Provider within five (5) business days.
    • Availability of Protected Health Information for Amendment.  Within ten (10) business days of receipt of a request from Provider for the amendment of an Individual's Protected Health Information contained in any Designated Record Set of Provider maintained by Business Associate, Business Associate shall provide such Protected Health Information to Provider for amendment and incorporate any such amendments in the Protected Health Information (for so long as Business Associate maintains such information in the Designated Record Set) as required by 45 C.F.R. §164.526.  If Business Associate receives a written request for amendment to Protected Health Information directly from an Individual, Business Associate shall forward such request to Provider within five (5) business days.
    • Accounting of Disclosures.  Within ten (10) business days of notice by Provider to Business Associate that it has received a request for an accounting of disclosures of Protected Health Information (other than disclosures to which an exception to the accounting requirement applies), Business Associate shall make available to Provider such information as is in Business Associate's possession and is required for Provider to make the accounting required by 45 C.F.R. §164.528.
    • Availability of Books and Records.  Business Associate shall make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Provider available to the Secretary for purposes of determining Provider's and Business Associate's compliance with HIPAA.

Section 2.11.  Delegation of Obligations.  To the extent Business Associate is delegated to carry out Provider's HIPAA obligations under 45 C.F.R. Part 164, Subpart E, Business Associate shall comply with the applicable requirements of that part that apply to Provider in the performance of such delegated obligations.

  • Termination of Agreement
    • Termination Upon Breach of this BA Agreement.  Any other provision of the Participation and Confidentiality Agreement notwithstanding, either Party (the "Non-Breaching Party") may terminate the Participation and Confidentiality Agreement and this BA Agreement upon thirty (30) days advance written notice to the other Party (the "Breaching Party") in the event that the Breaching Party breaches this BA Agreement in any material respect and such breach is not cured within such thirty (30) day period.  If termination of the Participation and Confidentiality Agreement and this BA Agreement is not feasible, the Non-Breaching Party shall report the Breaching Party's breach to the Secretary, to the extent Required By Law.
    • Return or Destruction of Protected Health Information Upon Termination.  Upon expiration or earlier termination of the Participation and Confidentiality Agreement, this BA Agreement shall automatically terminate and Business Associate shall either return or destroy all Protected Health Information received from Provider or created or received by Business Associate on behalf of Provider and which Business Associate still maintains in any form.  Notwithstanding the foregoing, to the extent that Business Associate reasonably determines that it is not feasible to return or destroy such Protected Health Information, Business Associate shall extend the protections of this BA Agreement to such Protected Health Information and limit further uses or disclosures of such Protected Health Information to those purposes that make the return or destruction not feasible, for so long as Business Associate maintains such Protected Health Information. 
  • MISCELLANEOUS

Section 4.1     Counterparts.  This BA Agreement may be executed in two counterparts, each of which shall be deemed an original but both of which together shall constitute one and the same instrument. Copies of signatures sent by facsimile transmission or scanned and sent by email are deemed to be originals for purposes of execution and proof of this BA Agreement.
Section 4.2     Regulatory References. A reference in this BA Agreement to a section in HIPAA means the section as in effect or as amended and for which compliance is required.
Section 4.3     Amendment. No change, amendment, or modification of this BA Agreement shall be valid unless set forth in writing and agreed to by both parties.
Section 4.4     Interpretation. Any ambiguity in this BA Agreement shall be resolved to permit Provider and Business Associate to comply with HIPAA.
Section 4.5     Notice. Any notice, report or other communication required under this Agreement shall be in writing and shall be delivered personally, telegraphed, emailed, sent by facsimile transmission, or sent by U.S. mail.

Print This Agreement

Terms & Conditions for
License & Subscription Service Agreement

A Pharmacy must agree to the Terms and Conditions of this License and Subscription Agreement and to the APMS® Policies and Procedures for Pharmacies prior to using the Pharmacy Quality Commitment™("PQC+™") program. .

 

 

Background. The Alliance for Patient Medication Safety® ("APMS®") is a non-profit Component PSO (hereafter defined) listed under the Patient Safety Act (hereafter defined), having its principal place of business located at 2530 Professional Road, Suite 202, Richmond, VA 23235, and whose Parent Organization (hereafter defined) is National Alliance of State Pharmacy Associations, an Indiana non-profit, 501(c)(6) corporation. APMS® has developed a continuous quality improvement program that works in conjunction with an online internet patient safety data reporting program "Pharmacy Quality Commitment+™ ("PQC+™") designed to improve the safety of healthcare via the sharing and protection of Patient Safety Work Product (hereafter defined) related to quality-related events.
Pharmacy is a pharmacy more particularly described below (the "Pharmacy") who wishes to license from APMS® its Pharmacy Quality Commitment+™ ("PQC+™") program and is willing to comply with the terms of this Agreement.

IN CONSIDERATION of the covenants, obligations, terms and conditions set forth in this Agreement and other valuable consideration, including, without limitation, the payments described below and on the APMS® PQC+™ website (hereafter defined), APMS® and Pharmacy acknowledge and agree as follows and intend this Agreement to constitute a Bona Fide Contract (hereafter defined):

Additional Definitions.

 

  1. Except to the extent otherwise specifically defined in this Agreement, the following terms, to the extent used herein, are defined in 42 Code of Federal  Regulations

§3.20, which definitions are incorporated herein by reference: Affiliated Provider; Bona Fide Contract; Component PSO; Confidentiality Provisions; Disclosure; Entity; HHS; Identifiable Patient Safety Work Product; Nonidentifiable Patient Safety Work Product; Parent Organization; Patient Safety Act (PSA); Patient Safety Activities; Patient Safety


Evaluation System (PSES); Patient Safety Organization (PSO); Patient Safety Work Product (PSWP); Person; Provider; Responsible Person; and Workforce.
For purposes of this Agreement, the following terms shall be defined as set forth below:

    1. "APMS® Policies and Procedures" shall mean the policies and procedures adopted by APMS® from time to time for Providers to maintain compliance with the rules and requirements of the PQC™+ Program. The APMS® Policies and Procedures for the PQC+™ Program are available at www.pqc.net (the "APMS® PQC+™ website") and may be amended from time to time by APMS® in its sole discretion.
    2. "Rule" shall mean the rules and regulations issued by the HHS Secretary  to implement aspects of the PSA.
  2. Quality Improvement. APMS® shall develop and maintain the PQC+ Program, intended to track quality-related events in the Pharmacy and improve the quality of care provided by Pharmacy's Workforce.  APMS® agrees that it will preserve in confidence,  not disclose to others, and not use (except as permitted by the PSA, as set forth herein or in the APMS® Policies and Procedures) any and all PSWP received from Pharmacy.

License.

 

  1. APMS® hereby provides Pharmacy a non-exclusive license, for the term of this Agreement, to the PQC+™ Program, for use by Pharmacy solely at that location, with such use to be limited to the licensed location's own internal and confidential use, consistent with the ordinary course of its business. Other Pharmacy locations owned or operated by Pharmacy, even if an Affiliated Provider or otherwise co-owned or jointly operated with the licensed Pharmacy location, are not licensed under this Agreement and must have a separate license. Any other use of the PQC+™ Program  except as permitted by this Agreement will constitute a breach of this Agreement. To use the PQC+™ Program in more than one Pharmacy, Pharmacy understands and agrees that it must purchase additional licenses.

    1. Pharmacy holds no ownership interest in, and claims no ownership interest in, any PSWP reported to or developed by APMS®. Pharmacy is not authorized to create derivative works from the PQC™ Program or the PSWP itself. APMS® retains ownership of any PSWP or other derivative works generated by Pharmacy, and, to the extent Pharmacy obtains any rights in or to the PQC+™ Program and the PSWP,  Pharmacy  hereby agrees to and does assign to APMS® any and all such rights.
    2. APMS® has not (and does not intend to) verify the accuracy or completeness of the information obtained from Pharmacy or other Providers. Pharmacy agrees that APMS®, by offering and licensing the PQC+™ Program, is not practicing the profession of pharmacy or substituting its judgment for that of any licensed Provider. By using the PQC+™ Program, Pharmacy agrees to assume, and does hereby assume, all risks that may be associated with or arise from the use of inaccurate data.
  2. All Rights are Reserved. All material contained in the PQC+™ Program are copyrighted materials, trademarks and/or service marks of APMS® or its third party contractors.  No part of these materials may be copied or reproduced, or used other than  as provided in this Agreement without the specific prior written permission of APMS®. Pharmacy agrees that neither Pharmacy, nor its Workforce, shall reveal to any Person or Entity, or shall use or otherwise exploit for its own benefit or for the benefit of anyone other than APMS®, any aspect of the PQC+™ Program, including that as may be in the public domain through no fault of Pharmacy, nor shall it use or attempt to use any aspect of the PQC+™ Program other than as permitted by this Agreement and in no event in any manner which may injure or cause loss or may be calculated to injure or cause loss whether directly or indirectly to APMS®.
  3. Pharmacy Participation. Pharmacy agrees to actively participate in the PQC+™ Program by frequently reporting information concerning quality-related events at Pharmacy to APMS® as provided in the APMS® Policies and Procedures.
  4. Confidentiality and Disclosure.   Pharmacy agrees:

  1. To observe the Confidentiality Provisions of the PSA and the Rule and not to use or make Disclosure of PSWP collected and developed for reporting to APMS®, reported to APMS®, maintained by APMS®, or received from APMS® except as permitted by this Agreement, by the APMS® Policies and Procedures or as otherwise permitted by APMS® in writing;
  2. To educate its Workforce regarding the privileged and confidential nature of PSWP and restrict access to PSWP to Responsible Persons and those members of its Workforce who have a need to use such information as provided in the PSA, this Agreement and the APMS® Policies and Procedures;
  3. Not to take adverse employment actions or otherwise retaliate against Pharmacy employees or other members of its Workforce who, in good faith, report data to APMS®;
  4. To give immediate notice to APMS® if Pharmacy receives a subpoena or any federal or state governmental inquiry requesting Disclosure of any data, information or report that is PSWP. APMS® shall be authorized to assert the privilege for the PSWP and to respond to same on behalf of Pharmacy.
  5. Should Pharmacy desire to disclose either Identifiable or Nonidentifiable PSWP to a Person or Entity for purposes of business operations (as described in 42 C.F.R. § 3.206(b)(9)) or any other purpose, Pharmacy shall, before making such Disclosure, provide a written Disclosure request to APMS® indicating (1) the identity of the Person or Entity to whom Pharmacy desires to disclose the PSWP, (2) the contents of the PSWP it desires to disclose and (3) the reason for such desired Disclosure. After receiving Pharmacy's Disclosure request, APMS® shall, within a reasonable period of time, respond in writing to the Disclosure request by either granting Pharmacy permission to disclose the PSWP, granting Pharmacy permission to disclose the PSWP under certain conditions, or denying  such permission.

  1. Pharmacy acknowledges that 21 CFR Part 3 provides for penalties of up to

$10,000 for each unauthorized Disclosure of PSWP and that severe damages could occur to other participants in the PQC™ Program if Pharmacy discloses PSWP.

  1. Equitable Relief. Pharmacy acknowledges that the obligations, covenants and undertakings to which it has agreed, and the PQC™ Program itself, are unique and of extraordinary value, and that a breach of this Agreement by Pharmacy would cause APMS® irreparable damage including, without limitation, damages assessed by the Secretary of HHS. Accordingly, in the event of any such breach or threatened breach by Pharmacy, APMS® shall, in addition to its remedies at law, have the right to injunctive or other equitable relief, including temporary, preliminary, and permanent injunctions, to prevent Pharmacy's violation of this Agreement. Pharmacy agrees that any action taken pursuant to this Agreement shall be brought in federal or state courts located in the City  of Richmond, Virginia, and Pharmacy consents and irrevocably submits to  the jurisdiction and proper venue of those courts.
  2. Mandatory Reporting. Pharmacy acknowledges that it remains responsible to satisfy all mandatory reporting requirements for adverse patient events or other information required by Federal or state laws. APMS® is not obligated to provide any information to Federal or state agencies, except as may be specifically required by law or regulation. Except as so required, APMS® shall hold all PSWP as privileged and confidential according to the terms of the PSA and the Rule.

No Warranty; Limitations on Liability.

  1. APMS® makes no warranties, expressed or implied, with regard to the PQC Program. Any implied warranties are null and void to the extent allowed by law.
  2. APMS® HEREBY DISCLAIMS ANY IMPLIED WARRANTIES WITH RESPECT TO THE PQC PROGRAM, AND ANY OTHER SERVICES PROVIDED HEREUNDER, WHETHER ARISING BY COMMON LAW, STATUTE, OR EQUITY, INCLUDING WITHOUT LIMITATION,  THE  WARRANTIES  OF  MERCHANTABILITY    OR

FITNESS FOR A PARTICULAR PURPOSE (REGARDLESS OF WHETHER APMS® KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED, OR IS OTHERWISE IN FACT AWARE OF ANY SUCH PURPOSE).

  1. PHARMACY ACKNOWLEDGES THAT APMS® ONLY COMPILES AND ANALYZES THE INFORMATION CONTAINED IN THE PQC PROGRAM AND APMS® HAS NOT VERIFIED (AND DOES NOT INTEND TO VERIFY) AND DOES NOT WARRANT THE ACCURACY OF SUCH INFORMATION. PHARMACY AGREES THAT APMS® SHALL NOT BE LIABLE FOR SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  1. Term; Termination and Effect of Termination. The term of this Agreement shall commence on the date that the following items are received by APMS®:
    1. Execution of electronic acceptance of (i) this Agreement as indicated below, and the (ii) the Business Associate Agreement as described on the APMS® PQC+ website, and
    2. payment of the license fee for the initial calendar year as described on the APMS® PQC+ website;

and this Agreement shall continue thereafter from year to year upon payment of the renewal license fee as described on the APMS® PQC+ web site, unless sooner terminated as provided herein. Notwithstanding anything to the contrary contained herein, APMS® shall have the right to terminate this Agreement (i) immediately upon the termination or expiration of its arrangements with third party contractors to provide any portion of the services which are part of the PQC+ Program; (ii) if Pharmacy is in breach of any of its obligations hereunder and fails to remedy, or take and continue to take steps to remedy as expeditiously and reasonably possible, such breach within thirty (30) days following receipt of notice thereof from APMS®; or (iii) with thirty (30) days prior notice if APMS® should discontinue operations as a PSO.  Any expiration or termination of this Agreement


will have no effect upon rights or obligations relative to the confidential and privileged nature of PSWP collected, developed or maintained under this Agreement prior to the effective date of such expiration or termination.

  1. Indemnification. Using counsel reasonably satisfactory to APMS®, Pharmacy shall defend, protect, indemnify, and hold harmless APMS®, its officers, directors, employees, members, affiliates and agents from and against any claim, demand, loss, liability, damage or expense arising in any way from Pharmacy's breach of any term or provision of this Agreement or the APMS® Policies and Procedures. Pharmacy's agreement to protect, indemnify, hold harmless and defend as set forth herein shall not be negated or reduced by virtue of Pharmacy's insurance carrier's denial of insurance coverage for the occurrence or event which is the subject matter of the claim and/or refusal to defend the Pharmacy or APMS®. Pharmacy shall pay all costs and expenses including reasonable attorney's fees and all other expenses of litigation, incurred by APMS® to enforce the foregoing agreement to protect, indemnify, hold harmless and defend APMS®.
  2. Assignment. Pharmacy shall not assign this Agreement without the prior written consent of APMS®, which consent may be freely withheld by APMS®.
  3. No Third Party Beneficiaries. This Agreement does not create, nor shall it be deemed to create, any rights in any Person or Entity not a party to this Agreement.
  4. Amendment. The terms of this Agreement may be amended or modified only by mutual written agreement of the parties.
  5. Governing Law. This Agreement shall be governed by, construed, and enforced in accordance with the laws of the State of Virginia without giving effect to the choice of laws provision.
  6. Entire Agreement. This Agreement contains the entire Agreement and understanding between the parties and supersedes all prior and contemporaneous agreements, terms, and conditions, whether written or oral, made by the parties concerning the subject of this Agreement.

  1. Notices. All notices given or required to  be given hereunder shall be deemed  duly given if in writing and forwarded to the parties at their respective addresses noted below (a) on the delivery date if delivered personally to the party to whom the same is directed; (b) one business day after deposit with a commercial overnight carrier, with written verification of receipt; or (c) five (5) business days after the mailing date, if sent by U.S. registered or certified mail, return receipt requested, postage and charges prepaid, or any other means of rapid mail delivery for which a receipt is available, to the address  of the party to whom the same is directed as set forth below (or to such other address as any party may designate by notice duly given).
Print This Agreement