p>We are committed to maintaining a safe environment for patients, their families and visitors. Visit our COVID-19 resource center for information about visitor guidelines, vaccines and boosters, symptoms, testing and more.
Electronic Health Record Access Agreement (Virginia Mason Medical Center)
This is an Agreement ("EHR Access Agreement") between Virginia Mason Medical Center ("Virginia Mason") and the undersigned ("Company"), to which Virginia Mason has agreed to provide access to its electronic health record ("EHR Data"), subject to the terms of this EHR Access Agreement and Virginia Mason policy. The Effective Date of this Agreement shall be the date upon which access provisioning is approved for Company, pursuant to Virginia Mason policy.
Company understands and agrees to all the following terms and conditions, as a condition of such EHR Data access:
Authorized Users; Access. Access shall be limited to Company workforce users who have applied for and been granted access to Virginia Mason EHR Data ("Authorized Users"). Authorized User access shall be contingent on existence of an unexpired EHR Access Agreement covering user's access, and user's continued compliance with the EHR Access Agreement terms and Virginia Mason policies and procedures. Company expressly acknowledges and accepts responsibility for each user granted access to the EHR Data. Access will be provided via TLS secured HTTPS. As technology evolves, Virginia Mason may alter the method for access.
EHR Data access is provided for the following purpose: treatment (the "Purpose"). Access shall be "read-only". Access to Virginia Mason's EHR Data is a privilege that Virginia Mason may revoke at any time. Virginia Mason reserves the right to revoke access without notification, in response to an actual or suspected Breach (defined below) of this EHR Access Agreement. Should the Company fail to comply with Virginia Mason security policies and procedures, revocation of access privileges will satisfy the HIPAA sanction requirement found at 45 CFR § 164.308(a)(1)(ii)(C).
Privacy and Confidentiality. Company and its Authorized Users shall access EHR Data only for the specific Purpose described above. Company and Authorized Users shall at all times treat EHR Data as strictly confidential and shall not disclose EHR Data, or otherwise make EHR Data available to any other person or entity, except with the prior written consent of Virginia Mason, or as may be required by law. Company agrees to specifically protect, and require Authorized Users to specifically protect, the confidentiality of the personally identifiable health and other proprietary information that is part of the EHR Data. Company, and its Authorized Users, shall comply with applicable Virginia Mason policies and procedures regarding privacy and confidentiality and cooperate with Virginia Mason in complying with regulatory requirements related to access, including patient restrictions and accounting of disclosures.
This EHR Access Agreement is not intended to, and shall not grant, to Company, or any Authorized User, a right to access any other records besides the EHR Data, nor access any records for any other Purpose. Company shall insure that its Authorized Users do not access information on family members, friends, or co-workers unless such access is a required part of job functions and consistent with the Purpose. Company shall further prohibit its Authorized Users from in any way divulging, copying, screen printing, releasing, selling, altering, posting online, destroying or forwarding EHR Data.
The foregoing privacy and confidentiality requirements continue to apply, even after Company or its Authorized Users no longer have access to the EHR Data, or this EHR Access Agreement has been terminated.
If Company has entered into a Business Associate Agreement ("BAA") with Virginia Mason, then in the event of any conflict between the BAA and this EHR Access Agreement, the terms of the BAA shall apply.
Breach. Company shall report to Virginia Mason any use or disclosure not authorized by this EHR Access Agreement of patient information or other confidential or proprietary information ("Breach"), without unreasonable delay but not later than ten (10) calendar days following discovery of such Breach; and cooperate with Virginia Mason's investigation and requests for information. As applicable, the report shall include the identification of each patient whose confidential health or other information has been or is reasonably believed to have been compromised and other information as requested by Virginia Mason.
Security. Company agrees that any individual passcode issued to its Authorized User must be used ONLY by that Authorized User and may not be shared with anyone else, because it uniquely identifies the Authorized User and the Authorized User's usage activity. The passcode may periodically expire. Company acknowledges that Virginia Mason may periodically audit the Authorized User's access to the EHR Data and that Company agrees to provide information reasonably required for such audits within five (5) business days of the request. Virginia Mason may periodically require the Authorized User to provide information to verify his/her identity.
Authorized Users shall have received annual HIPAA Compliance Training.
If any Authorized User is terminated from or leaves the employment of Company, or no longer requires access to Virginia Mason's EHR, Company shall immediately report such change to Virginia Mason's Help Desk at 206-583-6402. Company's failure to so notify Virginia Mason constitutes a Breach of this EHR Access Agreement, including for purposes of section 6 below.
Unauthorized Use. Company agrees that failure to comply with these confidentiality, privacy and security requirements or using the EHR Data in an unauthorized manner will be treated as a Breach of this EHR Access Agreement. If Company suspects a violation of privacy or security, it shall immediately report the incident to Virginia Mason's Privacy Officer at 206-223-7505.
Indemnification. Company indemnifies and holds Virginia Mason harmless from any claims, liabilities, losses, damages, fines, penalties or costs and expenses (including reasonable attorneys' fees) arising out of, or related to: (i) a Breach of this EHR Access Agreement, or (ii) the acts or omissions of Company, an Authorized User, or other directors, officers, employees or agents of Company under this EHR Access Agreement. This indemnification shall survive termination or expiration of this EHR Access Agreement, and shall be in addition to any indemnification set forth in a BAA.
Ownership of EHR Data. Virginia Mason shall be the sole owner of the EHR Data, including any adaptations or copies of the EHR Data, and ownership of the EHR Data shall include any associated intellectual property rights.
Governing Law. This EHR Access Agreement shall be construed and interpreted in accordance with the laws of the State of Washington. In the event of a dispute, such dispute shall be first referred to nonbinding mediation with a mediator mutually agreeable to both parties. If the parties are unable to resolve the dispute through mediation, the forum for any additional proceedings shall be King County, Washington.
Notices. In the event of a Breach, Company shall provide written notice to Virginia Mason Medical Center, Attn: Privacy Officer, 1100 Ninth Ave, Mail Stop M7-IS, P.O. Box 900, Seattle, WA 98111.
Compliance with Law. The parties hereto shall comply with applicable laws and regulations governing their relationship, including, as applicable, the Health Insurance Portability and Accountability Act ("HIPAA") codified at 45 C.F.R. parts 160 through 164, and its implementing regulations, the Washington Uniform Healthcare Information Act (RCW 70.02), and any other federal or state laws or regulations governing the arrangements described in this EHR Access Agreement.
Term; Termination. This EHR Access Agreement shall commence as of the Effective Date and shall continue only through the date of the next required Virginia Mason EHR Access Agreement re-attestation (as determined by Virginia Mason). The terms, conditions and instructions regarding confidentiality, privacy and security of the EHR Data shall survive the expiration or termination of this EHR Access Agreement. Either party may terminate this EHR Access Agreement at any time for any reason upon thirty (30) days prior written notice. Notwithstanding the foregoing, Virginia Mason reserves the right to suspend or terminate EHR Data access for the Company and/or any of its Authorized Users, in the event Virginia Mason has reasonable cause based on privacy or security concerns, as determined in its sole discretion.
Miscellaneous. This EHR Access Agreement is not assignable in whole or in part by Company without the prior written consent of Virginia Mason. This EHR Access Agreement sets forth the parties' entire agreement and supersedes all prior oral and written agreements relating to the subject matter. Neither Company, nor any Authorized User or other workforce member of Company, shall be considered an employee of Virginia Mason.
I understand and agree to all the terms and conditions of the preceding EHR Access Agreement.
Do you agree to all the terms and conditions of the preceding EHR Access Agreement?