Contact The ROI Companies

Baltimore Area
1920 Greenspring Dr.
Suite 200
Timonium, MD 21093 

Boston Area
85 Prescott Street
Suite 402
Worcester, MA 01605

Cleveland Area
25001 Emery Road
Suite 250
Warrensville Heights, OH 44128

Philadelphia Area
330 South Warminster Road
Station Park, Suite 345
Hatboro, PA 19040


We agree to be bound by the terms of this contract to the extent that: (a) you are our client that is a “covered entity” under the administrative simplification provision of the Health Insurance Portability and Accountability Act of 1996 and its Privacy Rule and Security Rule (“HIPAA”), as may be amended or otherwise modified by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009; and (b) we are acting as your “business associate” under HIPAA and the HITECH Act. This contract supersedes and replaces any prior contract we sent to you or posted on our web site. Terms used in this contract have the meanings given them in HIPAA and the HITECH Act except that “protected health information” shall be limited to the protected health information created or received by or on behalf of you.

1. We may use protected health information for the purpose of providing billing, collections, coding, medical records management, or similar revenue cycle management services to you. Nothing in this contract permits any use or disclosure that you are not permitted to make under HIPAA, except that we may use and disclose protected health information for the proper management and administration of our law firm and to carry out our responsibilities, as long as, in the case of any disclosure for these purposes, either: (a) the disclosure is required by law; or (b) we obtain reasonable assurances from the person to whom we disclose the protected health information that it will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed to such person, and that the person will notify us of any instances of which it is aware in which the confidentiality of the information has been breached.

2. We will:

  2.1 Not use or further disclose your protected health information except as permitted or required by this contract, by our engagement for services by you, or as required by law. 

  2.2 Use appropriate safeguards to prevent use or disclosure of your protected health information other than as permitted by this contract and implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on your behalf. 

  2.3 Report to you: (a) any use or disclosure of your protected health information not provided for by this contract of which we become aware; (b) any security incident involving electronic protected health information of which we become aware; and/or (c) any breach of your unsecured protected health information that we discover. The timing of the report will be consistent with our obligations, including the HITECH Act’s breach notification requirements, and the level of risk reasonably likely to be presented by the use, disclosure, incident, or breach. 

2.4 Ensure that our agents and subcontractors to whom we provide your protected health information agree to the restrictions and conditions that apply to us with respect to such information and, with respect to any electronic protected health information, agree to implement reasonable and appropriate safeguards to protect it. 

  2.5 Make available your protected health information to you so you can meet your obligations to provide individual access to such protected health information, if you instruct us to do so. 

  2.6 Make available your protected health information so you can meet your obligations to amend incomplete or inaccurate protected health information and incorporate any amendments as you may instruct. 

  2.7 Report to you, upon your request, all disclosures of protected health information by us, as necessary to enable you to comply with your obligation to account for uses and disclosures of protected health information. We will report only those disclosures for which you would be required to provide an accounting. We ask that you not direct an individual to request an accounting of disclosure directly from us.

  2.8 Make our internal practices, books, and records relating to the use and disclosure of protected health information available to the Secretary of the United States Department of Health and Human Services (“Secretary”), for purposes of determining your compliance with your legal obligations. Unless otherwise required by law or authorized by you in writing, however, we will not disclose any confidential or privileged information that we receive from you or create on your behalf to the Secretary. This contract does not waive or amend either the attorney-client privilege, the attorney work product doctrine, or other privileges or protections. 

  2.9 Upon termination of our business relationship, return or destroy all protected health information that we maintain in any form and retain no copies of such information or, if return or destruction is not feasible, extend the protections of this contract to such information and limit further use and disclosure of the information to those purposes that make the return or destruction of the information infeasible. Because of our responsibility to maintain a record of the services we provide, return or destruction of the information generally will not be feasible. 

3. With respect to any business associate functions, we will comply with the provisions of the HIPAA Security Rule that are made applicable to business associates by the HITECH Act, including the administrative, physical, and technical standards of the Security Rule and the requirements to maintain policies, procedures, and documentation of security activities.  

4. To the extent required by the HITECH Act, any privacy or security requirement under the HITECH Act that is applicable to you, as a covered entity, shall be incorporated into this contract and shall apply to us.

5. You may immediately terminate your relationship with us if you determine that we have violated a material term of this contract. 

6. Nothing express or implied in this contract is intended to, or does, confer upon any other person or entity any rights, remedies, obligations, or liabilities whatsoever. 

7. This contract is to be interpreted consistently with our obligation of reasonable care in the performance of our services on your behalf as our client.

8. We may amend this contract by posting amendments on our web site. The amendments will become effective upon posting.




    Print Name:  Christopher G. Wunder, President

    Date: May 26, 2011