Activities of Business Associate. Business Associate agrees to:
Activities of Business Associate. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this Agreement or as Required By Law. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. Business Associate agrees to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any electronic Protected Health Information that Business Associate creates, receives, maintains or transmits on behalf of Covered Entity, as provided for in the Security Rule. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware. Business Associate also agrees to report to Covered Entity any security incident, including all data breaches whether internal or external, related to Protected Health Information of which Business Associate becomes aware. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. Business Associate agrees to provide access, at the request of Covered Entity and during normal business hours, to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR §164.524, provided that Covered Entity delivers to Business Associate a written notice at least five (5) business days in advance of requesting such access. This provision does not apply if Business Associate and its employees, subcontractors and agents have no Protected Health Information in a Designated Record Set of Covered Entity. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526, at the r...
Activities of Business Associate. (a) Business Associate agrees to not use or further disclose Protected Health Information (PHI) other than as permitted or required by the Agreement or as Required by Law, or applicable regulations, including by way of example only, the Privacy Rule.
Activities of Business Associate. Business Associate agrees to comply with applicable federal and state confidentiality and security laws, including the provisions of HIPAA and the HITECH Act applicable to Business Associates, including but not limited to: Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required by Law. Business Associate agrees to limit its use, disclosure and requests for PHI to the minimum necessary PHI to accomplish the intended purpose of such use, disclosure or request. Business Associate agrees to comply with all applicable federal and state laws, including the Privacy Rule and Security Rule, and to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by the Agreement. In particular, Business Associate shall comply with 45 C.F.R. §§164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards) and 164.316 (policies and procedures and documentation requirements). Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate involving a use or disclosure of PHI in violation of the requirements of this BAA (including, without limitation, any Security Incident or Breach of Unsecured PHI). Business Associate agrees to reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this BAA and/or any Security Incident or Breach. Business Associate shall also reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices to the Individual, a regulatory body or any third party required to be made under HIPAA and the HITECH Act, or any other applicable Federal or State laws, rules, or regulations, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity.
Activities of Business Associate. Business Associate agrees to: (a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;
Activities of Business Associate. Business Associate agrees to: Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law. Use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement. Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware. If a breach should occur and business associate suspects protected health information has become compromised, the business associate shall report exclusively to the covered entity. The covered entity discloses information outside the association, after receiving the advice of the business associate. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. Make available protected health information in a designated record set to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.524. Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR 164.526. Maintain and make available the information required to provide an accounting of disclosures to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.528. To the extent the business associate is to carry out one or more of covered entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s). Make its internal practices, books, and records available to federal and state compliance officers for purposes of determining compliance with the HIPAA Rules.
