Common use of Audit, Inspection and Enforcement Clause in Contracts

Audit, Inspection and Enforcement. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores, and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered Entity’s efforts to audit Business Associate’s compliance with applicable HIPAA Rules. If, through audit or inspection, Covered Entity determines that Business Associate’s conduct would result in violation of the HIPAA Rules or is in violation of the Contract or this Agreement, Business Associate shall promptly remedy any such violation and shall certify completion of its remedy in writing to Covered Entity. Appropriate Safeguards. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as provided in this Agreement. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures. Business Associate shall maintain the confidentiality of passwords and other data required for accessing this information. Business Associate shall extend protection beyond the initial information obtained from Covered Entity to any databases or collections of PHI containing information derived from the PHI. The provisions of this Section 3.l shall be in force unless PHI is de-identified in conformance to the requirements of the HIPAA Rules.

Audit, Inspection and Enforcement. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores, stores and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered Entity’s efforts to audit Business Associate’s compliance with applicable HIPAA Rules. If, through audit or inspection, Covered Entity determines that Business Associate’s conduct would result in violation of the HIPAA Rules or is in violation of the Contract or this Agreement, Business Associate shall promptly remedy any such violation and shall certify completion of its remedy in writing to Covered Entity. Appropriate Safeguards. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as provided in this Agreement. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures. Business Associate shall maintain the confidentiality of passwords and other data required for accessing this information. Business Associate shall extend protection beyond the initial information obtained from Covered Entity to any databases or collections of PHI containing information derived from the PHI. The provisions of this Section 3.l section shall be in force unless PHI is de-identified in conformance to the requirements of the HIPAA Rules.