Business Activities of the Business Associate. Unless otherwise limited herein and if such use or disclosure of PHI would not violate the Privacy or Security Rules if done by the Covered Entity, the Business Associate may:
(a) use the PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws.
(b) disclose the PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to Covered Entity, in writing, that (i) the disclosures are required by law, as provided for in 45 CFR § 103 or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such PHI as required under 45 CFR § 164.504(e)(4) and § 164.314, and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(c) Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
Business Activities of the Business Associate. Unless otherwise limited herein and only if such use or disclosure of PHI would not violate the Privacy or Security Rules if done by UCMC, the Business Associate may:
a. use the PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws.
b. disclose the PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate hereby represents to UCMC that (i) the disclosures are required by law, as provided for in 45 CFR § 103, but subject to Section 3(c) below, or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such PHI as required under 45 CFR §§ 164.504(e)(4) and 164.314, and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Business Associate may provide data aggregation services relating to the health care operations of UCMC only to the extent set forth in an agreement memorializing the Underlying Arrangement.
Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may:
a. use the Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws.
b. disclose the Protected Health Information in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to the Covered Entity, in writing, that (i) the disclosures are required by law, as provided for in 45 C.F.R. § 164.501 or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such Protected Health Information as required under 45 C.F.R. § 164.504(e)(4).
Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may: Use the PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws. Disclose the PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to the Covered Entity, in writing, that (i) the disclosures are Required by Law, as that phrase is defined in 45 CFR §164.103 or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such PHI as required under 45 CFR §164.504(e)(4), and the third party agrees in writing to notify Business Associate of any instances of which it becomes aware that the confidentiality of the information has been breached.
Business Activities of the Business Associate. Unless otherwise limited herein and if such use or disclosure of PHI would not violate the Privacy or Security Rules if done by the Covered Entity, the Business Associate may:
F.2.2.1. Use the PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate to the Covered Entity provided that such uses are permitted under state and federal confidentiality laws.
F.2.2.2. Disclose the PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate to the Covered Entity, provided that the Business Associate represents to Covered Entity, in writing, that (i) the disclosures are required by law, as provided for in 45 C.F.R. §164.103 or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such PHI as required under 45 C.F.R. § 164.504(e)(4) and §164.314, and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
F.2.2.3. Provide data aggregation or de-identification services relating to the health care operations of the Covered Entity, for the Covered Entity. Business Associate may not de- identify Protected Health Information except as required by the Service Agreement. To the extent data aggregation or de-identification services are performed, Business Associate is prohibited from using or disclosing any such aggregated or de-identified information for its own purposes without the prior written consent of Covered Entity. Business Associate is further prohibited from disclosing such de-identified information to any third party who may attempt to re-identify such information, in violation of 45 C.F.R. 164 F.3. Responsibilities of the Parties with Respect to PHI.
Business Activities of the Business Associate. Unless otherwise limited herein the Business Associate may:
a. Use the Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such are permitted under State and Federal laws.
b. Disclose the Protected Health Information in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to the Covered Entity, in writing, that (i) the disclosures are required by law, as that phrase is defined in 45 C.F.R. § 164.501 or (ii) the Business Associate has received from the third party written assurances regarding the confidential handling of such Protected Health Information as required by 45 C.F.R. § 164.504 (e) (4), and the third party agrees in writing to notify Business Associate of any instances of which it becomes aware that the confidentiality of the information has been breached.
Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may use and disclose the Protected Health Information in its possession for its proper management and administration and to fulfill its present or future legal responsibilities provided such uses are permitted under state and federal confidentiality laws. The Business Associate represents to the Covered Entity that (a) any disclosure it makes will be required under applicable laws, or (b) the Business Associate will obtain reasonable written assurances from any person to whom the Protected Health Information will be disclosed that (i) the Protected Health Information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and (ii) the person will notify the Business Associate within three (3) business days of any instances of which it is aware in which the confidentiality of the Protected Health Information has been breached. The Business Associate will notify the Covered Entity within three (3) business days of any instance of which it is aware in which the confidentiality of the Protected Health Information has been breached.
Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may: Use the Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws. Disclose the Protected Health Information in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to the Covered Entity, in writing, that (i) the disclosures are Required by Law, as that phrase is defined in 45 CFR §164.501 or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such Protected Health Information as required under 45 CFR §164.504(e)(4), and the third party agrees in writing to notify Business Associate of any instances of which it becomes aware that the confidentiality of the information has been breached.
Business Activities of the Business Associate. Unless otherwise limited herein and if such use or disclosure of PHI would not violate the Privacy or Security Rules if done by the Covered Entity, the Business Associate may:
1. Use the PHI in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws;
2. Disclose the PHI in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to Covered Entity, in writing, that (i) the disclosures are required by law, as defined within 45 C.F.R. §164.501; or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such PHI as required under 45 C.F.R. §164.504(e)(4) and §164.314, and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; and
3. Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may:
a. Use PHI for the Business Associate’s proper management and administration, and to carry out any of its legal responsibilities.
b. Disclose PHI to third parties for the purpose of the Business Associate’s proper management and administration, and to carry out any of its legal responsibilities; provided that:
(i) Such disclosures shall only be made if (1) Required by Law, or (2) if the Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that it shall be held confidentially, and be used or further disclosed only as Required by Law or the purpose for which it was disclosed to that third party; and
(ii) The third party shall notify the Business Associate of any instances of which it is aware that the confidentiality of the information has been breached. Upon receiving such notice, the Business Associate shall notify the Covered Entity of such breach of confidentiality in accordance with Section 2.1(e) herein.
c. Provide data aggregation services related only to the Covered Entity’s Health Care Operations as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B). Under no circumstances shall the Business Associate disclose the Covered Entity’s PHI to another covered entity to whom the Business Associate also provides data aggregation services without the Covered Entity’s express authorization.
d. De-identify any and all PHI provided that the de-identification conforms to the requirements of 45 C.F.R. §164.514(b). De-identified information does not constitute PHI and is not subject to the terms of this Amendment.
