Business Associates Obligations Sample Clauses

Business Associates Obligations. BUSINESS ASSOCIATE agrees to: a. Not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law. In no event may BUSINESS ASSOCIATE use or further disclose PHI in a manner that would violate the Privacy Rule if done by the STATE, except as expressly provided in this Agreement and as required by 45 CFR §§ 164.502(a)(3), 164.502(a)(4) and 164.504(e)(2(ii)(A). b. Implement appropriate safeguards, and comply, where applicable, with the Security Rule to ensure the confidentiality, integrity, and availability of all EPHI the BUSINESS ASSOCIATE creates, receives, maintains, or transmits on behalf of the STATE; protect against any reasonably anticipated threats or hazards to the security or integrity of such information; prevent uses or disclosures of such information other than as provided for by this Agreement or as Required by Law; and ensure compliance with the HIPAA Rules by BUSINESS ASSOCIATE’s Workforce. 7 These safeguards include, but are not limited to:
Sample 1Sample 2See All (5)
AutoNDA by SimpleDocs
Business Associates Obligations. 5 Electronic Protected Health Information: 45 CFR §160.103 6 Protected Health Information: 45 CFR §160.103 7 45 CFR §164.402. BUSINESS ASSOCIATE agrees to: a. Not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law. In no event may BUSINESS ASSOCIATE use or further disclose PHI in a manner that would violate the Privacy Rule if done by the STATE, except as expressly provided in this Agreement and as required by 45 CFR §§ 164.502(a)(3), 164.502(a)(4) and 164.504(e)(2(ii)(A). b. Implement appropriate safeguards, and comply, where applicable, with the Security Rule to ensure the confidentiality, integrity, and availability of all EPHI the BUSINESS ASSOCIATE creates, receives, maintains, or transmits on behalf of the STATE; protect against any reasonably anticipated threats or hazards to the security or integrity of such information; prevent uses or disclosures of such information other than as provided for by this Agreement or as Required by Law; and ensure compliance with the HIPAA Rules by BUSINESS ASSOCIATE’s Workforce. 8 These safeguards include, but are not limited to:
Sample 1Sample 2
Business Associates Obligations. BUSINESS ASSOCIATE agrees to: a. Not use or disclose PHI other than as permitted or required by this Agreement or as Required By Law. In no event may BUSINESS ASSOCIATE use or further disclose PHI in a manner that would violate the Privacy Rule if done by COVERED ENTITY, except as expressly provided in this Agreement.12 b. Implement appropriate safeguards, and comply, where applicable, with the Security Rule to ensure the confidentiality, integrity, and availability of all EPHI BUSINESS ASSOCIATE creates, receives, maintains, or transmits on behalf of COVERED ENTITY; protect against any reasonably anticipated threats or hazards to the security or integrity of EPHI; prevent use or disclosure of EPHI other than as provided for by this Agreement or as Required By Law; and ensure compliance with the HIPAA Rules by BUSINESS ASSOCIATE’s Workforce.13 These safeguards include, but are not limited to:
Sample 1Sample 2
Business Associates Obligations. (a) Business Associate agrees not to use or disclose Protected Health Information other than as allowed by this Agreement, or as required by law. Additionally, Business Associate agrees to use appropriate safeguards to prevent use or disclosure of Protected Health Information except for those allowed or required purposes. (b) Business Associate agrees to report to Client any use or disclosure of the Protected Health Information not permitted by this Agreement of which it becomes aware. (c) Business Associate agrees to ensure that any agent, including a sube-Psychiatry, to whom it provides or allows access to Protected Health information agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. (d) At the reasonable request of Client, Business Associate agrees to provide Client access to Protected Health Information in a Designated Record Set, in order that Client may satisfy the individual access requirements of the Privacy Rule located at 45 CFR § 164.524 (e) Business Associate agrees that at the reasonable request of Client it will make available protected health information for amendment and incorporate any amendments to protected health information in accordance with §164.526. (f) Business Associate agrees that upon request, it will make its internal practices, books, and records, including policies and procedures relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of Client, available to the Secretary of the Department of Health and Human Services for purposes of the Secretary determining Client’s compliance with the Privacy Rule. (g) Business Associate agrees to document disclosures of Protected Health Information and information related to such disclosures as would be required for Client to respond to a request by an individual for an account of disclosures of Protected Health Information in accordance with 45 CFR § 164.528. Additionally, Business Associate agrees to provide the information relating to such documentation within a reasonable time of Client’s request for such information. (h) Upon termination of the Agreement, and so long as it is feasible, Business Associate will immediately return or destroy all Protected Health Information in its possession. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Busine...
Sample 1
Business Associates Obligations. 5.1 Handling of the PHI and Safeguards. Business Associate agrees to prevent access, use and/or disclosure of PHI other than as permitted or required by this BAA and/or applicable Privacy Laws, and will implement and use, at all times, appropriate administrative, physical and technical safeguards to (i) prevent access, use or disclosure of PHI other than as permitted by this BAA and/or Privacy Laws; and (ii) reasonably and appropriately protect the confidentiality, integrity, security, and availability of PHI.
Sample 1
Business Associates Obligations. 2.1. Business Associate Subject to Same Standards and Same Penalties as Provider. Business Associate will comply with the use and disclosure provisions of the Privacy Rule and the security standards regarding administrative, physical and technical safeguards of the Security Rule. As set forth in the HITECH Act, Business Associate will be subject to civil and criminal penalties for violation of the Privacy Rule or the Security Rule.
Sample 1
Business Associates Obligations. 3.1 Business Associate agrees that it is required under the amended HIPAA regulations to comply with, and shall comply with, the HIPAA Security Rule, including the Security Rule's Administrative, Physical, and Technical safeguard requirements.
Sample 1
AutoNDA by SimpleDocs
Business Associates Obligations. BUSINESS ASSOCIATE agrees to: a. Not use or disclose PHI other than as permitted or required by the Agreement or as Required By Law. In no event may BUSINESS ASSOCIATE use or further disclose PHI in a manner that would violate HIPAA if done by HHSC. b. Not use PHI to create de-identified information for purposes unrelated to the Contract without HHSC’s advance written approval. BUSINESS ASSOCIATE will use and request only the minimum PHI necessary to accomplish the permissible purpose of the use or request and shall comply with the minimum necessary standard under 45 C.F.R. § 164.502(b), as amended from time to time. c. Implement appropriate safeguards, and comply, where applicable, with the Security Rule to ensure the confidentiality, integrity, and availability of all PHI BUSINESS ASSOCIATE creates, receives, maintains, or transmits on behalf of HHSC; protect against any reasonably anticipated threats or hazards to the security or integrity of PHI; prevent use or disclosure of PHI other than as provided for by this Agreement or as Required by Law; and ensure compliance with the HIPAA Rules by BUSINESS ASSOCIATE’s Workforce. These safeguards include, but are not limited to: (i) Administrative Safeguards. BUSINESS ASSOCIATE shall implement policies and procedures to prevent, detect, contain, and correct security violations, and reasonably preserve and protect the confidentiality, integrity, and availability of PHI (which includes EPHI), as required by 45 C.F.R. § 164.308, and enforcing those policies and procedures, including sanctions for anyone not found in compliance; (ii) Technical and Physical Safeguards. BUSINESS ASSOCIATE shall implement appropriate technical safeguards, as required by 45 C.F.R. §§ 164.310 and 164.312, to protect PHI, including access controls, authentication, and transmission security, as well as implement appropriate physical safeguards to protect PHI, including workstation security and device and media controls; and
Sample 1
Business Associates Obligations. Both parties agree that Business Associate shall: 1. not use or further disclose the PHI other than as permitted by this Agreement; 2. use administrative, physical and technical safeguards to prevent use or disclosure of PHI and/or EPHI other than as permitted or required by this Agreement; 3. report to Covered Entity any use or disclosure of any PHI and/or EPHI, or a Security Incident of which Business Associate becomes aware that is not permitted by this Agreement; 4. ensure that any subcontractor or agent of Business Associate to whom Business Associate provides any PHI and/or EPHI agrees to the same restrictions and conditions that apply to Business Associate with regard to the use and/or disclosure of PHI pursuant to this section; 5. upon request by Covered Entity, make available to Covered Entity, or as directed by Covered Entity, to the Individual, such PHI contained in a Designated Record Set maintained by Business Associate as necessary to allow Covered Entity to respond to a request for access to PHI as required by HIPAA; 6. incorporate any amendments or corrections to the PHI in its possession that constitutes a Designated Record Set maintained by Business Associate as required by HIPAA; 6. document disclosures of PHI in the same manner as would be required of Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI as required by HIPAA; 7. make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary of U.S. Department of Health and Human Services (“DHHS”) for purposes of determining Covered Entity’s compliance with HIPAA; and 8. except as provided for herein, or as required by law, upon termination of this Agreement and/or the Service Agreement, return to Covered Entity or destroy the PHI and retain no copies in any form, if feasible. If Business Associate determines that returning or destroying the PHI is infeasible, Business Associate agrees to extend the protections, limitations and restrictions of this section to such PHI and to limit any further uses and/or disclosures of such PHI retained to the purposes that make the return or destruction of the PHI infeasible, for as long as Business Associate maintains such PHI.
Sample 1
Business Associates Obligations. Business Associate acknowledges and agrees that PHI that is created, maintained, transmitted or received by Covered Entity and disclosed or made available in any form to Business Associate, or PHI which, on behalf of Covered Entity, is created, maintained, transmitted or received by Business Associate, shall be subject to this Agreement. Business Associate agrees not to use or disclose PHI other than as permitted or required by this BA Agreement or as Required by Law. Business Associate may: a) use or disclose PHI to perform the Services for, or on behalf of, Covered Entity, provided that such use or disclosure would not violate the HIPAA if done by Covered Entity; b) use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate and disclose PHI for the proper management and administration of Business Associate, provided that disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; and c) use or disclose PHI for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the parties evidencing their business relationship.
Sample 1
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!