Compliance with DHCS Obligations. To the extent Business Associate is to carry out an obligation of DHCS under 45 CFR Part 164, Subpart E, comply with the requirements of the subpart that apply to DHCS in the performance of such obligation.
Compliance with DHCS Obligations. To the extent Business Associate is to carry out an obligation of DHCS under 45 CFR Part 164, Subpart E, comply with the requirements of the subpart that apply to DHCS in the performance of such obligation. Access to Practices, Books and Records Business Associate shall make its internal practices, books, and records relating to the use and disclosure of PHI on behalf of DHCS available to DHCS upon reasonable request, and to the federal Secretary of Health and Human Services for purposes of determining DHCS’ compliance with 45 CFR Part 164, Subpart E. Return or Destroy PHI on Termination; Survival At termination of this Agreement, if feasible, Business Associate shall return or destroy all PHI and other confidential information received from, or created or received by Business Associate on behalf of, DHCS that Business Associate still maintains in any form and retain no copies of such information. If return or destruction is not feasible, Business Associate shall notify DHCS of the conditions that make the return or destruction infeasible, and DHCS and Business Associate shall determine the terms and conditions under which Business Associate may retain the PHI. If such return or destruction is not feasible, Business Associate shall extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. Special Provision for SSA Data If Business Associate receives data from or on behalf of DHCS that was verified by or provided by the Social Security Administration (SSA data) and is subject to an agreement between DHCS and SSA, Business Associate shall provide, upon request by DHCS, a list of all employees and agents and employees who have access to such data, including employees and agents of its agents, to DHCS. Breaches and Security Incidents Business Associate shall implement reasonable systems for the discovery and prompt reporting of any breach or security incident, and take the following steps: Notice to DHCS Business Associate shall notify DHCS immediately upon the discovery of a suspected breach or security incident that involves SSA data. This notification will be provided by email upon discovery of the breach. If Business Associate is unable to provide notification by email, then Business Associate shall provide notice by telephone to DHCS. Business Associate shall notify DHCS within 24 hours by email (or by telephone if Business Associa...
