Common use of Confidentiality Requirements Clause in Contracts

Confidentiality Requirements. (A) Business Associate agrees: (i) to use or disclose any Protected Health Information solely: (1) for meeting its obligations as set forth in any agreements between the Parties evidencing their business relationship, or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security Rule; (ii) at termination of this Agreement, or any similar documentation of the business relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will extend the protections of this Agreement to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii) to ensure that its agents, including a subcontractor, to whom it provides Protected Health Information received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply to Business Associate with respect to such information. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this Agreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. (B) Notwithstanding the prohibitions set forth in this Agreement, Business Associate may use and disclose Protected Health Information as follows: (i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: (a) the disclosure is required by law, not merely permitted by law; or (b) Business Associate obtains reasonable written assurances from the person or party to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person or party, and the person or party notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; (ii) for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities.

Confidentiality Requirements. (A) Business Associate agrees: (i) to use or disclose any Protected Health Information solely: : (1) for meeting its obligations as set forth in any agreements between necessary to carry out Business Associate’s responsibilities and duties under the Parties evidencing their business relationship, or Agreement; and (2) as As required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security RuleLaw; (ii) at termination of this AgreementAppendix, the Agreement or any similar documentation of the business relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will shall promptly return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will shall extend the protections of this Agreement Appendix to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii) to To ensure that any and all its agents, including a subcontractorsubcontractors, to whom it provides Protected Health Information received from or created by Business Associate on behalf of Covered Entity, agrees in writing to the same restrictions and conditions that apply to Business Associate with respect to such information. In addition, Business Associate agrees to take reasonable steps to ensure that the actions and omissions of its employees’ actions or omissions ', agents and subcontractors do not cause Business Associate to breach the terms of this Agreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business AssociateAppendix. (B) Notwithstanding the prohibitions set forth in this Agreement, Business Associate may use and disclose Protected Health Information as follows: (i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: (a) the disclosure is required by law, not merely permitted by law; or (biv) Business Associate obtains reasonable written assurances from the person or party to whom the information is disclosed represents and warrants that it will Emblem’s data shall not be held confidentially and processed, stored, used or further disclosed only as required accessed in any way by law a subsidiary or for affiliate or subcontractor or a system that can be considered “offshore.” The term “offshore” refers to any country that is not one of the purpose for which it was disclosed to fifty United States or one of the person or partyUnited States Territories (American Samoa, Guam, Northern Marianas, Puerto Rico, and Virgin Islands). Examples of countries that meet the person definition of “offshore” include Mexico, Canada, India, Germany, and Japan. Subsidiaries or party notifies Business Associate affiliates or subcontractors that are considered offshore entities can be either American-owned companies with certain portions of any instances of which it is aware in which the confidentiality their operations performed outside of the information has been breached; (ii) for data aggregation services, if to be provided by Business Associate for the health care United States or foreign-owned companies with their operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations performed outside of the respective covered entitiesUnited States. Offshore entities provide services that are performed by workers located in offshore countries, regardless of whether the workers are employees of American or foreign companies.

Confidentiality Requirements. (A) Business Associate agrees: (i) to use or disclose any Protected Health Information solely: : (1) for meeting its obligations as set forth in any agreements between the Parties evidencing their business relationship, or or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security Rule; (ii) at termination of this Agreement, or any similar documentation of the business relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will extend the protections of this Agreement to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii) to ensure that its agents, including a subcontractor, to whom it provides Protected Health Information received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply to Business Associate with respect to such information. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this Agreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. (B1) Notwithstanding the prohibitions set forth in this Agreement, Business Associate may use and disclose Protected Health Information as follows: (i) if If necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: (a) the disclosure is required by law, not merely permitted by law; or (b) Business Associate obtains reasonable written assurances from the person or party to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person or party, and the person or party notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; (ii) for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities. (c) Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this Agreement. The Secretary of Health and Human Services shall have the right to audit Business Associate’s records and practices related to uses and disclosures of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA Privacy Rule and Security Rule. Business Associate shall timely report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this Agreement of which it becomes aware.

Confidentiality Requirements. (A) Business Associate agrees: (i) to use or disclose any Protected Health Information solely: (1) for meeting its obligations as set forth in any agreements between the Parties evidencing their business relationship, or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security Rule; (ii) at termination of this Agreement, or any similar documentation of the business relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will extend the protections of this Agreement to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii) to ensure that its agents, including a subcontractor, to whom it provides Protected Health Information received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply to Business Associate with respect to such information. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this Agreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. (B) Notwithstanding the prohibitions set forth in this Agreement, Business Associate may use and disclose Protected Health Information as follows: (i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: (a) the disclosure is required by law, not merely permitted by law; or (b) Business Associate obtains reasonable written assurances from the person or party to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person or party, and the person or party notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; (ii) for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities. (C) Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this Agreement. The Secretary of Health and Human Services shall have the right to audit Business Associate’s records and practices related to uses and disclosures of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA Privacy Rule and Security Rule. Business Associate shall timely report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this Agreement of which it becomes aware.

Confidentiality Requirements. (A) Business Associate agrees: (i) to use or disclose any Protected Health Information solely: : (1) for meeting its obligations as set forth in any agreements between necessary to carry out Business Associate’s responsibilities and duties under the Parties evidencing their business relationship, or Agreement; and (2) as As required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security RuleLaw; (ii) at termination of this AgreementAmendment, the Agreement or any similar documentation of the business relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will shall promptly return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will shall extend the protections of this Agreement Amendment to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii) to To ensure that any and all its agents, including a subcontractorsubcontractors, to whom it provides Protected Health Information received from or created by Business Associate on behalf of Covered Entity, agrees in writing to the same restrictions and conditions that apply to Business Associate with respect to such information. In addition, Business Associate agrees to take reasonable steps to ensure that the actions and omissions of its employees’ actions or omissions ', agents and subcontractors do not cause Business Associate to breach the terms of this Agreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business AssociateAmendment. (B) Notwithstanding the prohibitions set forth in this Agreement, Business Associate may use and disclose Protected Health Information as follows: (i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: (a) the disclosure is required by law, not merely permitted by law; or (biv) Business Associate obtains reasonable written assurances from the person or party to whom the information is disclosed represents and warrants that it will Emblem’s data shall not be held confidentially and processed, stored, used or further disclosed only as required accessed in any way by law a subsidiary or for affiliate or subcontractor or a system that can be considered “offshore.” The term “offshore” refers to any country that is not one of the purpose for which it was disclosed to fifty United States or one of the person or partyUnited States Territories (American Samoa, Guam, Northern Marianas, Puerto Rico, and Virgin Islands). Examples of countries that meet the person definition of “offshore” include Mexico, Canada, India, Germany, and Japan. Subsidiaries or party notifies Business Associate affiliates or subcontractors that are considered offshore entities can be either American-owned companies with certain portions of any instances of which it is aware in which the confidentiality their operations performed outside of the information has been breached; (ii) for data aggregation services, if to be provided by Business Associate for the health care United States or foreign-owned companies with their operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations performed outside of the respective covered entitiesUnited States. Offshore entities provide services that are performed by workers located in offshore countries, regardless of whether the workers are employees of American or foreign companies.