Common use of Confidentiality Requirements Clause in Contracts

Confidentiality Requirements. a. Business Associate agrees: i. to use or disclose any Protected Health Information solely: (A) for meeting its obligations as set forth in the Services Agreement, or (B) as Required By Law. ii. upon termination of this BAA, the Services Agreement, or upon request of Covered Entity, whichever occurs first, if feasible, to return or destroy all Protected Health Information received from Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to extend the protections of this BAA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and iii. to ensure that its agents (including subcontractors) to whom it provides Protected Health Information agree to the same restrictions and conditions that apply to Business Associate with respect to such Information. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this BAA. b. Notwithstanding the prohibitions set forth in this BAA, Business Associate may use and disclose Protected Health Information if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: i. the disclosure is Required By Law; or ii. Business Associate obtains reasonable assurances from the person to whom the Information is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the Information has been breached. c. Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAA. The Secretary of Health and Human Services will have the right to audit Business Associate’s records and practices related to use and disclosure of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA Rules. Business Associate will report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware.

Confidentiality Requirements. a. Business Associate (a) Phoenix Preferred Care agrees: i. (i) to use or disclose any Protected Health Information solely: (A1) for meeting its obligations as set forth in the Services this contract between Parties evidencing their business relationship or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom AMCBE@ is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule, and (B3) as Required By Law.would be permitted by the HIPAA Privacy Rule if such use or disclosure were made by AMCBE@; (ii. upon ) at termination of this BAA, the Services Agreement, or upon request of Covered EntityAMCBE@, whichever occurs first, if feasible, to Phoenix Preferred Care will return or destroy all Protected Health Information received from Covered Entity that or created or received by Business Associate on behalf of AMCBE@ that Phoenix Preferred Care still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to Phoenix Preferred Care will extend the protections of this BAA Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii. ) to ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information agree received from or created by Phoenix Preferred on behalf of AMCBE@, agrees to the same restrictions and conditions that apply to Business Associate Phoenix Preferred Care with respect to such Informationinformation. In addition, Business Associate Phoenix Preferred Care agrees to take reasonable steps to ensure that its employees’ ' actions or omissions do not cause Business Associate Phoenix Preferred Care to breach the terms of this BAAAgreement. b. (b) Notwithstanding the prohibitions set forth in this BAAAgreement, Business Associate Phoenix Preferred Care may use and disclose Protected Health Information as follows: (I) if necessary, for the proper management and administration of Business Associate Mental Health Services or to carry out the legal responsibilities of Business AssociatePhoenix Preferred Care, provided that as to any such disclosure, the following requirements are met: i. the (A) The disclosure is Required By Lawrequired by law; or ii. Business Associate (B) Phoenix Preferred Care obtains reasonable assurances from the person to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate Phoenix Preferred Care of any instances of which it is aware in which the confidentiality of the Information information has been breached.; c. Business Associate will implement appropriate safeguards (ii) for data aggregation services, if to prevent use or disclosure be provided by Phoenix Preferred Care for the health care operations of “MCBE” pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information other than as permitted in this BAA. The Secretary of Health and Human Services will have the right to audit Business Associate’s records and practices related to use and disclosure of Protected Health Information to ensure Covered Entity’s compliance by Phoenix Preferred Care with the terms protected health information received by Phoenix Preferred Care its capacity pursuant to this agreement, to permit data analyses that relate to the health care operations of the HIPAA Rules. Business Associate will report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes awarerespective covered entities.

Confidentiality Requirements. a. A. Business Associate agrees: i. to use or disclose any Protected Health Information solely: (A1) for meeting its obligations as set forth in any agreements between the Services Parties evidencing their business relationship, or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or (B) as Required By Law.the HIPAA Privacy Rule or Security Rule; ii. upon at termination of this BAAAgreement, or any similar documentation of the Services Agreementbusiness relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, to Business Associate will return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to Business Associate will extend the protections of this BAA Agreement to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and iii. to ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information agree received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply to Business Associate with respect to such Informationinformation. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ , actions or omissions do not cause Business Associate to breach the terms of this BAAAgreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. b. B. Notwithstanding the prohibitions set forth in this BAAAgreement, Business Associate may use and disclose Protected Health Information as follows: 1. if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: i. : (a) the disclosure is Required By Lawrequired by law, not merely permitted by law; or ii. or (b) Business Associate obtains reasonable written assurances from the person or party to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the personperson or party, and the person or party notifies Business Associate of any instances of which it is aware in which the confidentiality of the Information information has been breached; 2. for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities. c. C. Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAAAgreement. The Secretary of Health and Human Services will shall have the right to audit Business Associate’s records and practices related to use uses and disclosure disclosures of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA RulesPrivacy Rule and Security Rule. Business Associate will shall timely report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA Agreement of which it becomes aware.

Confidentiality Requirements. a. (A) Business Associate agrees: i. (i) to use or disclose any Protected Health Information solely: : (A1) for meeting its obligations as set forth in any agreements between the Services Parties evidencing their business relationship, or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security Rule; (Bii) as Required By Law. ii. upon at termination of this BAAAgreement, or any similar documentation of the Services Agreementbusiness relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, to Business Associate will return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to Business Associate will extend the protections of this BAA Agreement to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii. ) to ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information agree received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply to Business Associate with respect to such Informationinformation. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this BAAAgreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. b. (1) Notwithstanding the prohibitions set forth in this BAAAgreement, Business Associate may use and disclose Protected Health Information if as follows: (i) If necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: i. (a) the disclosure is Required By Lawrequired by law, not merely permitted by law; or ii. (b) Business Associate obtains reasonable written assurances from the person or party to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the personperson or party, and the person or party notifies Business Associate of any instances of which it is aware in which the confidentiality of the Information information has been breached; Arkansas Department of Health Business Associate Agreement BAA_v1.0_2013 (ii) for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities. c. (c) Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAAAgreement. The Secretary of Health and Human Services will shall have the right to audit Business Associate’s records and practices related to use uses and disclosure disclosures of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA RulesPrivacy Rule and Security Rule. Business Associate will shall timely report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA Agreement of which it becomes aware.

Confidentiality Requirements. a. A. Business Associate agrees: i. : • to use or disclose any Protected Health Information solely: (A) PHI solely for meeting its obligations as set forth in any agreements between the Services Parties evidencing their business relationship, OR as required by applicable law, rule or regulation, or by accrediting or credentialing organizations to whom CCDOV is required to disclose such information or as otherwise permitted under this Agreement, or (B) as Required By Law. ii. upon the HIPAA Privacy Rule; • at termination of this BAAAgreement, or any similar documentation of the Services Agreementbusiness relationship of the Parties, or upon request of Covered EntityCCDOV, whichever occurs first, if feasible, to Business Associate will return or destroy all Protected Health Information PHI received from Covered Entity or created or received by Business Associate on behalf of CCDOV, that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is in not feasible, to Business Associate will extend the protections of this BAA Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the this information not feasible; and iii. and • to ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information agree PHI received from or created by Business Associate on behalf of CCDOV agrees to the same restrictions and conditions that apply to Business Associate Agreement Business Associate with respect to such Informationinformation. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ employee’s actions or omissions do not cause Business Associate to breach the terms of this BAAAgreement. b. B. Notwithstanding the prohibitions set forth in this BAAAgreement, Business Associate may use and disclose Protected Health Information if PHI as follows: • If necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: i. 1. the disclosure is Required By Lawrequired by law; or ii2. Business Associate obtains reasonable assurances from the person to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the Information PHI has been breached. c. Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAA. The Secretary of Health and Human Services will have the right to audit Business Associate’s records and practices related to use and disclosure of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA Rules. Business Associate will report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware.;

Confidentiality Requirements. a. Business Associate agrees: i. to A. CLEARINGHOUSE shall use or disclose any Protected Health Information solely: (A) protected health information solely for meeting its obligations the purposes of submitting delinquent debts to the North Carolina Department of Revenue, on behalf of local agencies, pursuant to the Setoff Debt Collection Act, Article 1 of Chapter 105A of the North Carolina General Statutes, as set forth in permitted or required by the Services Agreement, or (B) as Required By Law.required by law; ii. upon termination of this BAA, the Services Agreement, or upon request of Covered Entity, whichever occurs first, if feasible, to return or destroy all Protected Health Information received from Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to extend the protections of this BAA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and iii. to B. CLEARINGHOUSE shall ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information agree protected health information received from or created by CLEARINGHOUSE on behalf of CLAIMANT AGENCY, agrees to the same restrictions and conditions that apply to Business Associate CLEARINGHOUSE with respect to such Information. In addition, Business Associate agrees to information. C. CLEARINGHOUSE shall take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate CLEARINGHOUSE to breach the terms of this BAAXX Xxxxx; D. CLEARINGHOUSE shall implement appropriate safeguards to prevent use or disclosure of protected health information other than as permitted or required by this XX Xxxxx; X. XXXXXXXXXXXXX shall permit the Secretary of Health and Human Services to audit CLEARINGHOUSE’s records and practices related to use and disclosure of protected health information to ensure CLAIMANT AGENCY’s compliance with the terms of the HIPAA Privacy Rule; F. CLEARINGHOUSE shall report to CLAIMANT AGENCY any use or disclosure of protected health information which is not in compliance with the terms of this XX Xxxxx of which it becomes aware; and G. CLEARINGHOUSE shall mitigate, to the extent practicable, any harmful effect that is known to CLEARINGHOUSE of a use or disclosure of protected health information by CLEARINGHOUSE in violation of the requirements of this XX Xxxxx. b. H. Notwithstanding the prohibitions set forth in this BAAXX Xxxxx or the Agreement, Business Associate CLEARINGHOUSE may use and disclose Protected Health Information protected health information if necessary, for the proper management and administration of Business Associate CLEARINGHOUSE or to carry out the legal responsibilities of Business AssociateCLEARINGHOUSE, provided that as to any such disclosure, the following requirements are met: i. the disclosure is Required By Lawrequired by law; or ii. Business Associate CLEARINGHOUSE obtains reasonable assurances from the person to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate CLEARINGHOUSE of any instances of which it is aware in which the confidentiality of the Information information has been breached. c. Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAA. The Secretary of Health and Human Services will have the right to audit Business Associate’s records and practices related to use and disclosure of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA Rules. Business Associate will report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware.

Confidentiality Requirements. a. (A) Business Associate irrevocably agrees: i. (i) to use or disclose any Protected Health Information solely: (A1) for meeting its obligations as set forth in any agreements between the Services Parties evidencing their business relationship, or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or the HIPAA Privacy Rule or Security Rule; and (Bii) as Required By Law. ii. upon at termination of this BAAAgreement, or any similar documentation of the Services Agreementbusiness relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, to Business Associate will return or destroy all Protected Health Information received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to Business Associate will extend the protections of this BAA Agreement to the information in perpetuity and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and (iii. ) to ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information received from or created by Business Associate on behalf of Covered Entity, agree to the same restrictions and conditions that apply to Business Associate with respect to such Informationinformation. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this BAAAgreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. b. (B) Notwithstanding the prohibitions set forth in this BAAAgreement, Business Associate may use and disclose Protected Health Information only as follows: (i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: i. (a) the disclosure is Required By Lawrequired by law, not merely permitted by law; or ii. (b) Business Associate obtains reasonable written assurances from the person or party to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the personperson or party, and the person or party promptly notifies Business Associate of any instances of which it is aware in which the confidentiality of the Information information has been breached; (ii) for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities. c. (C) Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAAAgreement. The Secretary of Health and Human Services will shall have the right to audit Business Associate’s records and practices related to use uses and disclosure disclosures of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA RulesPrivacy Rule and Security Rule. Business Associate will shall timely report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA Agreement of which it becomes aware.

Confidentiality Requirements. a. Business Associate agrees: i. to use or disclose any Protected Health Information PHI solely: (A1) for meeting its obligations as set forth in any agreements between the Services Parties evidencing their business relationship, or (2) as required by applicable law, rule, or regulation, or by accrediting or credentialing organization to whom Covered Entity is required to disclose such information or as otherwise permitted under this Agreement, or (B) as Required By Law. the HIPAA Privacy Rule or Security Rule; ii. upon at termination of this BAAAgreement, or any similar documentation of the Services Agreementbusiness relationship of the Parties, or upon request of Covered Entity, whichever occurs first, if feasible, to Business Associate will return or destroy all Protected Health Information PHI received from or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and will retain no copies of such information, or if such return or destruction is not feasible, to Business Associate will extend the protections of this BAA section to the information in perpetuity and will limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; , and; iii. to ensure that its agents (agents, including subcontractors) a subcontractor, to whom it provides Protected Health Information agree PHI received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply to Business Associate with respect to such Informationinformation. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business Associate to breach the terms of this BAAAgreement or the mandatory requirements of the HIPAA Privacy Rule and Security Rule that may apply to Business Associate. b. Notwithstanding the prohibitions set forth in this BAAsection, Business Associate may use and disclose Protected Health Information PHI as follows: i. if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met: i. ii. the disclosure is Required By Law; required by law, not merely permitted by law, or; iiiii. Business Associate obtains reasonable written assurances from the person or party to whom the Information information is disclosed that it will be held confidentially and used or further disclosed only as Required required by Law law or for the purpose for which it was disclosed to the personperson or party, and the person or party notifies Business Associate of any instances of which it is aware in which the confidentiality of the Information information has been breached. iv. for data aggregation services, if to be provided by Business Associate for the health care operations of Covered Entity pursuant to any agreements between the Parties evidencing their business relationship. For purposes of this Agreement, data aggregation services means the combining of PHI by Business Associate with the PHI received by Business Associate in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities. c. Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information PHI other than as permitted in this BAAsection. The Secretary of Health and Human Services will shall have the right to audit Business Associate’s records and practices related to use uses and disclosure disclosures of Protected Health Information PHI to ensure Covered Entity’s compliance with the terms of the HIPAA RulesPrivacy Rule and Security Rule. Business Associate will shall timely report to Covered Entity any use or disclosure of Protected Health Information which PHI that is not in compliance with the terms of this BAA Agreement of which it becomes aware.