We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content.

For more information visit our privacy policy.

Common use of Disclosure of PHI Clause in Contracts

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipients, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 10 contracts

Samples: Master Software and Services Agreement, Piggyback Agreement, Master Software and Services Agreement

Disclosure of PHI. Subject to any limitations in this BA Agreement, Business Associate Distributor may disclose PHI PHI. to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. Further, Business Associate Distributor may disclose PHI for the proper management and administration of the Business AssociateDistributor, provided that (i) such disclosures are required by law, or (ii) Business AssociateDistributor: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate Distributor of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate Distributor shall ensure that all disclosures of PHI by Business Associate Distributor and the third party comply with the principle of "minimum necessary use and disclosure," i.e., only the minimum PHI PH1 that is necessary to accomplish the intended purpose may be disclosed; : provided further, Business Associate Distributor shall comply with Section 13405(bl 3405(b) of the HITECH Act, and any regulations regulation s or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate Distributor discloses PHI received from Covered EntityAtossa, or created or received by Business Associate Distributor on behalf of Covered EntityAtossa, to agents, including a subcontractor sub distributor (collectively, "Recipients"), Business Associate Distributor shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Distributor under this Agreement. Business Associate Distributor shall report to Covered Entity Atossa any use or disclosure of PHI PH1 not permitted by this Agreement, of which it becomes aware, such report to be made within three two (32) business days of the Business Associate Distributor becoming aware of such use or disclosure. In addition to Business Associate’s Distributor's obligations under Section 9, Business Associate Distributor agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity Atossa in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate Distributor and is the result of a use or disclosure of PHI by Business Associate Distributor or Recipients in violation of this Agreement.

Appears in 3 contracts

Samples: Distribution Agreement (Millennium Healthcare Inc.), Distribution Agreement (Millennium Healthcare Inc.), Distribution Agreement (Millennium Healthcare Inc.)

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. FurtherBusiness Associate recognizes that under the HIPAA/HITECH Omnibus Final Rule, Business Associates may not disclose PHI in a way that would be prohibited if Covered Entity made such a disclosure. Any disclosures made by Business Associate will comply with minimum necessary requirements under the Privacy Rule and related regulations. 3.1 Business Associate shall not [and shall provide that its directors, officers, employees, subcontractors, and agents, do not] disclose PHI to any other person (other than members of their respective workforce as specified in subsection 3.1(ii) below), unless disclosure is required by law or authorized by the person whose PHI is to be disclosed. Any such disclosure other than as specifically permitted in the immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) Binds the disclosee to the provisions of this Agreement pertaining to PHI, for the express benefit of Covered Entity, Business Associate may disclose PHI for the proper management and administration of the and, if disclosee is other than Business Associate, provided that (i) such disclosures are required by law, or the disclosee; (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this Agreement, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and (biii) requires the third party to agree Obligates disclosee to immediately notify Business Associate of any instances breaches of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionallyconfidentiality of the PHI, to the extent disclosee has obtained knowledge of such breach. 3.2 Business Associate shall ensure not disclose PHI to any member of its workforce and shall provide that all disclosures its subcontractors and agents do not disclose PHI to any member of PHI by their respective workforces, unless Business Associate and the third party comply with the principle or such subcontractor or agent has advised such person of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Associate’s obligations under this Agreement, and of the consequences for such person and for Business Associate or such subcontractor or agent of violating them as memorialized in a business associate agreement pursuant to the HIPAA/HITECH Omnibus Final Rule. Business Associate shall report to Covered Entity take and shall provide that each of its subcontractors and agents take appropriate disciplinary action against any use member of its respective workforce who uses or disclosure discloses PHI in contravention of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. . 3.3 In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientscommercially practical, any harmful effect effects that is are known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 2 contracts

Samples: Business Associate Agreement, Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third third-party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. 3.1 Business Associate shall not and shall provide that its directors, officers, employees, subcontractors, and agents, do not disclose PHI to any other person (other than members of their respective workforce as specified in subsection 3.1(ii) below), unless disclosure is required by law or authorized by the person whose PHI is to be disclosed. FurtherAny such disclosure other than as specifically permitted in the immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) Binds the disclosee to the provisions of this Agreement pertaining to PHI, for the express benefit of Covered Entity, Business Associate may disclose PHI for the proper management and administration of the and, if disclosee is other than Business Associate, provided that (i) such disclosures are required by law, or the disclosee;‌‌ (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this Agreement, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and (biii) requires the third party to agree Obligates disclosee to immediately notify Business Associate of any instances breaches of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionallyconfidentiality of the PHI, to the extent disclosee has obtained knowledge of such breach. 3.2 Business Associate shall ensure not disclose PHI to any member of its workforce and shall provide that all disclosures its subcontractors and agents do not disclose PHI to any member of PHI by their respective workforces, unless Business Associate and the third party comply with the principle or such subcontractor or agent has advised such person of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Associate’s obligations under this Agreement, and of the consequences for such person and for Business Associate or such subcontractor or agent of violating them. Business Associate shall report to Covered Entity take and shall provide that each of its subcontractors and agents take appropriate disciplinary action against any use member of its respective workforce who uses or disclosure discloses PHI in contravention of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. Agreement.‌ 3.3 In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientscommercially practical, any harmful effect effects that is are known to Business Associate and is are the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 2 contracts

Samples: Interlocal Agreement, Interlocal Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate ASSOCIATE may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement with Authority and as permitted or required by applicable federal or state law. Further, Business Associate ASSOCIATE may disclose PHI for the proper management and administration of the Business AssociateASSOCIATE, provided that that: (i) such disclosures are required by law, ; or (ii) Business AssociateASSOCIATE: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate ASSOCIATE of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards; and (c) ensures that all disclosures of PHI by Business Associate ASSOCIATE and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate ASSOCIATE discloses PHI received from Covered EntityAuthority, or created or received by Business Associate ASSOCIATE on behalf of Covered EntityAuthority, to agents, including a subcontractor (collectively, “Recipients”), Business Associate ASSOCIATE shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate ASSOCIATE under this Agreement. Business Associate To the extent permitted by law, ASSOCIATE shall be fully liable to Authority for any acts, failures or omissions of Recipients in furnishing the services as if they were ASSOCIATE’s own acts, failures or omissions. ASSOCIATE shall report to Covered Entity Authority any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three five (35) business days of the Business Associate ASSOCIATE becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate ASSOCIATE agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity Authority in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate ASSOCIATE and is the result of a use or disclosure of PHI by Business Associate ASSOCIATE or Recipients in violation of this Agreement.

Appears in 2 contracts

Samples: Business Associate Agreement, Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third third-party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. 3.1 Business Associate shall not disclose PHI to any other person and shall provide that its directors, officers, employees, subcontractors, and agents do not disclose PHI to any other person (other than members of their respective workforce as specified in subsection 3.1(ii) below), unless disclosure is required by law or authorized by the person whose PHI is to be disclosed. FurtherAny such disclosure other than as specifically permitted in the immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) Binds the disclosee to the provisions of this Agreement pertaining to PHI, for the express benefit of Covered Entity, Business Associate may disclose PHI for the proper management and administration of the and, if disclosee is other than Business Associate, provided that (i) such disclosures are required by law, or the disclosee; (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this Agreement, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and‌‌ (biii) requires the third party to agree Obligates disclosee to immediately notify Business Associate of any instances breaches of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionallyconfidentiality of the PHI, to the extent disclosee has obtained knowledge of such breach. 3.2 Business Associate shall ensure not disclose PHI to any member of its workforce and shall provide that all disclosures its subcontractors and agents do not disclose PHI to any member of PHI by their respective workforces, unless Business Associate and the third party comply with the principle or such subcontractor or agent has advised such person of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Associate’s obligations under this Agreement, and of the consequences for such person and for Business Associate or such subcontractor or agent of violating them. Business Associate shall report to Covered Entity take and shall provide that each of its subcontractors and agents take appropriate disciplinary action against any use member of its respective workforce who uses or disclosure discloses PHI in contravention of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. Agreement.‌ 3.3 In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientscommercially practical, any harmful effect effects that is are known to Business Associate and is are the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 2 contracts

Samples: Hipaa Business Associate Agreement, Hipaa Business Associate Agreement

Disclosure of PHI. Subject to The Plan, its Administrator, or any limitations in this Agreementcontracted representatives of the Plan, Business Associate may disclose release PHI to any third party persons the Employer, so long as the Employer agrees to do the following: a) The Employer shall not use or entities as necessary to perform its obligations under further disclose the Business Arrangement and PHI other than as permitted or required by applicable federal the Plan’s documents or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that (i) such disclosures are as required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (; b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate The Employer shall ensure that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectivelysubcontractor, “Recipients”), Business Associate to whom it provides PHI shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate Employer with respect to such PHI; c) The Employer shall not use or disclose the PHI for employment-related actions and decisions, or in connection with any other Benefit or employee Benefit plan of the Employer; d) The Employer agrees to report to Covered Entity the Plan any use or disclosure of the PHI not permitted by this Agreementthat is inconsistent with the uses or disclosures providing herein, of which it if and when the Employer becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such inconsistent use or disclosure. In addition ; e) The Employer, in accordance with HIPAA as set forth in 45 C.F.R. Section 164.524 and consistent with the Employer Privacy Policy, has authorized the Plan to Business Associatemake PHI available to individuals; f) The Employer, in accordance with HIPAA as set forth in 45 C.F.R. Section 164.524 and consistent with the Employer Privacy Policy, has authorized the Plan to make PHI available to individuals for amendment and to incorporate such amendments of PHI; g) The Employer, in accordance with HIPAA as set forth in 45 C.F.R. Section 164.528 and consistent with the Employer Privacy Policy, has authorized the Plan to make available the information required to provide an accounting of disclosures; h) The Employer, agrees to make its internal practices, books, and records relating to the use and disclosure of PHI received from the Plan available to the Secretary for purposes of determining the Plan’s obligations under Section 9compliance with HIPAA; i) If feasible, Business Associate the Employer shall return or destroy all PHI that the Employer received from the Plan and which the Employer no longer needs for the purpose for which disclosure was made, except that, if such return or destruction is not feasible, the Employer shall limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible; j) The Employer agrees to use appropriate safeguards to prevent unauthorized use or disclosure of PHI, and have reasonable and appropriate safeguards in place to protect the confidentiality, integrity and availability of ePHI; k) The Employer agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientspracticable, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of the requirements of this Agreement; l) The Employer agrees to report to the Plan, any use or disclosure of PHI of which it becomes aware that is not permitted or required by HIPAA; and m) The Employer agrees to report to the Plan any Security Incident of ePHI of which it becomes aware.

Appears in 2 contracts

Samples: Adoption Agreement, Adoption Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. 3.1 Business Associate shall not [and shall provide that its directors, officers, employees, subcontractors, and agents, do not] disclose PHI to any other person (other than members of their respective workforce as specified in subsection 3.1(ii) below), unless disclosure is required by law or authorized by the person whose PHI is to be disclosed. FurtherAny such disclosure other than as specifically permitted in the immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) Binds the disclosee to the provisions of this Agreement pertaining to PHI, for the express benefit of Covered Entity, Business Associate may disclose PHI for the proper management and administration of the and, if disclosee is other than Business Associate, provided that (i) such disclosures are required by law, or the disclosee. (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this Agreement, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and‌ (biii) requires the third party to agree Obligates disclosee to immediately notify Business Associate of any instances breaches of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionallyconfidentiality of the PHI, to the extent disclosee has obtained knowledge of such breach.‌ 3.2 Business Associate shall ensure not disclose PHI to any member of its workforce and shall provide that all disclosures its subcontractors and agents do not disclose PHI to any member of PHI by their respective workforces, unless Business Associate and the third party comply with the principle or such subcontractor or agent has advised such person of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Associate’s obligations under this Agreement, and of the consequences for such person and for Business Associate or such subcontractor or agent of violating them. Business Associate shall report to Covered Entity take and shall provide that each of its subcontractors and agents take appropriate disciplinary action against any use member of its respective workforce who uses or disclosure discloses PHI in contravention of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. . 3.3 In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent commercially practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipients, any harmful effect effects that is are known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 2 contracts

Samples: Participation Agreement, Participation Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that (i) Business Associate shall in such disclosures are required by law, or (ii) Business Associatecase: (a) obtains obtain reasonable assurances from any third party person to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third partyperson or entity; (b) requires the third party to agree to immediately notify Business Associate Facility of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall Privacy Standards; and (c) ensure that all disclosures of PHI by Business Associate and the third party comply with are subject to the principle of “minimum necessary use and disclosure,” i.e., . “i.e. only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered EntityFacility, or created or received by Business Associate on behalf of Covered EntityFacility, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business business Associate under this Agreement. To the extent permitted by law, Business Associate shall be fully liable to Facility for any acts, failures or omissions of Recipients in furnishing the services as if they were the Business Associate’s own acts, failures or omissions. Business Associate shall report to Covered Entity Facility any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three five (35) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity Facility in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this the Agreement.

Appears in 2 contracts

Samples: Business Associate Agreement, Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to ------------------- perform its obligations under the Professional Business Arrangement Management Agreement and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that (i) Business Associate shall in such disclosures are required by law, or (ii) Business Associatecase: (a) obtains obtain reasonable assurances from any third party person to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third partyperson or entity; (b) requires the third party to agree to immediately notify Business Associate Health Care Provider of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement Addendum or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards or the Security Standards; and (c) obtain reasonable assurances that all disclosures of PHI by Business Associate and the third party comply with are subject to the principle of "minimum necessary use and disclosure," i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further. In addition, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued may disclose PHI as required by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Setslaw. If Business Associate discloses PHI received from Covered EntityHealth Care Provider, or created or received by Business Associate on behalf of Covered EntityHealth Care Provider, to agents, including a subcontractor (collectively, "Recipients"), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this AgreementAddendum. Business Associate shall report to Covered Entity Health Care Provider any use or disclosure of PHI not permitted by this AgreementAddendum, of which it becomes aware, such report to be made within three five (35) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity Health Care Provider in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this AgreementAddendum.

Appears in 2 contracts

Samples: Professional Services (Eye Care Centers of America Inc), Professional Business Management Agreement (Eye Care Centers of America Inc)

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement Arrangements and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided either that (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential confidentially and further used and disclosed only as required by law or for the purpose purposes for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards; and (c) ensures that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, . Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses may disclose PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require ) and may allow Recipients to create or receive PHI on its behalf only if Recipients agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement, including, but not limited to, the requirement that the Recipients will: (i) comply with all requirements of the Privacy and Security Standards that apply to the Business Associate, (ii) appropriately safeguard all PHI that is either created or received, and (iii) comply with the Breach notification and mitigation requirements under this Agreement. To the extent permitted by law, Business Associate shall be fully liable to Covered Entity for any acts, failures or omissions of Recipients in furnishing the services as if they were the Business Associate’s own acts, failures or omissions. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three five (35) business calendar days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Professional Business Arrangement Management Agreement and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that (i) Business Associate shall in such disclosures are required by law, or (ii) Business Associatecase: (a) obtains obtain reasonable assurances from any third party person to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third partyperson or entity; (b) requires the third party to agree to immediately notify Business Associate Health Care Provider of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement Addendum or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards or the Security Standards; and (c) obtain reasonable assurances that all disclosures of PHI by Business Associate and the third party comply with are subject to the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further. In addition, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued may disclose PHI as required by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Setslaw. If Business Associate discloses PHI received from Covered EntityHealth Care Provider, or created or received by Business Associate on behalf of Covered EntityHealth Care Provider, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this AgreementAddendum. Business Associate shall report to Covered Entity Health Care Provider any use or disclosure of PHI not permitted by this AgreementAddendum, of which it becomes aware, such report to be made within three five (35) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity Health Care Provider in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this AgreementAddendum.

Appears in 1 contract

Samples: Professional Business Management Agreement (Eye Care Centers of America Inc)

Disclosure of PHI. Subject to any limitations in this AgreementTo the extent permitted by law, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement Service Agreement and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that that: (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; and (b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement Exhibit or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”in accordance with 45 C.F.R. §164.502(b), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. . a. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, Exhibit of which it becomes aware, such report to be made within three thirty (330) business days of the Business Associate becoming aware of such use or disclosure. In addition . b. If Business Associate uses or contracts with any agent, including a subcontractor (collectively, “Subcontractors”) that uses, discloses, creates, accesses, receives, maintains or transmits PHI on behalf of Business Associate, Business Associate shall require each Subcontractor to agree in writing to the same restrictions and conditions that apply to Business Associate’s obligations Associate under Section 9this Exhibit; specifically, Business Associate agrees to enter into business associate agreements with its Subcontractors that meet the requirements of the Confidentiality Requirements. c. Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientspractical, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients any of Business Associate’s Subcontractors in violation of this AgreementExhibit.

Appears in 1 contract

Samples: Physician Participation Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement Arrangements and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided either that (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential confidentially and further used and disclosed only as required by law or for the purpose purposes for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards; and (c) ensures that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, . Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses may disclose PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require ) and may allow Recipients to create or receive PHI on its behalf only if Recipients agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement, including, but not limited to, the requirement that the Recipients will: (i) comply with all requirements of the Privacy and Security Standards that apply to the Business Associate, (ii) appropriately safeguard all PHI that is either created or received, and (iii) comply with the Breach notification and mitigation requirements under this Agreement. To the extent permitted by law, Business Associate shall be fully liable to Covered Entity for any acts, failures or omissions of Recipients in furnishing the services as if they were the Business Associate’s own acts, failures or omissions. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three two (32) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this AgreementBAA, Business Associate BA may disclose PHI to any third third-party persons or entities as necessary to perform its obligations under the Business Arrangement Arrangements and as permitted or required by applicable federal or state lawApplicable Law. Further, Business Associate BA may not disclose PHI for in a way that would be prohibited if CE made such a disclosure. Any disclosures made by BA will comply with minimum necessary requirements under HIPAA. 3.1 BA shall provide that its directors, officers, employees, subcontractors, and agents, do not disclose PHI to any other person (other than members of their respective workforce as specified in section 3.2 below), unless disclosure is required by law or authorized by the proper management and administration of person whose PHI is to be disclosed. Any such disclosure other than as specifically permitted in the Business Associate, provided that immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) such disclosures are required by law, or Binds the disclosee to the provisions of this BAA pertaining to PHI; (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this BAA, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and (biii) requires the third party to agree Obligates disclosee to immediately notify Business Associate BA of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) breaches of the HITECH Actconfidentiality of the PHI, to the extent disclosee has obtained knowledge of such breach. 3.2 BA shall not disclose PHI to any member of its workforce and shall provide that its subcontractors and agents do not disclose PHI to any regulations member of their respective workforces, unless BA or guidance issued by HHS concerning such provision, regarding the minimum necessary standard subcontractor or agent has advised such person of BA’s obligations under this BAA. BA shall take and the use shall provide that each of its subcontractors and disclosure (if applicable) agents take appropriate disciplinary action against any member of Limited Data Sets. If Business Associate its respective workforce who uses or discloses PHI received from Covered Entityin contravention of this BAA. 3.3 As referenced in Section 3.1 above, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 45 C.F.R. § 164.308(b)(2), as applicable, BA shall enter into a written agreement with any agent or created subcontractor that creates, receives, maintains or received by Business Associate transmits PHI on behalf of Covered EntityBA for services provided to CE, provided that the agent agrees to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply through this BAA to the Business Associate under this Agreement. Business Associate shall report BA with respect to Covered Entity any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. PHI. 3.4 In addition to Business AssociateBA’s obligations under Section 98, Business Associate BA agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientscommercially practical, any harmful effect effects that is are known to Business Associate BA and is the result of a use or disclosure of PHI by Business Associate BA or Recipients in violation of this AgreementBAA.

Appears in 1 contract

Samples: Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third third-party persons or entities as necessary to perform its obligations under the Business Arrangement Arrangements and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided either that (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential confidentially and further used and disclosed only as required by law or for the purpose purposes for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards; and (c) ensures that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, . Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses may disclose PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require ) and may allow Recipients to create or receive PHI on its behalf only if Recipients agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate shall report to Covered Entity any use or disclosure of PHI , including, but not permitted by this Agreementlimited to, of which it becomes aware, such report to be made within three the requirement that the Recipients will: (3i) business days comply with all requirements of the Business Associate becoming aware of such use or disclosure. In addition Privacy and Security Standards that apply to the Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipients, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.,

Appears in 1 contract

Samples: Electronic Health Records System Contract

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third third-party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state lawlaw.‌ 3.1 Business Associate shall not and shall provide that its directors, officers, employees, subcontractors, and agents, do not disclose PHI to any other person (other than members of their respective workforce as specified in subsection 3.1(ii) below), unless disclosure is required by law or authorized by the person whose PHI is to be disclosed. FurtherAny such disclosure other than as specifically permitted in the immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) Binds the disclosee to the provisions of this Agreement pertaining to PHI, for the express benefit of Covered Entity, Business Associate may disclose PHI for the proper management and administration of the and, if disclosee is other than Business Associate, provided that (i) such disclosures are required by law, or the disclosee; (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this Agreement, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and‌‌ (biii) requires the third party to agree Obligates disclosee to immediately notify Business Associate of any instances breaches of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionallyconfidentiality of the PHI, to the extent disclosee has obtained knowledge of such breach. 3.2 Business Associate shall ensure not disclose PHI to any member of its workforce and shall provide that all disclosures its subcontractors and agents do not disclose PHI to any member of PHI by their respective workforces, unless Business Associate and the third party comply with the principle or such subcontractor or agent has advised such person of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Associate’s obligations under this Agreement, and of the consequences for such person and for Business Associate or such subcontractor or agent of violating them. Business Associate shall report to Covered Entity take and shall provide that each of its subcontractors and agents take appropriate disciplinary action against any use member of its respective workforce who uses or disclosure discloses PHI in contravention of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. Agreement.‌ 3.3 In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientscommercially practical, any harmful effect effects that is are known to Business Associate and is are the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Hipaa Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this BA Agreement, Business Associate Contractor may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. Further, Business Associate Contractor may disclose PHI for the proper management and administration of the Business AssociateContractor, provided that (i) such disclosures are required by law, or (ii) Business AssociateContractor: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate Contractor of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate Contractor shall ensure that all disclosures of PHI by Business Associate Contractor and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate Contractor shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate Contractor discloses PHI received from Covered EntityNRLBH, or created or received by Business Associate Contractor on behalf of Covered EntityNRLBH, to agents, including a subcontractor sub-Contractor (collectively, “Recipients”), Business Associate Contractor shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate Contractor under this Agreement. Business Associate Contractor shall report to Covered Entity NRLBH any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three two (32) business days of the Business Associate Contractor becoming aware of such use or disclosure. In addition to Business AssociateContractor’s obligations under Section 9, Business Associate Contractor agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity NRLBH in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate Contractor and is the result of a use or disclosure of PHI by Business Associate Contractor or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Laboratory Marketing Services Agreement (Atossa Genetics Inc)

Disclosure of PHI. 3.1 Subject to any limitations in this Agreement, Business Associate Vendor may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement Arrangements and as permitted or required by applicable federal or state law. Vendor agrees not to disclose PHI in a manner that would violate the Confidentiality Requirements if the PHI was disclosed by the Covered Entity in the same manner. Further, Business Associate Vendor may disclose PHI for the proper management and administration of the Business Associate, Vendor; provided that that: (i) such disclosures are required by law, ; or (ii) Business AssociateVendor: (a) obtains reasonable assurances from any third party to whom the information PHI is disclosed that it the PHI will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; , and (b) requires the third party to agree to immediately notify Business Associate Vendor of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Vendor shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement of which it becomes aware. Such report shall be made within five (5) business days of Vendor becoming aware of such use or disclosure. 3.2 If Vendor uses or contracts with any agent, including a subcontractor (collectively “Subcontractors”) that uses, discloses, accesses, creates, receives, maintains or transmits PHI on behalf of Vendor, Vendor shall require all Subcontractors to agree in writing to the same restrictions and conditions that apply to Vendor under this Agreement. In addition to Vendor’s obligations under Section 9, Vendor agrees to mitigate, to the extent practical and unless otherwise requested by the Covered Entity, any harmful effect that is known to Vendor and is the result of a use or disclosure of PHI by Vendor or any Subcontractor in violation of this Agreement. Additionally, Business Associate Vendor shall ensure that all disclosures of PHI by Business Associate Vendor and the third party its Subcontractors comply with the principle of “minimum necessary use and disclosure,” (i.e., in accordance with 45 C.F.R. §164.502(b), only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipients, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Subscription Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, (Business Associate Associate) may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. Further(Business Associate) recognizes that under the HIPAA/HITECH Omnibus Final Rule, Business Associate Associates may not disclose PHI for the proper management and administration of the in a way that would be prohibited if (Covered Entity) made such a disclosure. Any disclosures made by (Business Associate) will comply with minimum necessary requirements under the Privacy Rule and related regulations. 3.1 (Business Associate) shall not [and shall provide that its directors, provided that officers, employees, subcontractors, and agents, do not] disclose PHI to any other person (other than members of their respective workforce as specified in subsection3.1(ii) below), unless disclosure is required by law or authorized by the person whose PHI is to be disclosed. Any such disclosure other than as specifically permitted in the immediately preceding sentences shall be made only if such disclosee has previously signed a written agreement that: (i) such disclosures are required by lawBinds the disclosee to the provisions of this Agreement pertaining to PHI, or for the express benefit of (Company Name), (Business Associate) and, if disclosee is other than (Business Associate), the disclosee; (ii) Business Associate: (a) obtains Contains reasonable assurances from any third party to whom disclosee that the information is disclosed that it PHI will be held confidential as provided in this Agreement, and further used and only disclosed only as required by law or for the purpose purposes for which it was disclosed to the third partydisclosee; and (biii) requires the third party to agree Obligates disclosee to immediately notify (Business Associate Associate) of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) breaches of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding confidentiality of the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered EntityPHI, to agentsthe extent disclosee has obtained knowledge of such breach. 3.2 (Business Associate) shall not disclose PHI to any member of its workforce and shall provide that its subcontractors and agents do not disclose PHI to any member of their respective workforces, including a unless (Business Associate) or such subcontractor or agent has advised such person of (collectively, “Recipients”Business Associate), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate ’s obligations under this Agreement, and of the consequences for such person and for (Business Associate) or such subcontractor or agent of violating them as memorialized in a business associate agreement pursuant to the HIPAA/HITECH Omnibus Final Rule. (Business Associate Associate) shall report to Covered Entity take and shall provide that each of its subcontractors and agents take appropriate disciplinary action against any use member of its respective workforce who uses or disclosure discloses PHI in contravention of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. . 3.3 In addition to (Business Associate)’s obligations under Section 9, (Business Associate Associate) agrees to mitigate, to the extent commercially practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipients, any harmful effect effects that is are known to (Business Associate Associate) and is the result of a use or disclosure of PHI by (Business Associate Associate) or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Business Associate Agreement

Disclosure of PHI. 3.1 Subject to any limitations in this Agreement, Business Associate Subcontractor may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement Arrangements and as permitted or required by applicable federal law. Subcontractor agrees not to disclose (or state lawpermit the disclosure of) PHI in a manner that would violate the Confidentiality Requirements if the PHI was disclosed by TokenEx in the same manner. Further, Business Associate Subcontractor may disclose PHI for the proper management and administration of the Business Associate, Subcontractor; provided that that: (i) such disclosures are required by law, ; or (ii) Business AssociateSubcontractor: (a) obtains reasonable assurances from any third party to whom the information PHI is disclosed that it the PHI will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; and (b) requires the third party to agree to immediately notify Business Associate Subcontractor of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Subcontractor shall report to TokenEx any use or disclosure of PHI not permitted by this Agreement of which it becomes aware. Such report shall be made within five (5) business days of Subcontractor becoming aware of such use or disclosure and, if known to Subcontractor, Subcontractor shall identify in writing for TokenEx the PHI impacted by and scope of impact of such use or disclosure. 3.2 If Subcontractor uses or contracts with any agent, including a subcontractor (collectively, “Vendor Subcontractors”) that uses, discloses, creates, accesses, receives, maintains or transmits PHI on behalf of the Subcontractor, Subcontractor shall require its Vendor Subcontractors to agree in writing to the same restrictions and conditions that apply to Subcontractor under this Agreement, including but not limited to 45 C.F.R. §§164.314, 164.410, 164.502 and 164.504(e). In addition to Subcontractor’s obligations under Section 9, Subcontractor agrees to mitigate, to the extent practical and unless otherwise requested by TokenEx in writing, any harmful effect that is known to Subcontractor and is the result of a use or disclosure of PHI by Subcontractor or any of its Vendor Subcontractors in violation of this Agreement. Additionally, Business Associate Subcontractor shall ensure that all disclosures of PHI by Business Associate Subcontractor and the third party its Vendor Subcontractors comply with the principle of “minimum necessary use and disclosure,” (i.e., in accordance with 45 C.F.R. §164.502(b), only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipients, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate ASSOCIATE may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement with SGMC and as permitted or required by applicable federal or state law. Further, Business Associate ASSOCIATE may disclose PHI for the proper management and administration of the Business AssociateASSOCIATE, provided that that: (i) such disclosures are required by law, ; or (ii) Business AssociateASSOCIATE: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate ASSOCIATE of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure Privacy Standards; and (c) ensures that all disclosures of PHI by Business Associate ASSOCIATE and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate ASSOCIATE discloses PHI received from Covered EntitySGMC, or created or received by Business Associate ASSOCIATE on behalf of Covered EntitySGMC, to agents, including a subcontractor (collectively, “Recipients”), Business Associate ASSOCIATE shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate ASSOCIATE under this Agreement. Business Associate To the extent permitted by law, ASSOCIATE shall be fully liable to SGMC for any acts, failures or omissions of Recipients in furnishing the services as if they were ASSOCIATE’s own acts, failures or omissions. ASSOCIATE shall report to Covered Entity SGMC any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three five (35) business days of the Business Associate ASSOCIATE becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate ASSOCIATE agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity SGMC in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate ASSOCIATE and is the result of a use or disclosure of PHI by Business Associate ASSOCIATE or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Business Associate Agreement

Disclosure of PHI. Subject to any limitations in this Agreement, Business Associate may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Business Arrangement and as permitted or required by applicable federal or state law. Further, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; (b) requires the third party to agree to immediately notify Business Associate of any instances of which it is aware that PHI is being used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the Confidentiality Requirements. Additionally, Business Associate shall ensure that all disclosures of PHI by Business Associate and the third party comply with the principle of “minimum necessary use and disclosure,” i.e., only the minimum PHI that is necessary to accomplish the intended purpose may be disclosed; provided further, Business Associate shall comply with Section 13405(b) of the HITECH Act, and any regulations or guidance issued by HHS concerning such provision, regarding the minimum necessary standard and the use and disclosure (if applicable) of Limited Data Sets. If Business Associate discloses PHI received from Covered EntityFacility, or created or received by Business Associate on behalf of Covered EntityFacility, to agents, including a subcontractor (collectively, “Recipients”), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate shall report to Covered Entity Facility any use or disclosure of PHI not permitted by this Agreement, of which it becomes aware, such report to be made within three (3) business days of the Business Associate becoming aware of such use or disclosure. In addition to Business Associate’s obligations under Section 9, Business Associate agrees to mitigate, to the extent practical and unless otherwise requested by Covered Entity Facility in writing or as directed by or as a result of a request by Covered Entity to disclose to Recipientswriting, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI by Business Associate or Recipients in violation of this Agreement.

Appears in 1 contract

Samples: Business Associate Agreement