Formation of Subsidiaries Each Borrower will, at the time that any Loan Party forms any direct or indirect Subsidiary or acquires any direct or indirect Subsidiary after the Closing Date, within 10 days of such formation or acquisition (or such later date as permitted by Agent in its sole discretion) (a) cause such new Subsidiary to provide to Agent a joinder to the Guaranty and Security Agreement, together with such other security agreements (including mortgages with respect to any Real Property owned in fee of such new Subsidiary with a fair market value greater than $1,000,000), as well as appropriate financing statements (and with respect to all property subject to a mortgage, fixture filings), all in form and substance reasonably satisfactory to Agent (including being sufficient to grant Agent a first priority Lien (subject to Permitted Liens) in and to the assets of such newly formed or acquired Subsidiary); provided, that the joinder to the Guaranty and Security Agreement, and such other security agreements shall not be required to be provided to Agent with respect to any Subsidiary of any Borrower that is a CFC if providing such agreements would result in adverse tax consequences or the costs to the Loan Parties of providing such guaranty or such security agreements are unreasonably excessive (as determined by Agent in consultation with Borrowers) in relation to the benefits to Agent and the Lenders of the security or guarantee afforded thereby, (b) provide, or cause the applicable Loan Party to provide, to Agent a pledge agreement (or an addendum to the Guaranty and Security Agreement) and appropriate certificates and powers or financing statements, pledging all of the direct or beneficial ownership interest in such new Subsidiary in form and substance reasonably satisfactory to Agent; provided, that only 65% of the total outstanding voting Equity Interests of any first tier Subsidiary of a Borrower that is a CFC (and none of the Equity Interests of any Subsidiary of such CFC) shall be required to be pledged if pledging a greater amount would result in adverse tax consequences or the costs to the Loan Parties of providing such pledge are unreasonably excessive (as determined by Agent in consultation with Borrowers) in relation to the benefits to Agent and the Lenders of the security afforded thereby (which pledge, if reasonably requested by Agent, shall be governed by the laws of the jurisdiction of such Subsidiary), and (c) provide to Agent all other documentation, including one or more opinions of counsel reasonably satisfactory to Agent, which, in its opinion, is appropriate with respect to the execution and delivery of the applicable documentation referred to above (including policies of title insurance or other documentation with respect to all Real Property owned in fee and subject to a mortgage). Any document, agreement, or instrument executed or issued pursuant to this Section 5.11 shall constitute a Loan Document.
Permitted Activities of Holdings Holdings shall not:
(a) incur any third party Indebtedness for borrowed money other than Guarantees of Indebtedness or other obligations of the Borrower and/or any Restricted Subsidiary, which Indebtedness or other obligations are otherwise permitted or not prohibited hereunder;
(b) create or suffer to exist any Lien on any asset now owned or hereafter acquired by it other than (i) the Liens created under the Collateral Documents and, subject to the Closing Date Intercreditor Agreement, the collateral documents relating to any Second Lien Term Loans, in each case, to which it is a party, (ii) any other Lien created in connection with the Transactions, (iii) Liens on the Collateral that are secured on a pari passu or junior basis with the Secured Obligations, so long as such Liens secure Guarantees permitted under clause (a)(ii) above and the underlying Indebtedness subject to such Guarantee is permitted to be secured on the same basis pursuant to Section 6.02 and (iv) Liens of the type permitted under Section 6.02 (other than in respect of debt for borrowed money); or
(c) consolidate or amalgamate with, or merge with or into, or convey, sell or otherwise transfer all or substantially all of its assets to, any Person; provided that, so long as no Default or Event of Default exists or would result therefrom and subject to Sections 6.11(a) and (b), (A) Holdings may consolidate or amalgamate with, or merge with or into, any other Person (other than the Borrower and any of its subsidiaries) so long as (i) Holdings is the continuing or surviving Person or (ii) if the Person formed by or surviving any such consolidation, amalgamation or merger is not Holdings (w) the successor Person (such successor Person, “Successor Holdings”) expressly assumes all obligations of Holdings under this Agreement and the other Loan Documents to which Holdings is a party pursuant to a supplement hereto and/or thereto in a form reasonably satisfactory to the Administrative Agent, (x) Successor Holdings shall be an entity organized or existing under the laws of the US, any state thereof or the District of Columbia, (y) the Administrative Agent shall have a security interest in the Collateral for the benefit of the Secured Parties pursuant to the Collateral Documents that is perfected to at least the same extent as in effect immediately prior to such merger, consolidation or amalgamation and all actions reasonably requested by the Administrative Agent to maintain such perfected status have been or will promptly be taken (subject to the terms of the applicable Loan Documents), and (z) the Borrower delivers a certificate of a Responsible Officer with respect to the satisfaction of the conditions set forth in clause (w) of this clause (A)(ii) and (B) Holdings may otherwise convey, sell or otherwise transfer all or substantially all of its assets to any other Person organized or existing under the laws of the US, any state thereof or the District of Columbia (other than the Borrower and any of its subsidiaries) so long as (x) no Change of Control results therefrom, (y) the Person acquiring such assets expressly assumes all of the obligations of Holdings under this Agreement and the other Loan Documents to which Holdings is a party pursuant to a supplement hereto and/or thereto in a form reasonably satisfactory to the Administrative Agent and (z) the Borrower delivers a certificate of a Responsible Officer with respect to the satisfaction of the conditions under clause (y) set forth in this clause (B); provided, further, that (1) if the conditions set forth in the preceding proviso are satisfied, Successor Holdings will succeed to, and be substituted for, Holdings under this Agreement and (2) it is understood and agreed that Holdings may convert into another form of entity organized or existing under the laws of the US, any state thereof or the District of Columbia so long as such conversion does not adversely affect the value of the Guarantees under the Loan Guaranty or the Collateral.
Limitation on Designations of Unrestricted Subsidiaries Level 3 shall not designate (1) the Borrower or Level 3 LLC as an Unrestricted Subsidiary or (2) any other Subsidiary (other than a newly created Subsidiary in which no Investment has previously been made) as an “Unrestricted Subsidiary” under this Agreement (a “Designation”) unless in the case of this clause (2):
(a) no Default or Event of Default shall have occurred and be continuing at the time of or after giving effect to such Designation;
(b) immediately after giving effect to such Designation, Level 3 would be able to Incur $1.00 of Indebtedness under paragraph (a) of Section 6.01; and
(c) Level 3 would not be prohibited under any provision of this Agreement from making an Investment at the time of Designation (assuming the effectiveness of such Designation) in an amount (the “Designation Amount”) equal to the portion (proportionate to Level 3’s equity interest in such Restricted Subsidiary) of the Fair Market Value of the net assets of such Restricted Subsidiary on such date. In the event of any such Designation, Level 3 shall be deemed to have made an Investment constituting a Restricted Payment pursuant to Section 6.03 for all purposes of this Agreement in the Designation Amount; provided, however, that, upon a Revocation of any such Designation of a Subsidiary, Level 3 shall be deemed to continue to have a permanent “Investment” in an Unrestricted Subsidiary of an amount (if positive) equal to (i) Level 3’s “Investment” in such Subsidiary at the time of such Revocation less (ii) the portion (proportionate to Level 3’s equity interest in such Subsidiary) of the Fair Market Value of the net assets of such Subsidiary at the time of such Revocation. At the time of any Designation of any Subsidiary as an Unrestricted Subsidiary, such Subsidiary shall not own any Capital Stock of Level 3 or any Restricted Subsidiary. In addition, neither Level 3 nor any Restricted Subsidiary shall at any time (x) provide credit support for, or a Guarantee of, any Indebtedness of any Unrestricted Subsidiary (including any undertaking, agreement or instrument evidencing such Indebtedness); provided, however, that Level 3 or a Restricted Subsidiary may pledge Capital Stock or Indebtedness of any Unrestricted Subsidiary on a nonrecourse basis such that the pledgee has no claim whatsoever against Level 3 other than to obtain such pledged Capital Stock or Indebtedness, (y) be directly or indirectly liable for any Indebtedness of any Unrestricted Subsidiary or (z) be directly or indirectly liable for any Indebtedness which provides that the holder thereof may (upon notice, lapse of time or both) declare a default thereon or cause the payment thereof to be accelerated or payable prior to its final scheduled maturity upon the occurrence of a default with respect to any Indebtedness, Lien or other obligation of any Unrestricted Subsidiary (including any right to take enforcement action against such Unrestricted Subsidiary), except in the case of clause (x) or (y) to the extent permitted under Sections 6.03 and 6.09. Unless Designated as an Unrestricted Subsidiary, any Person that becomes a Subsidiary of Level 3 will be classified as a Restricted Subsidiary; provided, however, that such Subsidiary shall not be designated as a Restricted Subsidiary and shall be automatically classified as an Unrestricted Subsidiary if either of the requirements set forth in clauses (a) and (b) of the immediately following paragraph will not be satisfied immediately following such classification. Except as provided in the first sentence of this Section 6.10, no Restricted Subsidiary may be redesignated as an Unrestricted Subsidiary. A Designation may be revoked (a “Revocation”) by a Board Resolution of Level 3 delivered to the Administrative Agent, provided that Level 3 will not make any Revocation unless:
(a) no Default or Event of Default shall have occurred and be continuing at the time of and after giving effect to such Revocation; and
(b) all Liens and Indebtedness of such Unrestricted Subsidiary outstanding immediately following such Revocation would, if Incurred at such time, have been permitted to be Incurred at such time for all purposes of this Agreement. All Designations and Revocations must be evidenced by Board Resolutions of Level 3 delivered to the Administrative Agent (i) certifying compliance with the foregoing provisions and (ii) giving the effective date of such Designation or Revocation. Upon Designation of a Restricted Subsidiary as an Unrestricted Subsidiary in compliance with this Section 6.10, such Restricted Subsidiary shall, by delivery of documentation providing for such release in form satisfactory to the Administrative Agent, be released from any Guarantee (in the case of a Guarantor) and its obligations under the Collateral Agreement (in the case of a Grantor) previously made by such Subsidiary.
Organization and Ownership of Shares of Subsidiaries (a) Schedule 5.4 contains (except as noted therein) complete and correct lists of the Company’s Restricted and Unrestricted Subsidiaries as of the Execution Date, showing, as to each Subsidiary, the correct name thereof, the jurisdiction of its organization and, with respect to each Material Subsidiary, the percentage of shares of each class of its Capital Stock outstanding owned by the Company and each other Subsidiary.
(b) All of the outstanding shares of Capital Stock of each Subsidiary owned by the Company and its Subsidiaries have been validly issued, are fully paid and nonassessable and are owned by the Company or another Subsidiary free and clear of any Lien (except as otherwise disclosed in Schedule 5.4).
(c) Each Subsidiary is a corporation or other legal entity duly organized, validly existing and in good standing under the laws of its jurisdiction of organization, and is duly qualified as a foreign corporation or other legal entity and is in good standing in each jurisdiction in which such qualification is required by law, other than those jurisdictions as to which the failure to be so qualified or in good standing could not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Each such Subsidiary has the corporate or other power and authority to own or hold under lease the properties it purports to own or hold under lease and to transact the business it transacts and proposes to transact.
(d) No Subsidiary is a party to, or otherwise subject to, any legal, regulatory, contractual or other restriction (other than this Agreement, the agreements listed on Schedule 5.4 and customary limitations imposed by corporate law or similar statutes) restricting its ability to make Restricted Payments to the Company or any of its Subsidiaries that owns outstanding shares of Capital Stock of such Subsidiary, except for such restrictions that do not impair the Company’s ability to perform its obligations under this Agreement, including, without limitation, its obligation to make payments hereunder and under the Notes.
Organization and Ownership of Shares of Subsidiaries; Affiliates (a) Schedule 5.4 contains (except as noted therein) complete and correct lists of (1) the Parent Guarantor’s Subsidiaries, showing, as to each Subsidiary, the name thereof, the jurisdiction of its organization, the percentage of shares of each class of its Capital Stock outstanding owned by the Parent Guarantor and each other Subsidiary and whether such Subsidiary is a Qualified Asset Guarantor or another Subsidiary Guarantor, (2) the Unconsolidated Affiliates, and (3) each Constituent Company’s directors and senior officers.
(b) All of the outstanding shares of Capital Stock of each Subsidiary shown in Schedule 5.4 as being owned by the Parent Guarantor and its Subsidiaries have been validly issued, are fully paid and non-assessable and are owned by the Parent Guarantor or another Subsidiary free and clear of any Lien that is prohibited by this Agreement.
(c) Each Subsidiary (other than a Subsidiary Guarantor) is a corporation or other legal entity duly organized, validly existing and, where applicable, in good standing under the laws of its jurisdiction of organization, and is duly qualified as a foreign corporation or other legal entity and, where applicable, is in good standing in each jurisdiction in which such qualification is required by law, other than those jurisdictions as to which the failure to be so qualified or in good standing could not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Each such Subsidiary has the corporate or other power and authority to own or hold under lease the properties it purports to own or hold under lease and to transact the business it transacts and proposes to transact, except where the failure to do so could not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.
(d) No Subsidiary is subject to any legal, regulatory, contractual or other restriction (other than the agreements listed on Schedule 5.4 and customary limitations imposed by corporate law or similar statutes) restricting the ability of such Subsidiary to pay dividends out of profits or make any other similar distributions of profits to the Parent Guarantor or any of its Subsidiaries that owns outstanding shares of Capital Stock of such Subsidiary.
Designation of Subsidiaries The board of directors of the Borrower may, at any time from and after the Closing Date, designate any Restricted Subsidiary as an Unrestricted Subsidiary or any Unrestricted Subsidiary as a Restricted Subsidiary; provided that (i) immediately before and after such designation, no Default or Event of Default shall have occurred and be continuing, (ii) immediately after giving effect to such designation, the Borrower shall be in compliance with the covenants set forth in Section 8.1 on a pro forma basis, (iii) no Restricted Subsidiary may be designated as an Unrestricted Subsidiary if it was previously designated as an Unrestricted Subsidiary, (iv) if a Restricted Subsidiary is being designated as an Unrestricted Subsidiary hereunder, such Restricted Subsidiary, together with all other Unrestricted Subsidiaries as of such date of designation, must not have contributed greater than the greater of (A) $50,000,000 and (B) 1.0% of Consolidated Total Tangible Assets (but, notwithstanding the definition of Consolidated Total Tangible Assets, calculated inclusive of all Unrestricted Subsidiaries), as of the last day of the Reference Period then most recently ended and (v) no Restricted Subsidiary may be designated as an Unrestricted Subsidiary if, upon the effectiveness of such designation, such Subsidiary is and would continue to be a restricted subsidiary under the terms of any Material Indebtedness of the Borrower or any of its Restricted Subsidiaries. The designation of any Restricted Subsidiary as an Unrestricted Subsidiary after the Closing Date shall constitute an Investment by the Borrower or the applicable Restricted Subsidiary therein at the date of designation in an amount equal to the fair market value of the Borrower’s or the applicable Restricted Subsidiary’s investment therein. None of the Borrower or any Restricted Subsidiary shall at any time be directly or indirectly liable for any Indebtedness that provides the holder thereof may (with the passage of time or notice or both) declare a default thereon or cause the payment thereof to be accelerated upon the occurrence of a default with respect to any Indebtedness, Lien or other obligation of an Unrestricted Subsidiary (including any right to take enforcement action against such Unrestricted Subsidiary). The designation of any Unrestricted Subsidiary as a Restricted Subsidiary shall constitute (i) the incurrence at the time of designation of any Investment, Indebtedness or Liens of such Subsidiary existing at such time and (ii) a return on any Investment by the Borrower or the applicable Restricted Subsidiary in Unrestricted Subsidiaries pursuant to the preceding sentence in an amount equal to the fair market value at the date of such designation of the Borrower’s or such Restricted Subsidiary’s Investment in such Subsidiary. Notwithstanding the foregoing, neither the Borrower nor any Designated IP Subsidiary shall be permitted to be an Unrestricted Subsidiary.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Intellectual Property Rights and Indemnification Any intellectual property which originates from or is developed by a Party shall remain in the exclusive ownership of that Party. No license in patent, copyright, trademark or trade secret, or other proprietary or intellectual property right now or hereafter owned, controlled or licensable to a Party, is granted to the other Party or shall be implied or arise by estoppel. It is the responsibility of each Party to ensure at its own cost that it has obtained any necessary licenses in relation to intellectual property of third Parties used by it to receive any service or to perform its respective obligations under this Agreement.
Restrictions on Subsidiaries Except for restrictions contained in this Agreement or any other agreement with respect to Indebtedness of any Borrower or Guarantor permitted hereunder as in effect on the date hereof, there are no contractual or consensual restrictions on any Borrower or Guarantor or any of its Subsidiaries which prohibit or otherwise restrict (a) the transfer of cash or other assets (i) between any Borrower or Guarantor and any of its or their Subsidiaries or (ii) between any Subsidiaries of any Borrower or Guarantor or (b) the ability of any Borrower or Guarantor or any of its or their Subsidiaries to incur Indebtedness or grant security interests to Agent or any Lender in the Collateral.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
