DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. A. Business Associate agrees that it will not use or disclose PHI other than as permitted or required by the Agreement or as Required by Law;
B. Business Associate agrees to use appropriate administrative, technical and physical safeguards to protect the privacy of PHI.
C. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement;
D. 1. Business Associate agrees to Report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI asrequired by 45 C.F.R. § 164.410, and any Security Incident of which it becomes aware without reasonable delay, and in no case later than fifteen calendar days after the use or disclosure;
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. Business Associate shall not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law. Business Associate shall be directly responsible for full compliance with the relevant requirements of the Privacy Rule to the same extent as Covered Entity. Business Associate shall comply with the provisions of the Security Rule directing the implementation of administrative, physical and technical safeguards for electronic-PHI (“e-PHI”) and the development and enforcement of related policies, procedures, and documentation standards (including but not limited to designation of a security official). In the event of an unauthorized use or disclosure of PHI or a Breach of Unsecured PHI, Business Associate shall mitigate, to the extent practicable, any harmful effects of said disclosure that are known to it. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. To the extent applicable, Business Associate shall provide access to Protected Health Information in a Designated Record Set at reasonable times, at the request of Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR §164.524. Business Associate will, upon receipt of written notice from Covered Entity, promptly amend or permit Covered Entity access to amend any portion of Covered Entity’s PHI so that Covered Entity may meet its amendment obligations under 45 CFR §164.526. Business Associate shall, upon request with reasonable notice, provide Covered Entity access to its premises for a review and demonstration of its internal practices and procedures for safeguarding PHI. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for a Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. §164.528. Should an Individual make a request to Covered Entity for an accounting of disclosures of his or her PHI pursuant to 45 C.F.R. §164.528, Business Associate agrees to promptly provide Covered Entity with information in a format and manner sufficient to respond to the Individual’s request. Busine...
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. A. Business Associate agrees that it will not use or disclose PHI other than as permitted or required by the Agreement, the Underlying Agreement, the MCMRA, as Required by Law, or as authorized by Covered Entity, so long as the authorized use or disclosure is permitted by law.
B. Business Associate agrees to use appropriate administrative, technical and physical safeguards to protect the privacy of PHI.
C. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement;
D. 1. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including Breaches of unsecured PHI as required by 45 C.F.R. § 164.410, and any Security Incident of which it becomes aware without unreasonable delay and in no case later than fifteen (15) calendar days after the use or disclosure.
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. Business Associate agrees that it will not use or disclose PHI other than as permitted or required by the Agreement or as Required by Law;
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. A. Business Associate agrees that it will not use or disclose PHI other than as permitted or required by the Agreement, the Underlying Agreement, the MCMRA, as Required by Law, or as authorized by Covered Entity, so long as the authorized use or disclosure is permitted by law.
B. Business Associate agrees to use appropriate administrative, technical, and physical safeguards to protect the privacy of PHI.
C. Business Associate agrees to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI a. Business Associate shall comply with the Confidentiality provision contained in Contract # and any Confidentiality Agreement signed by the Business Associate pursuant to that Contract for so long as this BA Agreement remains in effect.
b. Business Associate shall not use or disclose PHI other than as permitted or required by this Agreement or as required by law. Business Associate will not use PHI in any manner that would constitute a violation of the Privacy Rule, Security Standards, HIPAA, or HITECH if so used by Covered Entity.
c. Business Associate shall develop, implement, maintain, and use appropriate safeguards to prevent any use or disclosure of PHI or EPHI other than as provided by this Agreement, and shall implement administrative, physical, and technical safeguards to comply with the Security Standards as required by 45 CFR Sections 164.308, 164.310, 164.312 and 164.316 in order to protect the confidentiality, integrity, and availability of EPHI or PHI that Business Associate creates, receives, maintains, or transmits, to the same extent as if Business Associate were a Covered Entity, pursuant to HITECH Section 13401, 42 U.S.C. § 17931. These safeguards are required regardless of the mechanism used to transmit the information.
d. Business Associate shall adopt the effective and appropriate technical safeguards and technology and methodology standards provided in any guidance issued by the Secretary pursuant to HITECH Sections 13401-13402, 42 U.S.C. §§ 17931-17932.
e. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement or of a Breach of Unsecured PHI, pursuant to 45 CFR § 164.530(f) and HITECH § 13402.
f. Business Associate shall notify Covered Entity by the most expedient manner within one business day of any use or disclosure of PHI or EPHI not authorized by this Agreement or in violation of any applicable federal or state laws or regulations of which Business Associate becomes aware, or of any suspected or actual Security Incident or Breach, unless delayed in accordance with 45 CFR §164.412. Business Associate shall notify Covered Entity immediately upon the law enforcement delay being lifted.
g. In addition to the notification required by IV.f, Business Associate will provide written notification of a Breach of Unsecured PHI to Covered Entity without unreasonable delay a...
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. A. Business Associate agrees that it will not use or disclose PHI other than as permitted or required by the Agreement, the Underlying Agreement, the MCMRA, as Required by Law, or as authorized by Covered Entity, so long as the authorized use or disclosure is permitted by law.
B. Business Associate agrees to use appropriate administrative, technical and physical safeguards to protect the privacy of PHI.
C. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement;
1. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including Breaches of unsecured PHI as required by 45 C.F.R. § 164.410, and any Security Incident of which it becomes aware without unreasonable delay and in no case later than fifteen (15) calendar days after the use or disclosure.
2. If the use or disclosure amounts to a breach of unsecured PHI, the Business Associate shall ensure its report:
a. Is made to Covered Entity without unreasonable delay and in no case later than fifteen (15) calendar days after the incident constituting the Breach is first known, except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. For purposes of clarity for this Section III.D.1, Business Associate must notify Covered Entity of an incident involving the acquisition, access, use or disclosure of PHI in a manner not permitted under 45 C.F.R. Part E within fifteen (15) calendar days after an incident even if Business Associate has not conclusively determined within that time that the incident constitutes a Breach as defined by HIPAA;
b. Includes the names of the Individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of a Breach;
c. Is in substantially the same form as Exhibit A hereto.
E. In addition to its obligations in Sections III.A-D, within 30 calendar days after the incident constituting the Breach is first known, Business Associate shall provide to Covered Entity a draft letter for the Covered Entity to review and approve for use in notifying the Individuals that their Unsecured PHI has been, or is reasonably believed to have been, the subject of a Breach. Approval of the letter must be in writing from the Privacy Officer for the ...
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. A. Business Associate shall not use or disclose PHI other than as permitted or required by this Agreement or as Required By Law.
B. To the extent Business Associate creates, receives, maintains, or transmits e-PHI at any time during the term of this Agreement, Business Associate shall appropriately safeguard the e-PHI in the following manner: (a) develop, document, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the e-PHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity (HOPE Family Health) as required by the Security Regulation, the HITECH Act, the Final Rule, and amendments thereto; (b) ensure that any agent, including any subcontractor that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees, via a written Business Associate Agreement between Subcontractor and Business Associate, to implement and be bound by the same restrictions, conditions, and requirements, including safeguards to protect the PHI, that apply to the Business Associate, in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), where applicable; and (c) report to the Covered Entity (HOPE Family Health) any incident of which Business Associate becomes aware.
C. Business Associate shall immediately notify Covered Entity (HOPE Family Health) of any use or disclosure of PHI in violation of this Agreement, including, but not necessarily limited to, Breaches of Unsecured PHI, as required by 45 CFR 164.410, and any and all security incident(s).
D. Business Associate shall promptly notify Covered Entity (HOPE Family Health) of a Breach of Unsecured PHI following the first day on which Business Associate (or Business Associate’s employer, officer, director, or agent) knows of such Breach. Business Associate’s notification to Covered Entity (HOPE Family Health) hereunder shall:
1. Be made directly to Covered Entity (HOPE Family Health), except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security;
2. Include the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of a Breach; and
3. Be in substantially the same form as Exhibit A hereto.
E. In the event of an unauthorized use or disclosure of PHI or a Breach of Unsecured PHI, Business Associate, and any subcontr...
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. 1. Business Associate shall not use or disclose PHI other than as permitted or required by this agreement or by law.
2. Business Associate shall use appropriate safeguards recognized under the law and HHS regulations to prevent use or disclosure of the PHI other than as allowed for by this agreement.
3. Business Associate shall immediately report to User any use or disclosure of PHI that is in violation of this agreement. In the event of disclosure of PHI in violation of this agreement, Business Associate shall mitigate, to the extent practicable, any harmful effects of said disclosure that are known to it.
4. Business Associate shall ensure that any agent or a subcontractor to whom it provides PHI received from User agrees to the same restrictions and conditions with respect to such information that apply through this agreement to Business Associate.
5. Business Associate shall, upon request with reasonable notice, provide User access to its premises for a review and demonstration of its internal practices and procedures for safeguarding PHI.
6. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for a Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. Section 164.528. Should an individual make a request to User for an accounting of disclosures of his or her PHI pursuant to 45 C.F.R. Section 164.528, Business Associate agreement to promptly provide User with information in a format and manner sufficient to respond to the individual's request.
7. Business Associate shall, upon request with reasonable notice, provide User with an accounting of uses and disclosures of PHI provided to it by User.
8. Business Associate shall make its internal practices, books, records, and any other material requested by the Secretary relating to the use, disclosure, and safeguarding of PHI received from User available to the Secretary for the purpose of determining compliance with the Privacy Rule. The aforementioned information shall be made available to the Secretary in the manner and place as designated by the Secretary or the Secretary's duly appointed delegate. Under this agreement, Business Associate shall comply and cooperate with any request for documents or other information from the Secretary directed to User that seeks documents or other information held by Business Associate.
9. Except as otherwise limited in this Agr...
DUTIES OF BUSINESS ASSOCIATE RELATIVE TO PHI. A. Business Associate shall not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law.
B. Business Associate shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PHI that it creates, receives, maintains or transmits on behalf of OCI.
C. Business Associate shall immediately notify OCI of any use or disclosure of PHI in violation of this Agreement.
D. Business Associates shall orally notify OCI of a Breach of Unsecured PHI within 24 hours of Business Associate’s (or Business Associate’s employee, officer, or agent) discovery of such Breach, followed by a report in writing, except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. Business Associate’s written notification to OCI here under shall:
1. Be made to OCI within 48 hours of the initial oral report,
2. Include the individual whose Unsecured PHI has been, or is reasonably believed to have been, the subject of a Breach, and
3. Be in substantially the same form as EXHIBIT A hereto.
E. In the event of an unauthorized use or disclosure of PHI or a Breach of Unsecured PHI, Business Associate shall mitigate to the extent practicable any harmful effects of said disclosure that are known to it.
F. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides PHI, received from, or created or received by Business Associate on behalf of OCI, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
G. To the extent applicable, Business Associate shall provide access to PHI in a Designated Record Set at reasonable times, at the request of OCI or, as directed by OCI to an Individual in order to meet the requirements under 45 CFR 164.524.
H. To the extent applicable, Business Associate shall make any amendment(s) to PHI in a Designated Record Set that OCI directs or agrees to pursuant to 45 CFR 164.526 at the request of OCI or an Individual.
I. Business Associate shall, upon request with reasonable notice, provide OCI access to its premises for a review and demonstration of its internal practices and procedures for safeguarding PHI.
J. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be r...
