Electronic PHI. “Electronic PHI” shall have the same meaning as the term “electronic PHI” at 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
Electronic PHI. To the extent that Business Associate/QSO creates, receives, maintains or transmits electronic PHI on behalf of Covered Entity, Business Associate/QSO shall:
(I) Comply with 45 C.F.R. §§164.308, 301, 312, and 316 in the same manner as such sections apply to Covered Entity, pursuant to Section 13401(a) of HITECH, and otherwise implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI;
(II) Ensure that any agent to whom Business Associate/QSO provides electronic PHI agrees to implement reasonable and appropriate safeguards to protect it; and
(III) Report to Covered Entity any security incident of which Business Associate/QSO becomes aware.
Electronic PHI. “Electronic PHI” or “ePHI” shall mean PHI which is transmitted by or maintained in electronic media.
Electronic PHI. On or before April 21, 2005, the Covered Entity is required to comply with the requirements of the Security Rule. At least 90 days prior to the Covered Entity's implementation of the requirements under the Security Rule, it shall provide Business Associate with written notice of its intent to comply with such requirements and shall provide any specific details relating to its security policies that may apply to Business Associate (such as encryption of electronically transmitted PHI). The following provisions shall apply to Business Associate 90 days after its receipt of such notice:
a. Business Associate shall implement safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of any electronic PHI that it to creates, received, maintains, or transmits on behalf of Covered Entity.
b. Business Associate shall ensure that any agent, including a subcontractor, agrees to implement reasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of any electronic PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity.
c. Business Associate agrees to report to Covered Entity any security incident (as defined in the Security Rules) of which Business Associate becomes aware.
Electronic PHI. To the extent that Business Associate creates, receives, maintains or transmits electronic PHI on behalf of Covered Entity, Business Associate shall:
(a) Comply with 45 C.F.R. §§164.308, 312, and 316 in the same manner as such sections apply to Covered Entity, pursuant to Section 13401(a) of HITECH, and otherwise implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI;
(b) Ensure that any agent to whom Business Associate provides electronic PHI agrees to implement reasonable and appropriate safeguards to protect it; and
(c) Report to Covered Entity any security incident of which Business Associate becomes aware.
Electronic PHI. 15.1. Every user should have unique ID and password, and take security precautions, especially when electronic devices are left unattended. DO NOT SHARE PASSWORDS or download copies of patient data onto thumb drive or other portable device unless authorized to do so. Do not give lock combinations to an unauthorized person.
Electronic PHI. If Business Associate receives, creates, transmits or maintains Electronic PHI on behalf of Covered Entity, Business Associates will, in addition, do the following:
(1) Develop, implement, maintain and use appropriate administrative, physical, and technical safeguards in compliance with Section 1173(d) of the Social Security Act, Title 42, Section 1320(s) or the United States Code and Title 45, Part 162 and 164 of CFR to preserve the integrity and confidentiality of all electronically maintained or transmitted PHI received from or on behalf of Covered Entity.
(2) Document and keep these security measures current and available for inspection by Covered Entity.
(3) Ensure that any agent, including a subcontractor, to whom the Business Associate provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect it.
(4) Report to the Covered Entity any Security Incident of which it becomes aware. For the purposes of this BAA and the Agreement, Security Incident means, as set forth in 45 C.F.R. Section 164.304, “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” Security incident shall not include,
(a) unsuccessful attempts to penetrate computer networks or servers maintained by Business Associate, or (b) immaterial incidents that occur on a routine basis, such as general “pinging” or “denial of service” attacks.
Electronic PHI. “Electronic PHI” shall have the same meaning as the term “electronic protected health information” in 45 CFR § 160.103, limited to the information that Business Associate creates, receives, maintains, or transmits from or on behalf of Covered Entity.
Electronic PHI. Each Disclosing Party shall not provide Electronic PHI to the Company in the form of “unsecured protected health information” as defined in 45 C.F.R. § 164.402, as may be amended from time to time.
Electronic PHI. If Business Associate receives, creates, transmits or maintains EPHI on behalf of Covered Entity, Business Associate will, in addition, do the following:
(1) Develop, implement, maintain and use appropriate administrative, physical, and technical safeguards in compliance with Section 1173(d) of the Social Security Act, Title 42, Section 1320(s) or the United States Code and Title 45, Part 162 and 164 of CFR to preserve the integrity and confidentiality of all electronically maintained or transmitted PHI received from or on behalf of Covered Entity.
(2) Document and keep these security measures current and available for inspection by Covered Entity.
(3) Ensure that any agent, including a subcontractor, to whom the Business Associate provides EPHI, agrees to implement reasonable and appropriate safeguards to protect it.
(4) Report to the Covered Entity any Security Incident of which it becomes aware. For the purposes of this BAA and the Agreement, Security Incident means, as set forth in 45 C.F.R section 164.304, “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.”
