HIPAA Business Associate Requirements Sample Clauses

HIPAA Business Associate Requirements. CONTRACTOR hereby agrees to adhere to the terms and conditions set forth in Exhibit DCounty of Humboldt HIPAA Business Associate Agreement, which is attached hereto and incorporated herein by reference as if set forth in full. [REMOVE IF NOT APPLICABLE]
Sample 1Sample 2See All (7)
AutoNDA by SimpleDocs
HIPAA Business Associate Requirements. Each party hereby agrees to adhere to the terms and conditions set forth in Exhibit ACounty of Humboldt HIPAA Business Associate Agreement, which is attached hereto and incorporated herein by reference as if set forth in full.
Sample 1Sample 2
HIPAA Business Associate Requirements. If Contractor's performance under this Agreement involves or requires the disclosure to or use by Contractor of OHSU's "Individually Identifiable Health Information" or “Electronic PHI” (as those terms are defined by the Health Insurance Portability and Accountability Act and regulations promulgated pursuant thereto (“HIPAA”)), then the following provisions apply: 35.1. Contractor will use and disclose Individually Identifiable Health Information, Electronic PHI and PHI that has been de-identified as described in 45 CFR 164.514(a)-(b) received from, or created or received by Contractor on behalf of, OHSU in the course of its performance under this Agreement (collectively, “PHI”) only as required for such performance or as required by law. Contractor will use all appropriate safeguards to prevent any use or disclosure of PHI other than as allowed in this Agreement. All PHI (in whatever form) is the exclusive property of OHSU. 35.2. Contractor shall not, and shall ensure that its directors, officers, employees, contractors, agents and subcontractors (collectively, “Contractor Representatives”) do not, use or disclose PHI in any manner constituting a violation of 45 CFR §160 and 164 (“Privacy Standards”) if done by OHSU. 35.3. Contractor agrees that any request to OHSU for disclosure of PHI shall be limited to the minimum necessary to accomplish Contractor’s purpose under this Agreement. This provision shall automatically incorporate any guidance the Secretary issues pursuant to HIPAA regarding what constitutes “minimum necessary.” 35.4. Contractor shall immediately notify OHSU in writing of any use or disclosure of PHI other than as allowed by this Agreement, including braches of Unsecured PHI as required by 45 CFR 164.410. Contractor agrees to mitigate, to the extent practicable, any harmful effect of such use or disclosure of PHI by Contractor or any Contractor Representative in violation of the requirements of this Agreement. 35.5. Contractor agrees to require Contractor Representatives that create, receive, maintain or transmit PHI on behalf of Contractor to agree to the same restrictions, conditions and requirements that apply through these terms and conditions. 35.6. If Contractor maintains Records for OHSU that are a part of OHSU’s Designated Record Set (“DRS”), Contractor will: (a) within 10 days of a request from OHSU for access to an individual’s PHI contained in the DRS, provide copies of such PHI to OHSU; (b) within 10 days of a request from OHSU...
Sample 1
HIPAA Business Associate Requirements. If Contractor's performance under this Agreement involves or requires the disclosure to or use by Contractor of VGTI's "Individually Identifiable Health Information" (as that term is defined by the Health Insurance Portability and Accountability Act and regulations promulgated pursuant thereto (“HIPAA”), then the following provisions apply: (i) Contractor will use and disclose Individually Identifiable Health Information received from, or created or received by Contractor on behalf of, VGTI in the course of its performance under this Agreement (“PHI”) only as required for such performance, as permitted herein or as required by law, and Contractor will use all appropriate safeguards to prevent any use or disclosure of PHI other than as allowed in this Agreement. All PHI (in whatever form) is the exclusive property of VGTI. (ii) Contractor shall not, and shall ensure that its directors, officers, employees, contractors and agents (collectively, “Contractor Representatives”) do not, use or disclose PHI in any manner constituting a violation of 45 CFR §160 and 164 (“Privacy Standards”) if done by VGTI. (iii) Contractor agrees that any request to VGTI for disclosure of PHI shall be limited to the minimum necessary to accomplish Contractor’s purpose under this Agreement. (iv) Contractor shall immediately notify VGTI in writing of any use or disclosure of PHI other than as allowed by this Agreement, and, to the extent practicable, shall mitigate any harmful effect of such use/or disclosure. (v) Contractor shall ensure that each of the Contractor Representatives having access to PHI, agree to comply with these restrictions and conditions. (vi) If Contractor maintains Records for VGTI that are a part of VGTI’s Designated Record Set (“DRS”), Contractor will: (i) within 10 days of a request from VGTI for access to an individual’s PHI contained in the DRS, provide copies of such PHI to VGTI; (ii) within 10 days of a request from VGTI for an amendment of an identified individual’s PHI in a DRS, make available the PHI for amendment and incorporate such amendment into PHI maintained by Contractor as required by the Privacy Standards; and (iii) within 5 days of Contractor’s receipt from an individual of a request for access to PHI or for an amendment of PHI, forward that request to VGTI in writing. (vii) Within 10 days of notice from VGTI that VGTI has received a request for an accounting of disclosures of an individual’s PHI, Contractor shall make available to VGTI such ...
Sample 1

Related to HIPAA Business Associate Requirements

  • Business Associate Contract GENERAL PROVISIONS AND RECITALS

  • Business Associate Agreement This Agreement may require the exchange of information covered by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). A Business Associate Agreement (“BAA”) executed by the Parties is attached as Appendix [Letter C/D/E etc.].

  • Business Associate “Business Associate” shall have the same meaning as the term “business associate” at 45 C.F.R. 160.103, and shall refer to Contractor.

  • EDD Independent Subrecipient Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, Subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the State.” The term is further defined by the California Employment Development Department to refer specifically to independent Subrecipients. An independent Subrecipient is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at xxxx://xxx.xxx.xx.xxx/Employer_Services.htm

  • Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Business Associate Obligations Business Associate agrees to comply with applicable federal confidentiality and security laws, specifically the provisions of the HIPAA Rules and the HITECH Act applicable to business associates, including: 2.1 Use and Disclosure of PHI. Except as otherwise permitted by this Agreement, the HIPAA Rules, or applicable law, Business Associate shall not make any uses or disclosures of PHI except as necessary to provide services to, or on behalf of, Covered Entity as described in the Underlying Agreement, and shall not use or disclose PHI that would violate the HIPAA Rules or HITECH Act if used or disclosed by Covered Entity; provided, however, Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities, consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate may not use or disclose PHI which it creates, receives, maintains or transmits for or on behalf of the Covered Entity for any purpose except as otherwise provided by the Agreement and this BAA. Business Associate agrees to review and understand any state privacy and security laws to the extent that such laws are not preempted by HIPAA, as may be amended from time to time. Business Associate acknowledges that it shall comply specifically with the HIPAA Security Rule, and, to the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under the Privacy Rule, it shall comply with the requirements of the Privacy Rule which apply to Covered Entity in the performance of such obligation(s). Business Associate shall in such cases: 2.1.1 provide information to members of its workforce using or disclosing PHI regarding the confidentiality requirements in the HIPAA Rules and this Agreement; 2.1.2 obtain reasonable assurances, in writing from the person or entity to whom the PHI is disclosed that: (i) the PHI will be held in confidence and further used and disclosed only as required by law or for the purpose for which it was disclosed to the person or entity; and (ii) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and 2.1.3 agree to notify the Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules or HITECH Act. 2.2 Marketing; Sale of PHI. Business Associate may not use or disclose PHI for marketing purposes. Marketing includes any communication which would encourage the recipient to use or purchase a product or service. Business Associate may not use or disclose PHI where it has directly or indirectly received remuneration, financial or otherwise, from or on behalf of the recipient of the PHI in exchange for the PHI. “Sale” is not limited to circumstances where a transfer of ownership occurs, and would include access, license or lease agreements.

  • Responsibilities of Business Associate Business Associate agrees:

  • Compliance with Privacy Laws NCPS represents and warrants that its collection, access, use, storage, disposal and disclosure of Personal Data does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. Without limiting the foregoing, NCPS shall implement administrative, physical and technical safeguards to protect Personal Data that are no less rigorous than accepted industry, and shall ensure that all such safeguards, including the manner in which Personal Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Escrow Agreement. NCPS shall use and disclose Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it, is provided pursuant to the terms and conditions of this Escrow Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Data for NCPS’s own purposes or for the benefit of any party other than Issuer. For purposes of this section, “Personal Data” shall mean information provided to NCPS by or at the direction of the Issuer, or to which access was provided to NCPS by or at the direction of the Issuer, in the course of NCPS’s performance under this Escrow Agreement that: (i) identifies or can be used to identify an individual (also known as a “data subject”) (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), including the identifying information on individuals described in Section 12.

  • Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.

  • Sub-Advisor Compliance Policies and Procedures The Sub-Advisor shall promptly provide the Trust CCO with copies of: (i) the Sub-Advisor’s policies and procedures for compliance by the Sub-Advisor with the Federal Securities Laws (together, the “Sub-Advisor Compliance Procedures”), and (ii) any material changes to the Sub-Advisor Compliance Procedures. The Sub-Advisor shall cooperate fully with the Trust CCO so as to facilitate the Trust CCO’s performance of the Trust CCO’s responsibilities under Rule 38a-1 to review, evaluate and report to the Trust’s Board of Trustees on the operation of the Sub-Advisor Compliance Procedures, and shall promptly report to the Trust CCO any Material Compliance Matter arising under the Sub-Advisor Compliance Procedures involving the Sub-Advisor Assets. The Sub-Advisor shall provide to the Trust CCO: (i) quarterly reports confirming the Sub-Advisor’s compliance with the Sub-Advisor Compliance Procedures in managing the Sub-Advisor Assets, and (ii) certifications that there were no Material Compliance Matters involving the Sub-Advisor that arose under the Sub-Advisor Compliance Procedures that affected the Sub-Advisor Assets. At least annually, the Sub-Advisor shall provide a certification to the Trust CCO to the effect that the Sub-Advisor has in place and has implemented policies and procedures that are reasonably designed to ensure compliance by the Sub-Advisor with the Federal Securities Laws.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!