HIPAA Security Rule. Business Associate agrees to use appropriate administrative, physical and technical safeguards, and comply with the Security Rule and HIPAA Security Regulations with respect to Electronic PHI, to prevent the use or Disclosure of the PHI other than as provided for by this Exhibit.
HIPAA Security Rule. With regard to its use and/or disclosure of PHI, Business Associate shall, at its own expense:
2.13.1 implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity or its affiliates and at a minimum comply with those applicable safeguards in 45 CFR Section 164;
2.13.2 ensure that Agent and any and all of Business Associate’s other subcontractors or agents to whom the Business Associate provides PHI agree in writing to implement reasonable and appropriate safeguards consistent with the requirements of 2.12.1, above, to protect such PHI; and
2.13.3 report promptly to Covered Entity any Security Incident (as defined in 45 CFR Section 164.304) relating to PHI created, received, maintained or transmitted in regards to Covered Entity, of which Business Associate becomes aware, subject to the limitations in Section 2.11 above.
HIPAA Security Rule. Business Associate will develop, implement, maintain and use appropriate safeguards, and comply with the Security Rule at Subpart C of 45 C.F.R. Part 164, with respect to EPHI, to prevent use or disclosure of the PHI other than as provided for by this Agreement.
HIPAA Security Rule. With regard to its use and/or disclosure of EPHI, Business Associate shall (as of the compliance date of April 20, 2005), at its own expense:
a. implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity or its affiliates and at a minimum comply with those applicable safeguards in 45 CFR Section 164;
b. ensure that any and all of Business Associate’s subcontractors or agents to whom the Business Associate provides EPHI agree in writing to implement reasonable and appropriate safeguards to protect such EPHI; and
c. report promptly to Covered Entity any security incident (as defined in 45 CFR Section 164.304) relating to EPHI created, received, maintained or transmitted in regards to Covered Entity, of which the Business Associate becomes aware.
HIPAA Security Rule. (a) Business Associate shall comply with the provisions of the Security Rule set forth in 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316 in the same manner that such provisions apply to Covered Entity.
(b) In furtherance, but not in limitation of the foregoing, Business Associate shall:
(i) Implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity;
(ii) Ensure that any agent, including a subcontractor, to whom Business Associate provides Electronic Protected Health Information, agrees to implement reasonable and appropriate safeguards to protect such Electronic Protected Health Information; and
(iii) Report to Covered Entity any Security Incident of which Business Associate becomes aware.
HIPAA Security Rule. The HIPAA Security Rule (45 CFR Part 160 and Subparts A and C of Part 164), as may be amended from time to time.
HIPAA Security Rule. At least sixty (60) days prior to the compliance date for the HIPAA Security and Electronic Signature Standards ("Security Rule") (63 Fed. Reg. 43,242 (August 12, 1998)), the Parties shall review this Agreement, and, as necessary, modify this Agreement to incorporate any relevant provisions, including, provisions governing chain of trust partner agreements.
HIPAA Security Rule. (a) Security of Electronic Protected Health Information. Business Associate will develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information (as defined in 45 C.F.R. Section 160.103) that Business Associate creates, receives, maintains, or transmits on behalf of the Covered Entity consistent with the Security Rule.
HIPAA Security Rule. Billing Company, in its capacity as a Business Associate, shall carry out its obligations under this Agreement in compliance with the security regulations pursuant to Public Law 104-191 of August 21, 1996, known as the Health Insurance Portability and Accountability Act of 1996, Subtitle F – Administrative Simplification, Sections 261, et seq., as amended ("HIPAA"), regarding the security of electronic protected health information ("e-PHI") that is received as a result of the Services provided hereunder. In conformity therewith, Billing Company agrees that it will:
i. Implement administrative safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the e-PHI that it creates, receives, maintains or transmits on behalf of Covered Entity, as required by 45 CFR § 164.308.
ii. Implement physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the e-PHI that it creates, receives, maintains or transmits on behalf of Covered Entity, as required by 45 CFR § 164.310.
iii. Implement technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the e-PHI that it creates, receives, maintains or transmits on behalf of Covered Entity, as required by 45 CFR § 164.312.
iv. Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of the Security Rule, as required by 45 CFR § 164.316.
v. Report to Covered Entity any use or disclosure of the e-PHI not provided for by this Agreement of which it becomes aware.
vi. Ensure that any agents, including a subcontractor, to whom it provides e- PHI received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
HIPAA Security Rule. (a) Business Associate shall comply with the provisions of the Security Rule set forth in 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316 in the same manner that such provisions apply to Covered Entity.
(b) In furtherance, but not in limitation of the foregoing, Business Associate shall:
(i) Implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity;
(ii) Ensure that any agent, including a subcontractor, to whom Business Associate provides Electronic Protected Health Information, agrees to implement reasonable and appropriate safeguards to protect such Electronic Protected Health Information; and
(iii) Report to Covered Entity any Security Incident of which Business Associate becomes aware within five (5) business days after becoming so aware.
