HITECH COMPLIANCE. A. The Agency acknowledges and agrees to follow the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The HITECH Act outlines the Agency’s obligations when addressing privacy, security and breach of notification.
B. In the event of a breach of unsecured protected health information (PHI) or disclosure that compromises the privacy or integrity of PHI, the Agency shall take all measures required by state or federal law. The Agency shall provide the County with a copy of its investigative results and other information requested. The Agency shall report all PHI breaches to the County.
C. The Agency shall notify the County within one (1) business day by telephone and in writing of any acquisition, access, use or disclosure of PHI not allowed by the provisions of this Agreement of which it becomes aware, and of any instance where the PHI is subpoenaed, copied or removed by anyone except an authorized representative as outlined in 45 CFR §§164.304, 164.314 (a)(2)(C), 164.504(e)(2)(ii)(C), and 164.400-.414.
D. The Agency shall notify the County within one (1) business day by telephone or e-mail of any potential breach of security or privacy. The Agency shall follow telephone or e-mail notification with a secured faxed or other written explanation of the breach, to include the following: date and time of the breach, medium that contained the PHI, origination and destination of PHI, the Agency’s personnel associated with the breach, detailed description of PHI, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible for the mitigation. The Agency shall address communications to: Snohomish County Human Services 3000 Rockefeller, MS 305 Everett, WA. 98201
HITECH COMPLIANCE. A. The Agency acknowledges and agrees to follow the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The HITECH Act outlines the Agency’s obligations when addressing privacy, security and breach of notification.
B. In the event of a breach of unsecured PHI or disclosure that compromises the privacy or integrity of PHI, the Agency shall take all measures required by state or federal law. The Agency shall provide the County with a copy of its investigative results and other information requested. The Agency shall report all PHI breaches to the County.
C. The Agency shall notify the County within one (1) business day by telephone and in writing of any acquisition, access, use or disclosure of PHI not allowed by the provisions of this Agreement of which it becomes aware, and of any instance where the PHI is subpoenaed, copied or removed by anyone except an authorized representative as outlined in 45 CFR §§164.304, 164.314 (a)(2)(C), 164.504(e)(2)(ii)(C), and 164.400-.414.
D. The Agency shall notify the County within one (1) business day by telephone or email of any potential breach of security or privacy. The Agency shall follow telephone or email notification with a secured faxed or other written explanation of the breach, to include the following: date and time of the breach; medium that contained the PHI; origination and destination of PHI; the Agency’s personnel associated with the breach; detailed description of PHI; anticipated mitigation steps; and the name, address, telephone number, fax number, and email of the individual who is responsible for the mitigation. The Agency shall address communications to: Snohomish County Human Services 0000 Xxxxxxxxxxx Xxxxxx, XX 000 Xxxxxxx, XX 00000.
HITECH COMPLIANCE. Business Associate shall comply with 45 CFR Sections 164.308, 164.310, 164.312, and 164.316 of the Security Rule as if Business Associate were a covered entity under HIPAA. Each privacy and security provision of the HITECH Act that is applicable to Covered Entity is hereby incorporated into this Addendum and shall apply to Business Associate.
HITECH COMPLIANCE. Contractor represents and warrants that Contractor shall exercise commercially reasonable efforts to comply with the Health Information Technology for Economic and Clinical Health Act for Purchasers that collect, process, store, and/or share HITECH data.
HITECH COMPLIANCE. Florida Blue shall comply with all applicable requirements of Title XIII, Subtitle D of the Health Information Technology for Economic and Clinical Health Act ("HITECH"), 42 U.S.C. Sections 17921-17954 and all applicable HITECH implementing regulations issued by the Department of Health and Human Services as of the date by which Florida Blue must comply with such statutory and regulatory requirements.
HITECH COMPLIANCE. Business Associate shall:
3.16.1 not receive, directly or indirectly, any impermissible remuneration in exchange for PHI or ePHI, except as permitted by HITECH § 13405(d) or the HIPAA Regulations;
3.16.2 comply with the marketing and other restrictions applicable to business associates contained in HITECH § 13406 and the HIPAA Regulations;
3.16.3 to the extent required under HITECH § 13404, fully comply with the applicable requirements of 45 CFR 164.502(e)(2) for each use or disclosure of PHI;
3.16.4 to the extent required under HITECH § 13401, fully comply with 45 CFR 164.308, 164.310, 164.312, and 164.316;
3.16.5 to the extent required under HITECH §§ 13401 and 13404, comply with the additional privacy and security requirements that apply to covered entities in the same manner and to the same extent as Covered Entity is required to do so; and
3.16.6 to the extent required under the HIPAA Regulations, comply with the privacy and security requirements that apply to business associates.
HITECH COMPLIANCE. District is a Business Associate under the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (the “HIPAA Regulations”) and other applicable laws.
HITECH COMPLIANCE. Notwithstanding additional provisions specifically required by this BAA, as of the date and in the manner required of business associates by law, Business Associate agrees to comply with all the mandatory privacy and security requirements of the HITECH Act, codified at 42 U.S.C. § 17921 – 17954, that apply to business associates, and Business Associate also agrees to comply with all regulations issued to implement such statutory requirements.
HITECH COMPLIANCE. The BA-QSO shall:
1. not receive, directly or indirectly, any impermissible remuneration in exchange for PHI or ePHI, except as permitted by HITECH (See §13405(d)) or the HIPAA Regulations;
2. comply with the marketing and other restrictions applicable to BA-QSOs contained in HITECH (See §13406) and the HIPAA Regulations;
3. to the extent required under HITECH (See §13404), fully comply with the applicable requirements of 45 C.F.R. 164.502(e)(2) for each use or disclosure of PHI;
4. to the extent required under HITECH (See §13401), fully comply with 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316;
5. to the extent required under HITECH (See §§13401 and 13404), comply with the additional privacy and security requirements that apply to covered entities in the same manner and to the same extent as ASPENPOINTE is required to do so; and
6. to the extent required under the HIPAA Regulations, comply with the privacy and security requirements that apply to business associates.
HITECH COMPLIANCE a. The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was adopted as part of the American Recovery and Reinvestment Act of 2009. The HITECH Act and its implementing regulations impose requirements on Business Associates (Contractors) with respect to privacy, security and breach notification. These provisions of the HITECH Act and the regulations applicable to Business Associates are collectively referred to as the “HITECH Business Associate Provisions.” The Contractor acknowledges and agrees that to the extent it is functioning as a Business Associate of DSHS (Covered Entity), the Contractor will comply with the HITECH Business Associate Provisions and with the obligations of a Business Associate, as prescribed by HIPAA and the HITECH Act.
