HITECH COMPLIANCE. A. The Agency acknowledges and agrees to follow the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The HITECH Act outlines the Agency’s obligations when addressing privacy, security and breach of notification. B. In the event of a breach of unsecured PHI or disclosure that compromises the privacy or integrity of PHI, the Agency shall take all measures required by state or federal law. The Agency shall provide the County with a copy of its investigative results and other information requested. The Agency shall report all PHI breaches to the County. C. The Agency shall notify the County within one (1) business day by telephone and in writing of any acquisition, access, use or disclosure of PHI not allowed by the provisions of this Agreement of which it becomes aware, and of any instance where the PHI is subpoenaed, copied or removed by anyone except an authorized representative as outlined in 45 CFR §§164.304, 164.314 (a)(2)(C), 164.504(e)(2)(ii)(C), and 164.400-.414. D. The Agency shall notify the County within one (1) business day by telephone or email of any potential breach of security or privacy. The Agency shall follow telephone or email notification with a secured faxed or other written explanation of the breach, to include the following: date and time of the breach; medium that contained the PHI; origination and destination of PHI; the Agency’s personnel associated with the breach; detailed description of PHI; anticipated mitigation steps; and the name, address, telephone number, fax number, and email of the individual who is responsible for the mitigation. The Agency shall address communications to: Snohomish County Human Services 0000 Xxxxxxxxxxx Xxxxxx, XX 000 Xxxxxxx, XX 00000.
Appears in 5 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
