Internal Practices, Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI, received from or on behalf of Covered Entity to the Secretary or his or her agents for the purpose of determining Covered Entity’s compliance with the HIPAA Rules, or any other health oversight agency, or to Covered Entity. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by Covered Entity or the Secretary.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, CA-CIB shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI, received from or on behalf of CHS Entity, to the Secretary or his or her agents for the purpose of determining CHS Entity’s compliance with the HIPAA Rules, or any other health oversight agency, or to CHS Entity. CA-CIB shall make requested records, that are not protected by an applicable legal privilege, available in the time and manner specified by CHS Entity or the Secretary.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, BA shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI, received from or on behalf of CE to the Secretary or his or her agents for the purpose of determining CE’s compliance with the HIPAA Rules, or any other health oversight agency, or to CE. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by CE or the Secretary.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, Business Associate shall make its internal practices, books, records, policies and procedures and service, related to the use and disclosure of PHI received from or on behalf of Covered Entity available to the Secretary of the Department of Health and Human Services, or its agents or subcontractors, for the determination of the Business Associate’s compliance with HIPAA. To the extent permitted by law, the Business Associate shall provide a copy of information provided to the Secretary to the Covered Entity.
Internal Practices, Policies and Procedures. Business Associate agrees to make internal practices, books, and records, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary or its designee for purposes determining Covered Entity's compliance with the HIPAA Rules.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available its internal practices, books, records, policies and procedures relating to the use and disclosure of PHI or EPHI, documentation required by the Security Rule relating to safeguards, and documentation required by the Breach Notification Rule available to the Secretary or to the Covered Entity for the purpose of determining Covered Entity’s compliance with the Privacy Rule, Security Rule and Breach Notification Rule. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by Covered Entity or the Secretary.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI, received from or on behalf of Covered Entity to Covered Entity and to the Secretary or his or her agents for the purpose of determining Covered Entity’s compliance with the HIPAA Rules, or any other health oversight agency, or to Covered Entity, or Business Associate’s compliance with this Agreement. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by Covered Entity or the Secretary.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI received from or on behalf of Covered Entity to the Secretary or his or her agents for the purpose of determining Covered Entity's compliance with the Privacy Rule. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by Covered Entity or the Secretary. If it is necessary for Business Associate to invoke and defend the attorney-client privilege, Covered Entity shall agree to pay the cost for such defense.
Internal Practices, Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available information regarding Covered Entity’s and Business Associate’s internal practices, policies and procedures relating to the use and disclosure of PHI to HHS or its authorized agents for the purpose of determining Covered Entity’s and/or Business Associate’s compliance with the HIPAA Regulations. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by HHS or its authorized agents. To the extent permitted by law, Business Associate shall promptly notify Covered Entity in writing regarding any requests for such information received from HHS or its authorized agents.
Internal Practices, Policies and Procedures. For purposes of confirming compliance with HIPAA and the HITECH Act, BUSINESS ASSOCIATE shall make available to STATE Privacy Officers BUSINESS ASSOCIATE’s internal practices, books, and records--including policies, procedures, and PHI--relating to the use and disclosure of PHI received from STATE or PHI created or received by BUSINESS ASSOCIATE on behalf of STATE. STATE shall have the right to monitor BUSINESS ASSOCIATE’s performance pursuant to this Agreement. Monitoring shall be at the discretion of STATE and shall be carried out during normal business hours at BUSINESS ASSOCIATE’s place of business.
