Permitted Uses and Disclosures of Phi by Business Associate Except as otherwise indicated in this Agreement, Business Associate may use or disclose PHI, inclusive of de-identified data derived from such PHI, only to perform functions, activities or services specified in this Agreement on behalf of DHCS, provided that such use or disclosure would not violate HIPAA or other applicable laws if done by DHCS.
Permitted Uses and Disclosures by Business Associate Except as otherwise limited by this Agreement, Business Associate may make any uses and disclosures of Protected Health Information necessary to perform its services to Covered Entity and otherwise meet its obligations under this Agreement, if such use or disclosure would not violate the Privacy Rule if done by Covered Entity. All other uses or disclosures by Business Associate not authorized by this Agreement or by specific instruction of Covered Entity are prohibited.
Permitted Uses and Disclosure by Business Associate (1) General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
Permitted Uses and Disclosures of PHI and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
PERMITTED USES AND DISCLOSURES BY CONTRACTOR Except as otherwise limited in this Schedule, Contractor may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, County as specified in the Agreement; provided that such use or disclosure would not violate the Privacy Rule if done by County.
Prohibited Uses and Disclosures BA shall not use or disclose PHI other than as permitted or required by the Contract and Addendum, or as required by law. BA shall not use or disclose Protected Information for fundraising or marketing purposes. BA shall not disclose Protected Information to a health plan for payment or health care operation purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates [42 U.S.C. Section 17935(a) and 45 C.F.R. Section 164.522(a)(vi)]. BA shall not directly or indirectly receive remuneration in exchange for Protected Information, except with the prior written consent of CE and as permitted by the HITECH Act, 42 U.S.C. Section 17935(d)(2), and the HIPAA regulations, 45 C.F.R. Section 164.502(a)(5)(ii); however, this prohibition shall not affect payment by CE to BA for services provided pursuant to the Contract.
Permitted Uses and Disclosures i. Business Associate shall use and disclose PHI only to accomplish Business Associate’s obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements of Subpart E that apply to Covered Entity in the performance of such obligation.
ii. Business Associate may disclose PHI to carry out the legal responsibilities of Business Associate, provided, that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required by Law or for the purpose for which Business Associate originally disclosed the information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity. Business Associate may de-identify any or all PHI created or received by Business Associate under this Agreement, provided the de-identification conforms to the requirements of the HIPAA Rules.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Use and Disclosure of Protected Health Information The Business Associate must not use or further disclose protected health information other than as permitted or required by the Contract or as required by law. The Business Associate must not use or further disclose protected health information in a manner that would violate the requirements of HIPAA Regulations.
Unauthorized Disclosure The Executive agrees and understands that in the Executive’s position with the Company, the Executive has been and will be exposed to and has and will receive information relating to the confidential affairs of the Company Group, including, without limitation, technical information, intellectual property, business and marketing plans, strategies, customer information, software, other information concerning the products, promotions, development, financing, expansion plans, business policies and practices of the Company Group and other forms of information considered by the Company Group to be confidential or in the nature of trade secrets (including, without limitation, ideas, research and development, know-how, formulas, technical data, designs, drawings, specifications, customer and supplier lists, pricing and cost information and business and marketing plans and proposals) (collectively, the “Confidential Information”). Confidential Information shall not include information that is generally known to the public or within the relevant trade or industry other than due to the Executive’s violation of this Section 4.1 or disclosure by a third party who is known by the Executive to owe the Company an obligation of confidentiality with respect to such information. The Executive agrees that at all times during the Executive’s employment with the Company and thereafter, the Executive shall not disclose such Confidential Information, either directly or indirectly, to any individual, corporation, partnership, limited liability company, association, trust or other entity or organization, including a government or political subdivision or an agency or instrumentality thereof (each a “Person”) without the prior written consent of the Company and shall not use or attempt to use any such information in any manner other than in connection with his employment with the Company, unless required by law to disclose such information, in which case the Executive shall provide the Company with written notice of such requirement as far in advance of such anticipated disclosure as possible. This confidentiality covenant has no temporal, geographical or territorial restriction. Upon termination of the Executive’s employment with the Company, the Executive shall promptly supply to the Company all property, keys, notes, memoranda, writings, lists, files, reports, customer lists, correspondence, tapes, disks, cards, surveys, maps, logs, machines, technical data and any other tangible product or document which has been produced by, received by or otherwise submitted to the Executive during or prior to the Executive’s employment with the Company, and any copies thereof in his (or reasonably capable of being reduced to his) possession; provided that nothing in this Employment Agreement or elsewhere shall prevent the Executive from retaining and utilizing: documents relating to his personal benefits, entitlements and obligations; documents relating to his personal tax obligations; his desk calendar, rolodex, and the like; and such other records and documents as may reasonably be approved by the Company.
