Obligations and Activities of BA Sample Clauses

Obligations and Activities of BA. (a) BA agrees to not use or disclose PHI other than as permitted or required by this Agreement or as required by law. (b) BA agrees to use appropriate safeguards to prevent use or disclosure of PHI unless the use or disclosure is otherwise provided for by this Agreement. Furthermore, BA agrees to use appropriate administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the ePHI it creates or receives, from the CE to prevent unauthorized use or disclosure of such ePHI. (c) BA agrees to mitigate, to the extent practicable, any harmful effect that is known to BA of a use or disclosure of PHI by BA in violation of the requirements of this Agreement. (d) XX agrees to report to CE within 24 hours of the discovery of the event any use or disclosure involving PHI that is not provided for by this Agreement of which it becomes aware. Furthermore, XX agrees to report to CE any Security Incident involving ePHI of which it becomes aware. (e) BA agrees to require that any agent, including a subcontractor, to whom it provides PHI agrees to the same restrictions and conditions that apply through this Agreement to BA with respect to such information, including but not limited to implementation of reasonable and appropriate safeguards to protect ePHI. BA represents and warrants that in the event of a disclosure of PHI to any third party, BA will make reasonable efforts to limit the information disclosed to the minimum necessary to accomplish the intended purpose of the disclosure. (f) BA agrees to provide access, upon request of the CE or an Individual identified by CE, to PHI in the Designated Record Set (DRS) within 10 business days in order to enable CE to meet the requirements under 45 CFR § 164.524 or other applicable law. In the event any Individual requests access to PHI for BA, whether or not BA is in possession of PHI, BA may not approve or deny access to the PHI requested. Rather, BA shall forward such request to the CE within 10 business days. (g) BA agrees, upon request of CE, to make any amendment(s) to PHI in a DRS that CE directs or agrees to pursuant to 45 CFR § 164.526 or other applicable law, within 10 business days. In the event that the request for amendment of PHI is made directly to the BA, whether or not BA is in possession of PHI, BA may not approve or deny the requested amendment. Rather, BA shall forward such request to the CE within 10 business days. (h) BA agrees...
AutoNDA by SimpleDocs
Obligations and Activities of BA. BA agrees to: A. Use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as provided for by the agreement; B. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of BA agree to the same restrictions, conditions, and requirements that apply to BA with respect to such information; C. Make available PHI in a designated record set to CE as necessary to satisfy CE’s obligations under 45 CFR 164.524; D. Make any amendment(s) to PHI in a designated record set as directed or agreed to by CE pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy CE’s obligations under 45 CFR 164.526; E. Maintain and make available the information required to provide an accounting of disclosures to CE as necessary to satisfy CE’s obligations under 45 CFR 164.528; F. Provide beneficiaries with the Notice of Privacy Practices, in accordance with 45 CFR 164.520 and KernBHRS Policy 10.1.21; G. To the extent BA is to carry out one or more of CE’s obligations under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to CE in the performance of such obligation(s); H. Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules. I. Report to CE any use or disclosure of PHI, PI, or PII not provided for by the agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware, without unreasonable delay, and in no case later than one (1) business day of discovery [42 USC Section 17921; 45 CFR Section 164.504(e)(2)(ii)(C); 45 CFR Section 164.308(b)].
Obligations and Activities of BA. 1. BA agrees to use or disclose Protected Health Information (PHI) only as permitted or required by this Addendum, the Agreement, or as required by law. 2. BA agrees to use appropriate safeguards to prevent Use or Disclosure of the PHI other than as provided for in this Addendum. BA agrees to implement administrative, technical, and physical measures that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic PHI that BA creates, receives, maintains, or transmits on CE’s behalf as required by the Security Rule, 45 CFR Part 164, Subpart C, as required by HIPAA and Section 13401 of HITECH. 3. BA agrees to mitigate, to the extent practicable, any harmful effect that is known or should be known to BA of a Use or Disclosure of PHI by BA in violation of the requirements of this Addendum. 4. BA agrees to report to CE any Use or Disclosure of the PHI not provided for by this Addendum of which it becomes aware. BA will make the written report to CE not less than 3 business days after BA learns of such unauthorized Use or Disclosure. BA’s written report will at least: (i) identify the nature of the unauthorized Use or Disclosure; (ii) identify the PHI used or disclosed;
Obligations and Activities of BA. BA agrees to the following obligations and activities hereby referenced as Sections in numerical order: 1. BA agrees to not use or disclose PHI other than as permitted or required by the Agreement or as Required By Law. 2. BA agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement. 3. BA agrees to mitigate, to the extent practicable, any harmful effect that is known to BA of a use or disclosure of PHI by BA in violation of the requirements of this Agreement. 4. BA agrees to report to Covered Entity any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware. 5. BA agrees to ensure that any agent (including a subcontractor to whom it provides PHI on received from, or created or received by, BA on behalf of RMFMC) also aggress to the same restrictions and conditions that apply through this Agreement to BA with respect to such information. 6. BA agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received by BA on behalf of RMFMC available to RMFMC within fifteen (15) business days of the documented request for purposes of determining RMFMC compliance with the Privacy Rule. 7. BA agrees to document such disclosures of PHI and other information related to such disclosures as would be required for RMFMC to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. 8. BA agrees to provide to RMFMC or an Individual, within fifteen (15) business days upon documented request, information collected in accordance with Section 7 of this Agreement, to permit RMFMC to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
Obligations and Activities of BA. BA agrees to: A. Not use or disclose PHI other than as permitted or required by the Agreement or as required by law; B. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement; C. Report to CE any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware; D. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of BA agree to the same restrictions, conditions, and requirements that apply to BA with respect to such information;
Obligations and Activities of BA 

Related to Obligations and Activities of BA

  • Obligations and Activities of Business Associate Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!