Obligations and Activities of Business Associate. a. Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law. b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. f. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules. g. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 4 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Section 3.0 of this Agreement, or as Required By by Law.
b. . Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to report to Covered Entity Plan any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. . Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, the Plan agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Business Associate agrees to provide access, at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health Information in a Designated Record Set, to the Plan as directed, or directly to an Individual in order to meet the requirements under 45 CFR 164.524. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Plan directs or agrees to pursuant to 45 CFR 164.526 at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations. Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf ofof Plan available, Covered Entity available or at the request of the Plan or the Secretary, to the Covered Entity, Plan or to the Secretary, Secretary in a time and manner (within 30 calendar days following written request from Covered Entity) or manner, which shall be designated by the Plan or the Secretary, for purposes of the Secretary determining Covered EntityPlan's compliance with the HIPAA Rules.
g. Privacy Rule. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. . Business Associate agrees to provide to Covered Entity the Plan or an Individual, within 30 calendar days after written requestIndividual in a prompt and reasonable manner consistent with the HIPAA regulations as designated by the Plan, information collected in accordance with Section 1. g., 2.0 (i) of this Agreement, to permit Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. Business Associate agrees to satisfy all applicable provisions of HIPAA standards for electronic transactions and code sets, also known as the Electronic Data Interchange (EDI) Standards, at 45 CFR Part 162. Business Associate further agrees to ensure that any agent, including a subcontractor that conducts standard transactions on its behalf will comply with the EDI Standards. Business Associate agrees to determine the Minimum Necessary type and amount of PHI required to perform its services and will comply with 45 CFR 164.502(b) and 514(d).
Appears in 4 contracts
Samples: Total Self Service Benefits Administrator Contract, Contract for Benefits Administration Services, Contract N1000010172
Obligations and Activities of Business Associate. a. 1. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By Law.
b. 2. Business Associate agrees to use appropriate administrative, technical, and physical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. Business Associate agrees to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure in violation of this Agreement and the Privacy Rule. Business Associate agrees to reasonably safeguard Protected Health Information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure.
c. 3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 4. Business Associate agrees to report to Covered Entity Company any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which . The report shall be made within five business days from the date it becomes awareaware of such use or disclosure unless circumstances warrant expediency.
e. 5. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, Company agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. 6. Business Associate agrees to provide access, at the request of the Company, and in the time and manner, not to exceed 30 days, Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements under 45 CFR § 164.524.
7. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual, and in the time and manner within 30 days that is not prohibited by the law or this Agreement.
8. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity Company available to the Covered EntityCompany, or to the Secretary, in a time and manner (within manner, not to exceed 30 calendar days following written request from Covered Entity) days, or as designated by the Secretary, for purposes of the Secretary determining Covered Entity's Company’s compliance with the HIPAA RulesPrivacy Rule.
g. 9. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Company to respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
10. Business Associate agrees to provide to Company or an Individual, in time and manner within 30 days, information collected in accordance with Section (i) of this Agreement, to permit Company to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. 11. Business Associate agrees to be familiar and comply with any applicable state privacy laws which are more stringent than the Privacy Rule, including but not limited to the Insurance Information and Privacy Protection Act, Cal Ins. Code §§ 791-791.27 and the accompanying regulations promulgated by the California Department of Insurance, Cal. Admin. Code, title 10, §§ 2698.1-2689.24, the Confidentiality of Medical Information Act, Cal. Civ. Code §§ 56-56.37.
12. Business Associate agrees to be familiar and comply with any record retention requirements applicable to either Business Associate or Company and contained in any federal or state law or regulation, including the Employee Retirement Income Security Act of 1974.
13. Business Associate agrees to provide Company, or its designated agent, during regular business hours, with access to Covered Entity or an Individualthe records of Business Associate for the purpose of conducting Privacy Rule compliance audits. For this purpose Business Associate will make available internal practices, within 30 calendar days after written requestbooks, information collected in accordance with Section 1. g.and records, of this Agreementincluding policies and procedures and Protected Health Information, relating to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures the use and disclosure of Protected Health Information in accordance with received from, or created or received by Business Associate on behalf of, Company.
14. Business Associate agrees not to use protected health information for any independent purpose or any purpose not specifically authorized by the terms of this Agreement and the Privacy Rule
15. Business Associate is permitted to created, receive, maintain, or transmit electronic Protected Health Information (“EDI”) on Company’s behalf, but agrees to appropriately safeguard the EDI as required by 45 CFR 164.528§§ 164.306, 164.308(b), & 164.314(a). Business Associate shall (i) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EDI that it creates, receives, maintains, or transmits on behalf of Company, (ii) ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect it; and (iii) report to Company any security incident of which it becomes aware.
16. Business Associate agrees to report disclosure and security incidents within 5 days, any use or disclosure of PHI not provided for by this Business Associate Agreement, or any Security incident, as defined in 45 CFR section 164.304, or which it becomes aware.
Appears in 3 contracts
Samples: Producer Agreement, Producer Agreement, Producer Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Business Associate Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Business Associate Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Business Associate Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Business Associate Agreement to Business Associate with respect to such information.
f. Business Associate agrees to provide access, at the request of Covered Entity, as soon as practicable and in the manner prescribed by the Covered Entity to the extent practicable, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524.
g. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner prescribed by the Covered Entity to the extent practicable.
h. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from designated by Covered Entity) Entity to the extent practicable or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. i. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. j. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin the time and manner prescribed by the Covered Entity to the extent practicable, information collected in accordance with Section 1II.i. g., of this Business Associate Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
Appears in 3 contracts
Samples: Services Agreement (Apollo Medical Holdings, Inc.), Hospitalist Participation Service Agreement (Apollo Medical Holdings, Inc.), Hospitalist Participation Service Agreement (Apollo Medical Holdings, Inc.)
Obligations and Activities of Business Associate. a. 1. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By Law.
b. 2. Business Associate agrees to use appropriate administrative, technical, and physical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. Business Associate agrees to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure in violation of this Agreement and the Privacy Rule. Business Associate agrees to reasonably safeguard Protected Health Information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure.
c. 3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 4. Business Associate agrees to report to Covered Entity Company any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which . The report shall be made within five business days from the date it becomes awareaware of such use or disclosure unless circumstances warrant expediency.
e. 5. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, Company agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. 6. Business Associate agrees to provide access, at the request of the Company, and in the time and manner, not to exceed 30 days, Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements under 45 CFR § 164.524.
7. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual, and in the time and manner within 30 days that is not prohibited by the law or this Agreement.
8. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity Company available to the Covered EntityCompany, or to the Secretary, in a time and manner (within manner, not to exceed 30 calendar days following written request from Covered Entity) days, or as designated by the Secretary, for purposes of the Secretary determining Covered Entity's Company’s compliance with the HIPAA RulesPrivacy Rule.
g. 9. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Company to respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
10. Business Associate agrees to provide to Company or an Individual, in time and manner within 30 days, information collected in accordance with Section (i) of this Agreement, to permit Company to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. 11. Business Associate agrees to be familiar and comply with any applicable state privacy laws which are more stringent than the Privacy Rule, including but not limited to the Insurance Information and Privacy Protection Act, Cal Ins. Code §§ 791-791.27 and the accompanying regulations promulgated by the California Department of Insurance, Cal. Admin. Code, title 10, §§ 2698.1-2689.24, the Confidentiality of Medical Information Act, Cal. Civ. Code §§ 56-56.37.
12. Business Associate agrees to be familiar and comply with any record retention requirements applicable to either Business Associate or Company and contained in any federal or state law or regulation, including the Employee Retirement Income Security Act of 1974.
13. Business Associate agrees to provide Company, or its designated agent, during regular business hours, with access to Covered Entity or an Individualthe records of Business Associate for the purpose of conducting Privacy Rule compliance audits. For this purpose Business Associate will make available internal practices, within 30 calendar days after written requestbooks, information collected in accordance with Section 1. g.and records, of this Agreementincluding policies and procedures and Protected Health Information, relating to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures the use and disclosure of Protected Health Information in accordance with received from, or created or received by Business Associate on behalf of, Company.
14. Business Associate agrees not to use protected health information for any independent purpose or any purpose not specifically authorized by the terms of this Agreement and the Privacy Rule.
15. Business Associate is permitted to created, receive, maintain, or transmit electronic Protected Health Information (“EDI”) on Company’s behalf, but agrees to appropriately safeguard the EDI as required by 45 CFR 164.528§§ 164.306, 164.308(b), & 164.314(a). Business Associate shall
(i) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EDI that it creates, receives, maintains, or transmits on behalf of Company, ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect it; and (iii) report to Company any security incident of which it becomes aware.
16. Business Associate agrees to report disclosure and security incidents within 5 days, any use or disclosure of PHI not provided for by this Business Associate Agreement, or any Security incident, as defined in 45 CFR section 164.304, or which it becomes aware.
Appears in 3 contracts
Samples: Producer Agreement, Producer Agreement, Producer Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees not to use or disclose Protected Health Information other than only as permitted or required by the this Agreement for purposes of performing services on behalf of Covered Entity, for proper management and administration of Business Associate, or as Required By Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate Agreement agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a any unauthorized use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this AgreementInformation.
d. (d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information in a Designated Record Set in order that Covered Entity may meet the requirements under 45 C.F.R. Section 164.524.
(g) Business Associate agrees to make amendment(s) to Protected Health Information in a Designated Record Set as required by 45 C.F.R. Section 164.526 at the request of Covered Entity.
(h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s and Business Associate’s compliance with the HIPAA RulesRegulations.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. Business Associate agrees C.F.R. Section 164.528 and to provide such information to Covered Entity (or an Individual if so directed by Covered Entity).
(j) Except as otherwise restricted by law and to the extent such laws are applicable to the services provided by Business Associate on behalf of Covered Entity, Business Associate shall comply with an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, ’s request to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures restrict disclosure of Protected Health Information if: (1) the disclosure is to a health plan for purposes of carrying out treatment, and (2) the Protected Health Information pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in accordance with 45 CFR 164.528full.
Appears in 2 contracts
Samples: Management Services Agreement (Dr. Tattoff, Inc.), Management Services Agreement (Dr. Tattoff, Inc.)
Obligations and Activities of Business Associate. a. The Business Associate agrees not to use or disclose Protected Health Information or electronic Protected Health Information (hereinafter “PHI” or Protected Health Information”) other than as permitted or required by the Agreement this HIPAA Compliance Clause or as Required By Law.
b. The Business Associate agrees to use appropriate safeguards and comply with subpart C administrative, physical, and technical safeguards requirements in 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316 as required by § 13401 of 45 CFR part 164 with respect the HITECH ACT (February 18, 2010), to electronic protected health information, maintain the security of the Protected Health Information and to prevent use or disclosure of the such Protected Health Information other than as provided for by this AgreementClause.
c. The Business Associate agrees to mitigateestablish procedures for mitigating, and to mitigate to the extent practicable, any harmful effect deleterious effects that is known to the Business Associate of a use or disclosure of Protected Health Information by the Business Associate in violation of the requirements of this AgreementClause.
d. The Business Associate agrees to report to Covered Entity Entity, in writing, any use or disclosure of the Protected Health Information not provided for permitted or required by this Agreement HIPAA Compliance Clause to the District Privacy Official or agency Privacy Officer within ten (10) days from the time the Business Associate becomes aware of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes awaresuch unauthorized use or disclosure.
e. The Business Associate agrees to ensure that any workforce member or any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate Clause with respect to such informationProtected Health Information received from the Business Associate, Protected Health Information created by the Business Associate, or Protected Health Information received by the Business Associate on behalf of the Covered Entity.
f. The Business Associate agrees to provide access within five business days, at the request of the Covered Entity or an Individual, at a mutually agreed upon location, during normal business hours, and in a format as directed by the District Privacy Official or agency Privacy Officer, or as otherwise mandated by the Privacy Rule or applicable District of Columbia laws, rules and regulations, to Protected Health Information in a Designated Record Set, to the Covered Entity or an Individual, to facilitate the District’s compliance with the requirements under 45 C.F.R. §164.524.
g. The Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating any amendment(s) within five business days to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, in a Designated Record Set that the Covered Entity available directs or agrees to the Covered Entity, or pursuant to the Secretary, 45 CFR 164.526 in a time and manner (within 30 calendar days following written request from Covered Entity) format or designated as directed by the Secretary, for purposes of District Privacy Official or agency Privacy Officer in order to facilitate the Secretary determining Covered Entity's District’s compliance with the HIPAA Rulesrequirements under 45 C.F.R. §164.526.
g. h. The Business Associate agrees to document use the standard practices of the Covered Entity to verify the identification and authority of an Individual who requests the Protected Health Information in a Designated Record Set of a recipient of services from or through the Covered Entity. The Business Associate agrees to comply with the applicable portions of the, attached hereto as Exhibit C and incorporated by reference.
i. The Business Associate agrees to record authorizations and log such disclosures of Protected Health Information and information related to such disclosures as would be required for the Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528C.F.R. § 164.528 and applicable District of Columbia laws, rules and regulations.
h. j. The Business Associate agrees to provide to the Covered Entity or an Individual, within 30 calendar five (5) business days after written requestof a request at a mutually agreed upon location, during normal business hours, and in a format designated by the District Privacy Official or agency Privacy Officer and the duly authorized Business Associate workforce member, information collected in accordance with Section 1. g., Paragraph
(i) of this AgreementSection above, to permit the Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR C.F.R. § 164.528, and applicable District of Columbia laws, rules and regulations.
k. The Business Associate agrees to make internal practices, books, and records, including policies and procedures, and Protected Health Information, relating to the use and disclosure of Protected Health Information received from the Business Associate, or created, or received by the Business Associate on behalf of the Covered Entity, available to the Covered Entity, or to the Secretary, within five
Appears in 2 contracts
Samples: Blanket Purchase Agreement, Blanket Purchase Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information PHI other than as permitted or required by the Agreement or as Required By Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information PHI other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information PHI by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to provide access to PHI in a Designated Record Set to Covered Entity, within fifteen (15) days of the request of Covered Entity, or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524.
g. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, within fifteen (15) days of such request.
h. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health InformationPHI, relating to the use and disclosure of Protected Health Information PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner within fifteen (within 30 calendar 15) days following written of such request from Covered Entity) or as designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. i. Business Associate agrees to document such disclosures of Protected Health Information PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR § 164.528.
h. j. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar fifteen (15) days after written requestof a request to Business Associate, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR § 164.528.
Appears in 2 contracts
Samples: Management and Medical Services Agreement (Hqhealthquest Medical & Wellness Centers, Ltd.), Management and Medical Services Agreement (Wellquest Medical & Wellness Corp)
Obligations and Activities of Business Associate. a. Business Associate agrees not to use or disclose Protected Health Information “PHI” to anyone other than as permitted or required by the under this Agreement or as Required By Lawotherwise required by law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information “PHI,” other than as provided for by this Agreement, by itself, its employees, agents or representatives, or third persons.
c. Business Associate agrees to mitigate, to the extent practicable, any known harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information “PHI” by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to immediately report to Covered Entity Provider any use or disclosure of the Protected Health Information “PHI” not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information “PHI” received from, or created or received by Business Associate on behalf of Covered Entity Provider, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. At the request of Provider, Business Associate agrees to provide access to Provider or to an Individual as directed by Provider, to “PHI” in a Designated Record Set within a reasonable time and manner in order to meet the requirements under 45 CFR § 164.524.
g. Business Associate agrees to make any amendment(s) to “PHI” in a Designated Record Set that the Provider directs or agrees to pursuant to 45 CFR § 164.526 at the request of Provider or an Individual, in a reasonable time and manner.
h. Business Associate agrees to make all written internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received fromInformation, or created or received by Business Associate on behalf of, Covered Entity available to the Covered EntityProvider, or to the Secretary of the Department of Health and Human Services (hereinafter “Secretary”), in a reasonable time and manner, or in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's Provider’s compliance with the HIPAA Rules“Privacy Rule.”
g. i. Business Associate agrees to document such disclosures of Protected Health Information “PHI” and information related to such disclosures as would be required for Covered Entity Provider to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. j. Business Associate agrees to provide to Covered Entity Provider or an Individual, within 30 calendar days after written requestin a reasonable time and manner, information collected in accordance with Section 1. g.Subsection (i) above, of this Agreement, to permit Covered Entity Provider to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
Appears in 2 contracts
Samples: Business Associate Agreement, Business Associate Agreement
Obligations and Activities of Business Associate. a. 2.1 Business Associate agrees to not to use or further disclose Protected Health Information other than as permitted or required by the Agreement or as Required By by Law.
b. 2.2 Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. 2.3 Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 2.4 Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. 2.5 Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. 2.6 Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524.
2.7 Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity.
2.8 Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. 2.9 Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. 2.10 Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by Covered Entity, information collected in accordance with Section 1. g., 2.9 of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Business Associate Contract
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Section 3.0 of this Agreement, or as Required By by Law.
b. . Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to report to Covered Entity Plan any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. . Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, the Plan agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Business Associate agrees to provide access, at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health Information in a Designated Record Set, to the Plan as directed, or directly to an Individual in order to meet the requirements under 45 CFR 164.524. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Plan directs or agrees to pursuant to 45 CFR 164.526 at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations. Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf ofof Plan available, Covered Entity available or at the request of the Plan or the Secretary, to the Covered Entity, Plan or to the Secretary, Secretary in a reasonable time and manner (within 30 calendar days following written request from Covered Entity) or manner, which shall be designated by the Plan or the Secretary, for purposes of the Secretary determining Covered EntityPlan's compliance with the HIPAA Rules.
g. Privacy Rule. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. . Business Associate agrees to provide to Covered Entity the Plan or an Individual, within 30 calendar days after written requestIndividual in a prompt and reasonable manner consistent with the HIPAA regulations as designated by the Plan, information collected in accordance with Section 1. g., 2.0 (i) of this Agreement, to permit Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. Business Associate agrees to satisfy all applicable provisions of HIPAA standards for electronic transactions and code sets, also known as the Electronic Data Interchange (EDI) Standards, at 45 CFR Part 162. Business Associate further agrees to ensure that any agent, including a subcontractor that conducts standard transactions on its behalf will comply with the EDI Standards.
Appears in 1 contract
Samples: Investment Consulting Services
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Section 3.0 of this Agreement, or as Required By by Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (d) Business Associate agrees to report to Covered Entity Plan any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, the Plan agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health Information in a Designated Record Set, to the Plan as directed, or directly to an Individual in order to meet the requirements under 45 CFR 164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Plan directs or agrees to pursuant to 45 CFR 164.526 at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations.
(h) Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf ofof Plan available, Covered Entity available or at the request of the Plan or the Secretary, to the Covered Entity, Plan or to the Secretary, Secretary in a time and manner (within 30 calendar days following written request from Covered Entity) or manner, which shall be designated by the Plan or the Secretary, for purposes of the Secretary determining Covered EntityPlan's compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. (j) Business Associate agrees to provide to Covered Entity the Plan or an Individual, within 30 calendar days after written requestIndividual in a prompt and reasonable manner consistent with the HIPAA regulations as designated by the Plan, information collected in accordance with Section 1. g., 2.0 (i) of this Agreement, to permit Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
(k) Business Associate agrees to satisfy all applicable provisions of HIPAA standards for electronic transactions and code sets, also known as the Electronic Data Interchange (EDI. Standards, at 45 CFR Part 162) Business Associate further agrees to ensure that any agent, including a subcontractor that conducts standard transactions on its behalf will comply with the EDI Standards.
(l) Business Associate agrees to determine the Minimum Necessary type and amount of PHI required to perform its services and will comply with 45 CFR 164.502(b) and 514(d)
Appears in 1 contract
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement this HIPAA Privacy Compliance Clause (this Clause) or as Required By Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this AgreementClause.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this AgreementClause.
d. (d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident Clause of which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner [Insert negotiated terms for access], to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual, and in the time and manner [Insert negotiated terms for amendment].
(h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity Entity, available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) [Insert negotiated terms for access] or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. (j) Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner [Insert negotiated terms for access], information collected in accordance with Section 1. g., of this Agreement(i) above, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Human Care Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or further disclose Protected Health Information other than as permitted or required by the Underlying Agreement or as Required By Law.
b. Business Associate agrees to use appropriate safeguards safeguards, including without limitation administrative, physical, and comply with subpart C of 45 CFR part 164 with respect to electronic protected health informationtechnical safeguards, to prevent use or disclosure of the Protected Health Information other than as provided for by this AgreementAgreement and to reasonably and appropriately protect the confidentiality, integrity, and availability of any electronic Protected Health Information that it may receive, maintain, or transmit on behalf of the Covered Entity.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to comply with the Security Rules, as required by HITECH, in a manner consistent with the Rule and regulations that may be adopted by relevant federal agencies, to keep all electronic protected health information in a secure manner, as required under federal law.
e. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and or any security incident of which it becomes awareaware involving Protected Health Information of the Covered Entity.
e. f. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. g. Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524.
h. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity.
i. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Privacy & Security Rules.
g. j. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. k. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by Covered Entity, information collected in accordance with Section 1. g., (2)(i) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
l. Business Associate hereby acknowledges and agrees that Covered Entity has notified Business Associate that it is required to comply with the confidentiality, disclosure, breach notification, compliance, and re-disclosure requirements of HITECH, Privacy Rule and the Security Rule to the extent such requirements may be applicable.
m. Business Associate acknowledges that if it becomes aware of a “pattern of activity or practice” by Covered Entity, or any other Business Associate, that breaches a Business Associate Agreement, but fails to cure the breach, Business Associate shall immediately terminate the relevant agreement, or report the non-compliance to the United States Department of Health and Human Services’ Office of Civil Rights.
n. Business Associate acknowledges that it is subject to compliance audits by the United States Department of Health and Human Services’ Office of Civil Rights.
o. Business Associate acknowledges that, in the event of any unauthorized acquisition, access, use or disclosure of Protected Health Information, Business Associate shall fully comply with the breach notification requirements, including any and all regulations which have been or may be promulgated.
p. Business Associate shall comply with any and all regulatory requirements which may arise in the future to comply fully with the Privacy Rules, the Security Rule and HITECH, including, but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on sales of PHI, and updated marketing and fundraising restrictions.
q. Business Associate acknowledges that, pursuant to HITECH, Business Associate, its employees and contractors, and any third party (and their employees, contractors, and further third parties) who may have access to or possession of the Covered Entity’s Protected Health Information, are subject to regulatory oversight of the various federal and/or state agencies as a Business Associate, and may be subject to both civil and criminal penalties which may arise from violations of this Agreement, the Privacy Rules, the Security Rule and HITECH.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees not to to: Not use or further disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. Business Associate agrees to use . Use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Business Associate agrees to mitigate. Mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report . Report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure Agreement. Ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . In the event that the Business Associate maintains PHI in a designated records set, Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524. In the event that the Business Associate maintains Protected Health Information in a designated records set, Business Associate agrees to make any amendment(s) to Protected Health Information in a designated record set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity. Make internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules.
g. Privacy Rule. In the event such a request comes directly from the Secretary, Business Associate agrees to document notify Covered Entity immediately of such request. Document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. Business Associate agrees to provide . Provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by Covered Entity, information collected in accordance with Section 1. g., of this Agreementsection, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. Implementation of an Identity Theft Monitoring Policy and Procedure, to protect any patient information that may be breached by the Business Associate, under the Federal Trade Commission Regulations Red Flag Rules. Obligation to report violations of patient privacy. Facilities will be required to report any unlawful or unauthorized access to, or use or disclosure of, a patient's medical information” both to the DHHS/OCR and to the affected patient (or the patient's representative) no later than five days after the unlawful or unauthorized access, use or disclosure has been detected.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. 1. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By by Law.
b. 2. Business Associate agrees to use appropriate employ administrative, physical, and technical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, meeting required Security Standards for business associates as Required by Law to prevent disclosure or use or disclosure of the Protected Health Information PHI other than as provided for allow by this Agreement.
c. 3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information PHI held by Business Associate in violation of the requirements of this Agreement.
d. 4. Business Associate agrees to report to AHP and Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches .
5. If a breach of unsecured protected health information occurs at or by Business Associate, the Business Associate must notify AHP and the Covered Entity following the discovery of the breach without unreasonable delay and, in all cases, no later than 60 days from the discovery of the breach. To the extent possible, the Business Associate should provide AHP and the Covered Entity with the identification of each individual affected by the breach as well as any information required at 45 CFR 169.410 to be provided by AHP and any security incident of which it becomes awarethe Covered Entity in its notification to affected individuals. Business Associates shall comply with all regulations issued by HHS and applicable state agencies regarding breach notification to AHP and the Covered Entity.
e. 6. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such informationPHI.
f. 7. Business Associate agrees, at the request of AHP or the Covered Entity, to provide AHP or the Covered Entity (or a designate of Covered Entity) access to Protected Health Information in a Designated Record Set in prompt commercially reasonable manner in order to meet the requirements under 45 CFR §164.524.
8. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that AHP or the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of AHP or the Covered Entity or an Individual, in a prompt and commercially reasonable manner.
9. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, AHP or Covered Entity available to AHP or the Covered Entity, or to the Secretary (including official representatives of the Secretary), in a time and prompt commercially reasonable manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. 10. Business Associate shall, upon request with reasonable notice, provide AHP or Covered Entity access to its premises for a review and demonstration of its internal practices and procedures for safeguarding PHI.
11. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
h. 12. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin a prompt commercially reasonable manner, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
13. During the term of this Agreement, Business Associate shall maintain, at its sole cost and expense, comprehensive general liability insurance of not less than one million dollars and any insurance that may be mandated for Business Associate by law or regulation (including Worker’s Compensation and State Disability Insurance if applicable). Business Associate shall provide AHP written evidence of such insurance upon request. Business Associate shall provide AHP with prompt written notice of any material change or cancellation in its coverage.
14. Business Associate shall indemnify AHP for any damages, costs and expenses incurred, including reasonable attorneys’ fees, judgments, settlements or penalties, as a result of any claim or liability resulting from the failure of Business Associate (or its lower tier subcontractors or consultants) to maintain the insurance policies required by this section or for breach of any of Business Associates obligations under this Agreement.
Appears in 1 contract
Samples: Hipaa Privacy Compliance Agreement
Obligations and Activities of Business Associate. a. a) Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Lawrequired by law.
b. b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. d) Business Associate agrees to report to Covered Entity Practice any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity the Practice agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. f) Business Associate agrees to provide access, at the request of Practice, and in the time and manner not to exceed 72 hours, to Protected Health Information in a designated record set, to Practice or, as directed by Practice, to an Individual in order to meet the requirements under 45 CFR 164.524.
g) Business Associate agrees to make any amendment(s) to Protected Health Information in a designated record set that Practice directs or agrees to pursuant to 45 CFR 164.526 at the request of Practice or an Individual, within 72 hours of receipt of such amendment(s).
h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available of Practice avail-able to the Covered EntityPractice, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) secretary or person designated by the Secretarysecretary, if permissible or required by law, within 72 hours of receiving the request, for purposes of the Secretary secretary determining Covered Entity's Practice’s compliance with the HIPAA RulesPrivacy Rule.
g. i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Practice to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. j) Business Associate agrees to provide to Covered Entity Practice or an Individual, within 30 calendar days after written request72 hours, information collected in accordance with Section 1. g., of this AgreementAgreement and the Privacy Rule, to permit Covered Entity Practice to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. 1. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. 2. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. 3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 4. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. 5. Business Associate agrees to ensure that any agent, including a subcontractorsubBusiness Associate, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. 6. Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements of 45 CFR § 164.524.
7. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by the Covered Entity.
8. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from designated by the Covered Entity) Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Privacy and Security Rules.
g. 9. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. 10. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by the Covered Entity, information collected in accordance with Section 1. g., B of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
11. Business Associate shall maintain a comprehensive security program appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities as defined in the Security Rule.
12. Business Associate and its agents and subBusiness Associate are prohibited from directly or indirectly receiving any remuneration in exchange for an individual’s protected health information unless the individual provides a valid authorization.
13. Business Associate shall contact the Covered Entity immediately in the event that a breach of data has been discovered for unprotected health information.
13.1 The notification should include the identification of each individual whose unsecured protected health information has been, or is reasonably believed to have been accessed, acquired or disclosed during such breach.
13.2 Notification to individuals must be made within 60 days from discovering the breach. Notification must be coordinated with and approved by the Covered Entity.
13.3 Covered Entity will coordinate with Business Associate in the determination of additional specific actions that will be required of the Business Associate for mitigation of the breach.
13.4 If the Business Associate is a vendor of personal health records, notification of the breach will need to be made with the Federal Trade Commission.
14. Business Associate shall be responsible for any and all costs associated with the notification and mitigation of a data breach that has occurred because of the negligence of the Business Associate.
15. Business Associate shall be subject to prosecution by the Department of Justice for criminal violations of HIPAA if the Business Associate obtains or discloses individually identifiable health information without authorization, and shall be responsible for any an all costs associated with prosecution.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. . Business Associate agrees to use appropriate administrative, physical, and technical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate shall ensure that all Protected Health Information is Secured. Business Associate agrees to promptly mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to immediately report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Agreement. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees in writing to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Moreover, Business Associate shall ensure that any such agent or subcontractor agrees to implement reasonable and appropriate safeguards to protect the Covered Entity’s Protected Health Information. Notwithstanding anything to the contrary in the Primary Agreement or this BAA, Business Associate shall not use any agent or subcontractor to perform any service requiring access to Protected Health Information without the express written consent of an authorized representative of Covered Entity. Business Associate agrees to provide prompt access, at the request of Covered Entity to Protected Health Information in a Designated Record Set, to Covered Entity, or, if directed by Covered Entity, to an Individual, in order to meet the requirements under 45 CFR § 164.524. If an Individual requests directly from Business Associate (i) to inspect or copy his or her Protected Health Information, or (ii) requests its disclosure to a third party, the Business Associate shall promptly notify Covered Entity in writing of such request. Business Associate agrees to promptly make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity, and in the time and manner as mutually agreed by the parties. Business Associate agrees to make its internal practices, books, and records, including its policies and procedures and Protected Health Informationprocedures, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity Entity, available to the Covered Entity, Entity or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA Rules.
g. Privacy Rule. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. . Business Associate agrees to promptly provide to Covered Entity or an Individual, within 30 calendar days after written request, Individual information collected in accordance with Section 1. g., 2(i) of this AgreementBAA, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528. Business Associate hereby represents and warrants that to the extent it is transmitting a financial or administrative transaction described in the Regulations (each a “Transaction”) for Covered Entity, the format and structure of such transmissions shall be in compliance with the Transaction Standards. With respect to any such Transactions, neither party shall: (i) change the definition, data, condition, or use of a data element or segment in a Transaction Standard; (ii) add any data elements or segments to the maximum defined data set; (iii) use any code or data elements that are either marked “not used” in the Transaction Standard’s implementation specification or are not in the Transaction Standard’s implementation specification(s); or (iv) change the meaning or intent of the Transaction Standard’s implementation specification(s). With respect to Electronic Protected Health Information, Business Associate will: Implement, in compliance with the requirements of the Security Rule, administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information it creates, receives, maintains, or transmits on behalf of Covered Entity; Ensure that any agent, including a subcontractor, to whom Business Associate provides Electronic Protected Health Information agrees in writing to implement reasonable and appropriate safeguards to protect such information; Report to Covered Entity any Security Incident of which Business Associate becomes aware, including any failure of safeguards or unauthorized access to Electronic Protected Health Information. Business Associate shall comply with all the obligations required of a Business Associate under the Health Information Technology for Economic Clinical Health Act (“HITECH Act”), Title XIII of the American Recovery and Reinvestment Act of 2009. 45 CFR Sections 164.308, 164.310, 164.312, and 164.316 shall apply to Business Associate in the same manner that such sections apply to Covered Entity. The written policies and procedures and documentation required by 45 CFR Section 164.316 shall be made available to Covered Entity, upon Covered Entity’s request. The additional requirements of the HITECH Act that relate to privacy and security and that are made applicable with respect to covered entities shall also be applicable to Business Associate and shall be and by this reference hereby are incorporated into this BAA.
Appears in 1 contract
Samples: Standard Services Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or disclose Protected Health Information PHI other than as permitted or required by the Agreement or as Required By Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information PHI other than as provided for by this Agreement.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information PHI by Business Associate in violation of the requirements of this Agreement.
d. (d) Business Associate agrees to report to Covered Entity GSHA any use or disclosure of the Protected Health Information PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information PHI received from, or created or received by Business Associate on behalf of Covered Entity GSHA, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of GSHA, and in the time and manner [20 days], to PHI in a Designated Record Set, to GSHA or, as directed by GSHA, to an Individual in order to meet the requirements under 45 C.F.R. 164.524.
(g) Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that the GSHA directs or agrees to pursuant to 45 C.F.R. 164.526 at the request of GSHA, and in the time and manner [20 days].
(h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health InformationPHI, relating to the use and disclosure of Protected Health Information PHI received from, or created or received by Business Associate on behalf of, Covered Entity of GSHA available to the Covered Entity, GSHA or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) [20 days] or designated by the Secretary, for purposes of the Secretary determining Covered EntityGSHA's compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information PHI and information related to such disclosures as would be required for Covered Entity GSHA to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR C.F.R. 164.528.
h. (j) Business Associate agrees to provide to Covered Entity GSHA or an Individual, within 30 calendar days after written requestin time and manner [20 days], information collected in accordance with Section 1. g., 2(i) of this Agreement, to permit Covered Entity GSHA to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR C.F.R. 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.not
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, within ten (10) days of receiving a written request from Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR §164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 within thirty (30) days of receiving a written request from Covered Entity.
(h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity within ten (10) days of receiving a written request from Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary Secretary’s determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.to
h. (j) Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar thirty (30) days after of receiving written requestnotice, information collected in accordance with Section 1. g., 2(i) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.CFR
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement this HIPAA Privacy Compliance Clause (this Clause) or as Required By Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this AgreementClause.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this AgreementClause.
d. (d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident Clause of which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractorsubProvider, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner mutually agreed to, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual.
(h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity Entity, available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) mutually agreed to or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. (j) Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner mutually agreed to, information collected in accordance with Section 1. g., of this Agreement(i) above, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Direct Care Services Agreement
Obligations and Activities of Business Associate. a. A. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement this Contract or as Required By by Law.
b. B. Business Associate agrees to use the appropriate administrative, physical and technical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Contract and to comply with the security standards for the protection of electronic protected health information in 45 CFR Part 164, Subpart C. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this AgreementContract.
d. C. Business Associate agrees to report to Covered Entity Program as soon as reasonably practicable any use or disclosure of the Protected Health Information not provided for by this Agreement Contract of which it becomes aware, including breaches . Business Associate also agrees to report to Covered Program any Breach of unsecured protected health information as required at 45 CFR 169.410 and any security incident Unsecured Protected Health Information of which it becomes aware. Such report shall include, to the extent possible:
1. A brief description of what happened, including the date of the Breach and the date of the discovery of the Breach, if known;
2. A description of the types of Unsecured Protected Health Information that were involved in the Breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved);
3. Any steps individuals should take to protect themselves from potential harm resulting from the breach;
4. A description of what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches; and
5. Contact procedures for Covered Program to ask questions or learn additional information.
e. D. Business Associate agrees agrees, in accordance with 45 CFR § 164.502(e)(1)(ii), to ensure that any agentsubcontractors that create, including a subcontractorreceive, to whom it provides maintain, or transmit Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees the Business Associate agree to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. E. Business Associate agrees to provide access, at the request of Covered Program, and in the time and manner designated by Covered Program, to Protected Health Information in a Designated Record Set, to Covered Program in order for Covered Program to comply with 45 CFR § 164.524.
F. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Program directs in order for Covered Program to comply with 45 CFR § 164.526.
G. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Program to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528; and Business Associate agrees to provide to Covered Program, in time and manner designated by Covered Program, information collected in accordance with this Contract, to permit Covered Program to comply with 45 CFR § 164.528.
H. Business Associate agrees, to the extent the Business Associate is to carry out Covered Program’s obligation under 45 CFR Part 164, Subpart E, to comply with the requirements of 45 CFR Part 164, Subpart E that apply to Covered Program in the performance of such obligation.
I. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity Program available to the Covered EntityProgram, or to the SecretarySecretary of the federal Department of Health and Human Services, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by Covered Program or the Secretary, for purposes of the Secretary determining Covered Entity's Program’s compliance with the HIPAA Rules.
g. Business Associate agrees to document such disclosures of Protected Health Information HIPAA, HITECH and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528Parts 160 and 164.
h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. 1. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Contract or as Required By by Law.
b. 2. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this AgreementContract.
c. 3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this AgreementContract.
d. 4. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident Contract of which it becomes aware.
e. 5. Business Associate agrees to ensure that any agent, including a subcontractorsub-contractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity Entity, agrees to the same restrictions and conditions that apply through throughout this Agreement Contract to Business Associate with respect to such information.
f. 6. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information Information, received from, from or created or received by Business Associate on behalf of, of Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) mutually agreed upon or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. 7. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual individual for an accounting of disclosures or Protected Health Information in accordance with 45 CFR § 164.528 (2002).
8. Business Associate agrees to provide to Covered Entity or an individual, in time and manner mutually agrees upon, information collected in accordance with Section B.6 immediately above of this Contract, to permit Covered Entity to respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528§ 164.528 (2002).
h. 9. Business Associate agrees to provide access, at the request of Covered Entity and in the time and manner designated by Covered Entity, to Protect Health Information in a Designated Record Set, to Covered Entity or as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524 (2002) if the Business Associate has Protected Health Information in a Designated Record Set.
10. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 (2002) at the request of Covered Entity or an Individual, within 30 calendar days after written request, information collected and in accordance with Section 1. g., of this Agreement, to permit the same time and manner as designated by Covered Entity to respond to a request by an Individual for an accounting of disclosures of if the Business Associate has Protected Health Information in accordance with 45 CFR 164.528a Designated Record Set.
11. Business Associate understands and agrees that, should SCLG/OOA be found in violation of the HIPAA Privacy Rule due to Business Associate’s material breach of this Section, Business Associate shall be liable to SCLG/OOA for any damages, penalties, and/or fines assessed against SCLG/OOA as a result of Business Associate’s material breach. SCLG/OOA is authorized to recoup any and all such damages, penalties and/or fines assessed against SCLG/OOA by means of withholding and/or offsetting such damages, penalties, and/or fines against any and all sums of money for which SCLG/OOA may be obligated to the Business Associate under any previous Contract and/or this or future Contracts. In the event there is no previous contractual relationship between the Business Associate and SCLG/OOA, the amount to cover such damages, penalties, and/or fines shall be due from Business Associate immediately upon notice.
Appears in 1 contract
Samples: Contract for Service Provision
Obligations and Activities of Business Associate. a. (a) Business Associate agrees not to use or disclose Protected Health Information other than only as permitted or required by the this Addendum, Agreement or as Required By Lawrequired by law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this AgreementAddendum.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (c) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement Addendum of which it becomes aware, including breaches . Business Associate will make such report to Covered Entity’s Privacy Office within a reasonable time after Business Associate learns of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes awaresuch use or disclosure not provided for by this Addendum.
e. (d) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of of, Covered Entity agrees to the same restrictions and conditions that apply through this Agreement Addendum to Business Associate with respect to such information.
f. (e) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) mutually agreed by the Parties or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. (f) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. (g) Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner mutually acceptable to the Parties, information collected in accordance with Section 1. g., 1(f) of this AgreementAddendum, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
(h) Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner mutually agreed by the Parties, to Protected Health Information, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524.
(i) Business Associate agrees to make any amendment(s) to Protected Health Information that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner mutually agreed by the parties. When Covered Entity grants an Individual’s request for amendment, Covered Entity shall provide the granted amendment to Business Associate’s Privacy Office.
Appears in 1 contract
Obligations and Activities of Business Associate. a. Business Associate agrees not to use or disclose Protected Health Information PHI other than as permitted or required by the Agreement or as Required By Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information PHI other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information PHI by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information PHI as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 within30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules.
g. Business Associate agrees to document such disclosures of Protected Health Information PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR 164.528.
h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. . Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. . Business Associate agrees to ensure that any agent, including a subcontractorsubBusiness Associate, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements of 45 CFR § 164.524. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by the Covered Entity. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from designated by the Covered Entity) Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Privacy and Security Rules.
g. . Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. . Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by the Covered Entity, information collected in accordance with Section 1. g., B of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528. Business Associate shall maintain a comprehensive security program appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities as defined in the Security Rule. Business Associate and its agents and subBusiness Associate are prohibited from directly or indirectly receiving any remuneration in exchange for an individual’s protected health information unless the individual provides a valid authorization. Business Associate shall contact the Covered Entity immediately in the event that a breach of data has been discovered for unprotected health information.
13.1 The notification should include the identification of each individual whose unsecured protected health information has been, or is reasonably believed to have been accessed, acquired or disclosed during such breach. Notification to individuals must be made within 60 days from discovering the breach. Notification must be coordinated with and approved by the Covered Entity. Covered Entity will coordinate with Business Associate in the determination of additional specific actions that will be required of the Business Associate for mitigation of the breach. If the Business Associate is a vendor of personal health records, notification of the breach will need to be made with the Federal Trade Commission. Business Associate shall be responsible for any and all costs associated with the notification and mitigation of a data breach that has occurred because of the negligence of the Business Associate. Business Associate shall be subject to prosecution by the Department of Justice for criminal violations of HIPAA if the Business Associate obtains or discloses individually identifiable health information without authorization, and shall be responsible for any an all costs associated with prosecution.
Appears in 1 contract
Samples: Professional Services Agreement
Obligations and Activities of Business Associate. a. A. Business Associate agrees not will comply with the provisions of this Agreement related to use or disclose Protected Health Information other than privacy and security of PHI and the Regulations, as permitted or required by they may be modified from time to time, and that are applicable to Business Associate. To the Agreement or as Required By Lawextent that Business Associate performs any of Covered Entity’s obligations under the Privacy Rule, Business Associate will comply with the requirements of the Privacy Rule that apply to Covered Entity in the performance of such obligation.
b. B. Business Associate agrees to use appropriate safeguards administrative, physical and technical safeguards, and comply with subpart C of 45 CFR part 164 the Security Rule with respect to electronic protected health informationPHI, to prevent the use or disclosure of the Protected Health Information PHI other than as provided for by this Agreement.
c. C. Business Associate shall ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of Business Associate agree, in writing, to comply with applicable requirements under the Regulations with respect to use and/or disclosure of PHI.
D. Business Associate will make available during normal business hours all records, books and internal practices relating to the use or disclosure of PHI to the Secretary, in a reasonable time and manner designated by the Secretary, for purposes of determining Covered Entity’s compliance with the Regulations, subject to attorney-client and other applicable legal privileges.
E. Business Associate will provide documentation regarding any disclosures by Business Associate that would be required for an accounting of disclosures to an Individual under 45 CFR § 164.528, within a reasonable amount of time of receipt of a request from Covered Entity. Any request under § 164.528 from an Individual made directly to Business Associate will be referred within five (5) business days to Covered Entity, to the extent the Individual identifies Covered Entity.
F. To the extent Business Associate maintains PHI in a Designated Record Set, Business Associate agrees to make PHI available for amendment and incorporate any amendments to PHI in accordance with the requirements of 45 C.F.R. § 164.526. Any request under § 164.526 from an Individual made directly to Business Associate will be referred within five (5) business days to Covered Entity, to the extent the Individual identifies Covered Entity.
G. To the extent Business Associate maintains PHI in a Designated Record Set, Business Associate agrees to make PHI available to the extent and in the manner required by 45 C.F.R. § 164.524. Any request under § 164.524 from an Individual made directly to Business Associate will be referred within five (5) business days to Covered Entity, to the extent the Individual identifies Covered Entity.
H. Business Associate agrees to comply with any requests for restrictions on certain disclosures of PHI to which Covered Entity has agreed in accordance with 45 C.F.R. § 164.522 and the Regulations and of which Business Associate has been notified in writing by Covered Entity.
I. Business Associate will mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity effects from any use or disclosure of the Protected Health Information PHI by Business Associate not provided for permitted by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes awareAgreement.
e. J. Business Associate agrees to ensure that notify within five (5) business days the designated Privacy Official of the Covered Entity of any agent, including a subcontractor, to whom it provides Protected Health Information received from, use or created or received disclosure of PHI by Business Associate on behalf not permitted by this Agreement, any Security Incident, and any Breach of Covered Entity agrees Unsecured PHI (the latter also referred to the same restrictions and conditions that apply through this Agreement to herein as a “Breach”) of which Business Associate with respect to such information.
f. Business Associate agrees to make internal practicesbecomes aware, booksprovided, however, that the Parties acknowledge and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received agree that this Section constitutes notice by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules.
g. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. Business Associate agrees to provide to Covered Entity of the ongoing existence and occurrence or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., attempts of this Agreement, Unsuccessful Security Incidents for which no additional notice to permit Covered Entity to respond to a request by an Individual for an accounting shall be required. “Unsuccessful Security Incidents” means, without limitation, Internet Control Message Protocol (ICMP) traffic and other broadcast attacks on Business Associate’s firewall including but not limited to, port scans, unsuccessful log-on attempts, denial of disclosures service attacks, and any combination of Protected Health Information the above so long as no such incident results in accordance with 45 CFR 164.528unauthorized access, use, disclosure, modification or destruction of electronic PHI.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees not to use or disclose Protected Health Information other than only as permitted or required by this Agreement the Agreement contract, or as Required By Lawrequired by law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, safeguard to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (c) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches . Business Associate will make such report to Covered Entity's Privacy Office within a reasonable time after Business Associate learns of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes awaresuch use or disclosure not provided for by this Agreement.
e. (d) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of of, Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (e) Business Associate agrees to make internal practices, books, practices books and records, records including policies and procedures and Protected Health Informationlnformation, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, Entity or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) mutually agreed by the Parties or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA RulesPrivacy Rule.
g. (t) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By by Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of to which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity, or as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR §164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual.
(h) Business Associate agrees to make internal practices, books, and records, records including policies and procedures and Protected Health Information, Information relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the of Covered Entity, or available to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
h. (j) Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., 2.0(i) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
Appears in 1 contract
Samples: Vision Benefits Program Agreement
Obligations and Activities of Business Associate. a. 2.1. Business Associate agrees to not to use or further disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By Law.
b. 2.2. Business Associate agrees to develop, implement, maintain, and use appropriate administrative, technical, and physical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. 2.3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. 2.4. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity Entity, agrees to the same restrictions and conditions that apply through this Agreement are applicable to Business Associate with respect to such informationunder this Agreement.
f. 2.5. Business Associate agrees to provide access to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual, in order to meet the requirements under 45 C.F.R. 164.524.
2.6. Business Associate will, upon receipt of written notice from Covered Entity, promptly amend or permit Covered Entity access to amend any portion of Protected Health Information in a Designated Record Set in order to meet the requirements of 45 C.F.R. §164.526.
2.7. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate Associate, on behalf of, Covered Entity available to the of Covered Entity, or available to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. 2.8. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR C.F.R. §164.528.
h. 2.9. Business Associate agrees to provide to Covered Entity or an IndividualEntity, within 30 calendar days after written upon request, information an accounting of disclosures of an individual’s Protected Health Information, collected in accordance with Section 1. g., 2.8 of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. §164.528 by recording information in accordance with this section (“Disclosure Information”). For non-repetitive disclosures by Business Associate of Protected Health Information, Business Associate will record: (i) the disclosure date; (ii) the name and (if known) address of the entity to which Business Associate made the disclosure; (iii) a brief description of the Protected Health Information disclosed; and (iv) a brief statement of the purpose of the disclosure. For repetitive disclosures of Protected Health Information that Business Associate makes for a single purpose to the same person or entity (including Covered Entity), the Business Associate will record either: (i) the same information for non-repetitive disclosures for each disclosure; or (ii) the same information for non-repetitive disclosures for the first such disclosure, the frequency, periodicity, or number of such repetitive disclosures, and the date of the last of the repetitive accountable disclosures. If Covered Entity requests an accounting of an Individual’s Protected Health Information more than once in any twelve (12) month period, Business Associate may impose a reasonable fee for such accounting in accordance with 45 C.F.R. §164.528(c).
2.10. Business Associate will maintain the Disclosure Information prepared in accordance with Section 2.9 of this Agreement for at least 6 years following the date of the disclosure to which the Disclosure Information relates. Business Associate will provide the Disclosure Information to Covered Entity within 30 calendar days following Covered Entity’s request for such Disclosure Information.
2.11. Business Associate acknowledges that it shall request from the Covered Entity and so disclose to its affiliates, subsidiaries, agents and subcontractors or other third parties, only the minimum Protected Health Information necessary to perform or fulfill a specific function required or permitted hereunder. “minimum necessary” shall be interpreted in accordance with the HITECH Act and government guidance on the definition.
2.12. Business Associate shall maintain the security of the Protected Health Information and prevent unauthorized uses or disclosures of such Protected Health Information.
2.13. If Business Associate conducts any Standard Transactions on behalf of Covered Entity, Business Associate shall comply with the applicable requirements of 45 C.F.R. Part 162.
2.14. Business Associate shall develop, implement, maintain, and use administrative, technical and physical safeguards necessary to reasonably and appropriately protect the confidentiality, integrity and availability of Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity, in compliance with Security Rules and the HITECH ACT.
2.15. Business Associate agrees to ensure that access to Electronic Protected Health Information related to the Covered Entity is limited to those workforce members who require such access because of their role or function.
2.16. Business Associate agrees to implement safeguards to prevent its workforce members who are not authorized to have access to such Electronic Protected Health Information from obtaining access and to otherwise ensure compliance by its workforce with the Security Rules.
2.17. Business Associate shall comply with all federal, state and local confidentiality privacy and security laws, specifically including but not limited to HIPAA and the HITECH Act.
2.18. As of the effective date specified by HHS in final regulations to be issued on this topic, Business Associate shall not directly or indirectly receive remuneration in exchange for any Individual’s PHI unless Covered Entity or the Business Associate obtained from the Individual, in accordance with 45 CFR 164.528§ 164.508, a valid authorization that includes a specification of whether the PHI can be further exchanged for remuneration by the entity receiving the Individual’s PHI, except as otherwise allowed under the HITECH Act.
2.19. Business Associate acknowledges that it is subject to civil and criminal enforcement for failure to comply with the Privacy Rule and Security Rule, as amended by the HITECH Act. Notwithstanding any other provision of this Agreement or the underlying contract(s) between the parties, Business Associate agrees to pay all penalties and reasonable expenses, including those incurred for reasonable remediation, as a result of Business Associate’s, or its subcontractors’ or agents’ acts or omissions related to its HIPAA or HITECH Act obligations.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. 2.1 Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By Law.
b. 2.2 Business Associate Associates agrees to use maintain appropriate administrative, physical and technical safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. 2.3 Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 2.4 Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. 2.5 Business Associate agrees to ensure that any agent, including a subcontractor, subcontractor to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. 2.6 If Business Associate maintains Protected Health Information in a Designated Record Set that is not also maintained by Covered Entity, Business Associate agrees to provide access to such Protected Health Information maintained to Covered Entity to enable Covered Entity to meet the requirements of 45 CFR § 164.524.
2.7 Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating any amendment(s) to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, in a Designated Record Set that the Covered Entity available directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules.
g. 2.8 Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. 2.9 Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., 2.8 of this Agreement, Agreement to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
2.10 Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to HHS for purposes of enabling HHS to determine Covered Entity's compliance with the Regulations.
2.11 Business Associate agrees to notify Covered Entity of any Breach involving Covered Entity's Unsecured Protected Health Information of which Business Associate becomes aware. Notification shall be made without unreasonable delay, but in no event more than sixty (60) days after Business Associate's discovery of the Breach.
2.12 Business Associate shall apply the safeguards required by 45 C.F.R. Sections 164.308, 164.310, 164.312 and 164.316 to Covered Entity's electronic Protected Health Information.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or further disclose Protected Health Information PHI other than as permitted or required by the this Agreement or as Required By by Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information PHI other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information or PHI by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any any; use or disclosure of the Protected Health Information PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes awareAgreement.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to provide access, at the request of Covered entity, and in the time and manner designated by Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524.
g. Business Associate agrees to make an amendment(s) to PHI maintained in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity.
h. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to at the request of the Covered Entity ot the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Covered Entity or the Secretary, for purposes purpose of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. i. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting account of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
h. j. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by Covered Entity, information collected in accordance with Section 1. g., 2(i) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR § 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. . Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement not more than twenty-four (24) hours after Business Associate learns of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. the incident. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Since Business Associate will destroy all data on electronic media provided by Covered Entity, it is understood that the Covered Entity will not be able to get access to Protected Health Information once title to disposed assets is transferred to Business Associate. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, of Covered Entity available to the Covered Entity, or to the Secretary, in a reasonable time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules.
g. Privacy Rule. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. . Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestas soon as practical, information collected in accordance with Section 1. g., “h” of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Agreement Addendum or as Required By Lawrequired by law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this AgreementAddendum.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident Addendum of which it becomes aware.
e. d. If Business Associate maintains Protected Health Information in a Designated Record Set, Business Associate agrees to ensure that any agentprovide access, including a subcontractorat Covered Entity’s request, to whom it provides Protected Health Information received fromin a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524.
e. If Business Associate maintains Protected Health Information in a Designated Record Set, Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Entity direct or created agree to pursuant to 45 CFR § 164.526 at the request of Covered Entity or received an Individual, within 10 days after receipt by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such informationrequest.
f. Business Associate agrees to make available to Covered Entity, or to the Secretary, internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to in the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the SecretarySecretary or within 5 business days of receipt of Covered Entity’s written request, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA Privacy Rules.
g. Business Associate agrees to document such disclosures of Protected Health Information not provided for by this Addendum of which Business Associate becomes aware and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar in time and manner requested by Covered Entity, but in no event more than 10 business days after written from such request, information collected documented in accordance with Section 1. g., A.1(g) of this AgreementAddendum, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
Appears in 1 contract
Samples: Membership Application Packet
Obligations and Activities of Business Associate. a. Business Associate agrees not to use or disclose Protected Health Information PHI other than as permitted or required by the Agreement this Agreement, or as Required By by Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information PHI other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information PHI by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity the Department’s Contract Manager or HIPAA Privacy and Security Officer any use or disclosure of the Protected Health Information PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, agent to whom it provides Protected Health Information PHI received fromfrom HSD, or created or received by Business Associate on behalf of Covered Entity HSD, agrees to the same restrictions and conditions that apply to Business Associate through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to provide, at HSD’s request, and in a reasonable time and manner, access to PHI in a Designated Record Set to HSD or, as directed by HSD, to an Individual in order to meet the requirements under 45 CFR § 164.524.
g. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that HSD directs or agrees to, pursuant to 45 CFR § 164.526, at the request of HSD or an Individual, and in the time and manner set forth in Department regulations.
h. Business Associate agrees to make internal practices, books, books and records, including policies and policies, procedures and Protected Health InformationPHI, relating to the use and disclosure of Protected Health Information PHI received fromfrom HSD, or created or received by Business Associate on behalf ofof HSD, Covered Entity available to the Covered Entity, HSD or to the Secretary, in Secretary within seven (7) days of receiving a time and manner (within 30 calendar days following written request from Covered Entity) HSD or designated by receiving notice of a request from the Secretary, for purposes of the Secretary Secretary’s determining Covered EntityHSD's compliance with the HIPAA RulesPrivacy Rule.
g. i. Business Associate agrees to document such disclosures of Protected Health Information PHI and information related to such disclosures as would be required for Covered Entity HSD to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR § 164.528.
h. j. Business Associate agrees to provide to Covered Entity HSD or an Individual, within 30 calendar seven (7) days after written of receipt of a request, information collected in accordance with Section 1. g., 2 of this Agreement, to permit Covered Entity HSD to respond to a request by an Individual for an accounting of disclosures of Protected Health Information PHI in accordance with 45 CFR § 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. 2.1 Business Associate agrees not to use or further disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By Law.
b. 2.2 Business Associate agrees to use appropriate implement administrative, physical, and technical safeguards that reasonably and comply with subpart C of 45 CFR part 164 with respect to electronic protected health informationappropriately protect the confidentiality, to prevent use or disclosure integrity, and availability of the electronic Protected Health Information other than as provided for by this Agreementthat it creates, receives, maintains, or transmits on behalf of Covered Entity.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 2.3 Business Associate agrees to report to Covered Entity any Security Incident, and any use or disclosure of the Protected Health Information that is not provided for by this Agreement of which it becomes awareAgreement, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. 2.4 Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information, including but not limited to, the implementation of reasonable and appropriate safeguards to protect such information.
f. 2.5 Business Associate agrees to make available Protected Health Information in a Designated Record Set, to an Individual in accordance with the requirements under 45 CFR 164.524.
2.6 Business Associate agrees to make amendment(s) to Protected Health Information in a Designated Record Set in accordance with the requirements of 45 CFR 164.526 at the request of an Individual.
2.7 Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. 2.8 Business Associate agrees to document such disclosures of Protected Health Information and make available to an Individual information related to such disclosures maintained by Business Associate as would be required for Covered Entity necessary to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with the requirements of 45 CFR 164.528.
h. 2.9 Business Associate agrees to provide use appropriate safeguards to prevent the use or disclosure of Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528other than as provided hereunder.
Appears in 1 contract
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Section 3.0 of this Agreement, or as Required By by Law.
b. . Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to report to Covered Entity Plan any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. . Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, the Plan agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Business Associate agrees to provide access, at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health Information in a Designated Record Set, to the Plan as directed, or directly to an Individual in order to meet the requirements under 45 CFR 164.524. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Plan directs or agrees to pursuant to 45 CFR 164.526 at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations. Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf ofof Plan available, Covered Entity available or at the request of the Plan or the Secretary, to the Covered Entity, Plan or to the Secretary, Secretary in a time and manner (within 30 calendar days following written request from Covered Entity) or manner, which shall be designated by the Plan or the Secretary, for purposes of the Secretary determining Covered EntityPlan's compliance with the HIPAA Rules.
g. Privacy Rule. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. . Business Associate agrees to provide to Covered Entity the Plan or an Individual, within 30 calendar days after written requestIndividual in a prompt and reasonable manner consistent with the HIPAA regulations as designated by the Plan, information collected in accordance with Section 1. g., 2.0 (i) of this Agreement, to permit Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.. Business Associate agrees to satisfy all applicable provisions of HIPAA standards for electronic transactions and code sets, also known as the Electronic Data Interchange (EDI. Standards, at 45 CFR Part 162) Business Associate further agrees to ensure that any agent, including a subcontractor that conducts standard transactions on its behalf will comply with the EDI Standards. Business Associate agrees to determine the Minimum Necessary type and amount of PHI required to perform its services and will comply with 45 CFR 164.502(b) and 514(d)
Appears in 1 contract
Samples: Employee Assistance Program
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or further disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By by Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes awareAgreement.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524.
g. Business Associate agrees to make any amendment(s) to Protected Health Information maintained in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity.
h. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. i. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. j. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by Covered Entity, information collected in accordance with Section 1. g., 2(i) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees not to use or disclose Protected Health Information other than only as permitted or required by the this Agreement for purposes of performing services on behalf of Covered Entity, for proper management and administration of Business Associate, or as Required By Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate Agreement agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a any unauthorized use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this AgreementInformation.
d. (d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware within five (5) business days after becoming so aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information in a Designated Record Set in order that Covered Entity may meet the requirements under 45 C.F.R. Section 164.524.
(g) Business Associate agrees to make amendment(s) to Protected Health Information in a Designated Record Set as required by 45 C.F.R. Section 164.526 at the request of Covered Entity.
(h) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's ’s and Business Associate’s compliance with the HIPAA RulesRegulations.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. Business Associate agrees C.F.R. Section 164.528 and to provide such information to Covered Entity (or an Individual if so directed by Covered Entity).
(j) Except as otherwise restricted by law and to the extent such laws are applicable to the services provided by Business Associate on behalf of Covered Entity, Business Associate shall comply with an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, ’s request to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures restrict disclosure of Protected Health Information if: (1) the disclosure is to a health plan for purposes of carrying out treatment, and (2) the Protected Health Information pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in accordance with 45 CFR 164.528full.
Appears in 1 contract
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity The Pelvic Health and Rehabilitation Center any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity The Pelvic Health and Rehabilitation Center agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity The Pelvic Health and Rehabilitation Center available to the Covered EntityThe Pelvic Health and Rehabilitation Center, or to the Secretary, in a time and manner ([within 30 calendar days following written request from Covered Entity) 1 week of request] or designated by the Secretary, for purposes of the Secretary determining Covered EntityThe Pelvic Health and Rehabilitation Center's compliance with the HIPAA Rules.Privacy Rule. Page 1 of 3
g. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity The Pelvic Health and Rehabilitation Center to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR � 164.528.
h. Business Associate agrees to provide to Covered Entity The Pelvic Health and Rehabilitation Center or an Individual, in a timely manner [within 30 calendar days after written 1 week of request], information collected in accordance with Section 1. g., 2 of this Agreement, to permit Covered Entity The Pelvic Health and Rehabilitation Center to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR � 164.528.
Appears in 1 contract
Samples: Business Associate Contract
Obligations and Activities of Business Associate. a. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Section 3.0 of this Agreement, or as Required By by Law.
b. . Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. . Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. . Business Associate agrees to report to Covered Entity Plan any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. . Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, the Plan agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. . Business Associate agrees to provide access, at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health Information in a Designated Record Set, to the Plan as directed, or directly to an Individual in order to meet the requirements under 45 CFR 164.524. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Plan directs or agrees to pursuant to 45 CFR 164.526 at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations. Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf ofof Plan available, Covered Entity available or at the request of the Plan or the Secretary, to the Covered Entity, Plan or to the Secretary, Secretary in a time and manner (within 30 calendar days following written request from Covered Entity) or manner, which shall be designated by the Plan or the Secretary, for purposes of the Secretary determining Covered EntityPlan's compliance with the HIPAA Rules.
g. Privacy Rule. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. . Business Associate agrees to provide to Covered Entity the Plan or an Individual, within 30 calendar days after written requestIndividual in a prompt and reasonable manner consistent with the HIPAA regulations as designated by the Plan, information collected in accordance with Section 1. g., 2.0 (i) of this Agreement, to permit Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. Business Associate agrees to determine the Minimum Necessary type and amount of PHI required to perform its services and will comply with 45 CFR 164.502(b) and 514(d).
Appears in 1 contract
Samples: Claims Administration and Cost Management Services Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or further disclose Protected Health Information other than as permitted or required by this Business Associate Agreement, the Agreement or as Required By by Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information in accordance with the requirements of the Security Rule on and after the date that Covered Entity is required to comply with the Security Rule.
(d) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Business Associate Agreement.
d. (e) Business Associate agrees to report promptly to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Business Associate Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident or the Agreement of which it becomes aware.
e. (f) Business Associate agrees to report promptly to Covered Entity any Security Incident, as that term is defined in the Security Rule, that directly pertains to Covered Entity and occurs on or after the date that Covered Entity is required to comply with the Security Rule as soon as reasonably practicable after becoming aware of such Security Incident.
(g) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information and/or Electronic Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (h) Business Associate agrees to provide access to the Covered Entity to Protected Health Information in a Designated Record Set by retrieving the specified document, item of media identified by Covered Entity or the Designated Record Set in other available format, so that the Covered Entity may respond to an Individual in order to meet the requirements under 45 CFR 164.524.
(i) Business Associate agrees that if an amendment to Protected Health Information in a Designated Record Set is required, then the Covered Entity shall instruct the Business Associate to retrieve the document, item of media identified by Covered Entity or Designated Record Set in such other available format so that the Covered Entity may make any such amendment to the Protected Health Information as may be required by either the Covered Entity or an Individual.
(j) Business Associate agrees to make its internal practices, books, books and records, including policies and procedures and Protected Health Information, records relating solely to the use and disclosure of Protected Health Information Information, received from, or created or received by Business Associate hereunder, on behalf ofof Covered Entity, Covered Entity available to the Covered Entity, or at the request of the Covered Entity, to the Secretary, in a time and manner upon receiving not less than forty-eight (within 30 calendar days following 48) hours advance written request from notification by the Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules.
g. (k) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures (but only to the extent that Covered Entity has provided Business Associate with sufficient information to know that Protected Health Information may reside in the records or data stored by Covered Entity with Business Associate). Subject to Covered Entity providing Business Associate with sufficient information upon which to make a determination as to the existence of Protected Health Information in records or data stored by Covered Entity with Business Associate, the documentation of such disclosures shall contain such information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. (l) Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin a time and manner reasonably designated by Covered Entity, information collected in accordance with Section 1. g., 2(i) of this Business Associate Agreement, to permit the Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
Appears in 1 contract
Samples: Off Site Data Storage and Retrieval Services Contract
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or further disclose Protected Health Information other than as permitted or required by the this Agreement or as Required By Law. Business Associate shall also comply with any further limitations on uses and disclosures agreed by Covered Entity in accordance with 45 C.F.R. 164.522 provided that such agreed upon limitations have been communicated to Business Associate in accordance with Section 4.1(c) of this Agreement. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner which would not be permissible under the Privacy Rules.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (c) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. (d) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (e) Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner reasonably designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Individual it may impose a reasonable, cost-based fee in accordance with 45 C.F.R. 164.524 (c)(4).
(f) Business Associate agrees to make available Protected Health Information for amendment and incorporate any amendments to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity.
(g) Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, Information relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's ’s compliance with the HIPAA RulesPrivacy Rule.
g. (h) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR C.F.R. 164.528.
h. (i) Business Associate agrees to provide to Covered Entity or an IndividualEntity, within 30 calendar days after written requestin the time and manner reasonably designated by Covered Entity, the information collected in accordance with Section 1. g., 2(h) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR C.F.R. 164.528.
(j) Business Associate acknowledges that it shall request from the Covered Entity and so disclose to its affiliates, subsidiaries, agents and subcontractors or other third parties, only the minimum Protected Health Information necessary to perform or fulfill a specific function required or permitted hereunder.
(k) If Business Associate conducts any Standard Transactions (as defined in 45 C.F.R. Part 162) on behalf of Covered Entity, Business Associate shall comply with the applicable requirements of 45 C.F.R. Part 162.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. 1. Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
b. 2. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. 3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. 4. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.. Sample
e. 5. Business Associate agrees to ensure that any agent, including a subcontractorsubBusiness Associate, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. 6. Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements of 45 CFR § 164.524.
7. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by the Covered Entity.
8. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from designated by the Covered Entity) Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Privacy and Security Rules.
g. 9. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
h. 10. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written requestin time and manner designated by the Covered Entity, information collected in accordance with Section 1. g., B of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
11. Business Associate shall maintain a comprehensive security program appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities as defined in the Security Rule.
12. Business Associate and its agents and subBusiness Associate are prohibited from directly or indirectly receiving any remuneration in exchange for an individual’s protected health information unless the individual provides a valid authorization.
13. Business Associate shall contact the Covered Entity immediately in the event that a breach of data has been discovered for unprotected health information.
13.1 The notification should include the identification of each individual whose unsecured protected health information has been, or is reasonably believed to have been accessed, acquired or disclosed during such breach.
13.2 Notification to individuals must be made within 60 days from discovering the breach. Notification must be coordinated with and approved by the Covered Entity. Sample
13.3 Covered Entity will coordinate with Business Associate in the determination of additional specific actions that will be required of the Business Associate for mitigation of the breach.
13.4 If the Business Associate is a vendor of personal health records, notification of the breach will need to be made with the Federal Trade Commission.
14. Business Associate shall be responsible for any and all costs associated with the notification and mitigation of a data breach that has occurred because of the negligence of the Business Associate.
15. Business Associate shall be subject to prosecution by the Department of Justice for criminal violations of HIPAA if the Business Associate obtains or discloses individually identifiable health information without authorization, and shall be responsible for any an all costs associated with prosecution.
Appears in 1 contract
Samples: Business Associate Agreement
Obligations and Activities of Business Associate. a. (a) Business Associate agrees to not to use or disclose Protected Health Information other than as permitted or required by the Agreement Section 3.0 of this Agreement, or as Required By by Law.
b. (b) Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. (c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. (d) Business Associate agrees to report to Covered Entity Plan any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware.
e. (e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity of, the Plan agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. (f) Business Associate agrees to provide access, at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health Information in a Designated Record Set, to the Plan as directed, or directly to an Individual in order to meet the requirements under 45 CFR 164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Plan directs or agrees to pursuant to 45 CFR 164.526 at the request of Plan or an Individual, and in a prompt and reasonable manner consistent with the HIPAA regulations.
(h) Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf ofof Plan available, Covered Entity available or at the request of the Plan or the Secretary, to the Covered Entity, Plan or to the Secretary, Secretary in a time and manner (within 30 calendar days following written request from Covered Entity) or manner, which shall be designated by the Plan or the Secretary, for purposes of the Secretary determining Covered EntityPlan's compliance with the HIPAA RulesPrivacy Rule.
g. (i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
h. (j) Business Associate agrees to provide to Covered Entity the Plan or an Individual, within 30 calendar days after written requestIndividual in a prompt and reasonable manner consistent with the HIPAA regulations as designated by the Plan, information collected in accordance with Section 1. g., 2.0 (i) of this Agreement, to permit Covered Entity Plan to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
(k) Business Associate agrees to determine the Minimum Necessary type and amount of PHI required to perform its services and will comply with 45 CFR 164.502(b) and 514(d).
Appears in 1 contract
Samples: Claims Administration and Cost Management Services Agreement
