Obligations and Activities of Covered Entity. Covered Entity shall notify Business Associate of the provisions and any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR § 164.520, to the extent that such provisions and limitation(s) may affect Business Associate’s Use or Disclosure of Protected Health Information. • Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that the changes or revocation may affect Business Associate’s use or disclosure of Protected Health Information. • Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR §164.522, and also notify Business Associate regarding restrictions that must be honored under section 13405(a) of the HITECH Act, to the extent that such restrictions may affect Business Associate’s Use or Disclosure of Protected Health Information. • Covered Entity shall notify Business Associate of any modifications to accounting disclosures of Protected Health Information under 45 CFR § 164.528, made applicable under Section 13405(c) of the HITECH Act, to the extent that such restrictions may affect Business Associate’s use or disclosure of Protected Health Information. • Business Associate shall provide information to Covered Entity via email or phone call, wherein such information is required to be provided to Covered Entity as agreed to by Business Associate in paragraph 2(d) of this Agreement. Covered Entity reserves the right to modify the manner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the HIPAA Rules or the HITECH Act, and Business Associate is provided sixty (60) business days notice before the requested modification takes effect. • Covered Entity shall not require Business Associate to Use or Disclose Protected Health Information in any manner that would not be permissible under the HIPAA Rules if done by the Covered Entity.
Obligations and Activities of Covered Entity. Covered Entity agrees as follows:
a. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 C.F.R. § 164.520 to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information.
b. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information.
c. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522 to the extent that such restriction may affect Business Associate’s use or disclosure of Protected Health Information.
d. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.
Obligations and Activities of Covered Entity. A. Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
B. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect Business Associate's use and disclosure of PHI.
C. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
Obligations and Activities of Covered Entity. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions.
Obligations and Activities of Covered Entity. 1. The Covered Entity may use or disclose these data sets upon execution of this Agreement by the Data Recipient.
2. The Covered Entity is exempt from the accounting of disclosure of a data set in accordance with 45 CFR 164.
3. The Covered Entity may use or disclose a data set only for the purposes of research, public health or health care operations.
Obligations and Activities of Covered Entity. 3.1. Covered Entity shall notify McLaren of the provisions and any limitation(s) in its Notice of Privacy Practices of Covered Entity in accordance with 45 CFR §164.520, to the extent that such provisions and limitation(s) may affect McLaren's Use or Disclosure of PHI.
3.2. Covered Entity shall notify McLaren of any changes in, or revocation of, permission by an Individual to Use or Disclose PHI, to the extent that the changes or revocation may affect McLaren's Use or Disclosure of PHI.
3.3. Covered Entity shall notify McLaren of any restriction to the Use or Disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, and also notify McLaren regarding restrictions that must be honored under section 13405(a) of the HITECH Act, to the extent that such restrictions may affect McLaren's Use or Disclosure of PHI.
3.4. Covered Entity shall notify McLaren of any modifications to accounting for Disclosures of PHI under 45 CFR §164.528, made applicable under Section 13405(c) of the HITECH Act, to the extent that such restrictions may affect McLaren's Use or Disclosure of PHI.
3.5. Covered Entity shall provide McLaren, within thirty (30) business days of Covered Entity executing this Agreement, a description and/or specification regarding the manner and format in which McLaren shall provide information to Covered Entity, wherein such information is required to be provided to Covered Entity as agreed to by McLaren. Covered Entity reserves the right to modify the manner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the HIPAA Rules and McLaren is provided thirty (30) business days’ notice before the requested modification takes effect.
Obligations and Activities of Covered Entity. BA and/or BA’s employees will disclose certain PHI to CE pursuant to the terms of the Underlying Agreement, and CE agrees to:
(a) Not use or disclose PHI other than as permitted or required by this Agreement or as required by law.
(b) Use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to PHI collected and retained by CE, to prevent use or disclosure of PHI other than as provided for by this Agreement.
(c) Immediately report to BA disclosure of protected health information of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any other security incident (collectively “Security Incident”). CE further agrees to provide BA with the following information regarding the Security Incident as soon as possible, but no more than five (5) business days after becoming aware of the Security Incident: (1) a brief description of what happened, including the dates the Security Incident occurred and was discovered; (2) confirmation that it is able to reproduce the PHI involved in the Security Incident; and (3) a description of whether and how the PHI involved in the Security Incident was rendered unusable, unreadable, or indecipherable to unauthorized individuals either by encryption or otherwise destroying the PHI prior to disposal. If CE determines that it is infeasible to reproduce the PHI involved in the Security Incident, CE agrees to notify BA in writing of the conditions that make reproduction infeasible and any information CE has regarding the PHI involved. CE agrees that BA will review all Security Incidents reported by CE and BA, in its sole discretion, will take steps in response, to the extent necessary or required by law including, but not limited to, (1) notifying the individual(s) whose PHI was involved in the Security Incident, either in writing, via telephone, through the media, or by posting a notice on CE’s website, or through a combination of those methods, of the Security Incident; and (2) providing notice of the Security Incident to the Secretary of the United States Department of Health and Human Services (“HHS”).
(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any BAs or subcontractors that create, receive, maintain, or transmit protected health information on behalf of the CE agree in writing to the same restrictions, conditions, and requirements that apply to the CE with respect to such information.
(e...
Obligations and Activities of Covered Entity. With regard to the use and disclosure of PHI, Covered Entity hereby agrees as follows:
(a) Covered Entity represents and warrants to Business Associate that it has obtained, and will obtain, from Individuals, any required consents, authorizations and other permissions necessary under applicable laws to enable Covered Entity and Business Associate to fulfill their obligations under this Addendum and the Agreement.
(b) Covered Entity shall promptly notify Business Associate in writing of any restrictions on the use and disclosure of PHI or changes in, revocation of, or permission by an Individual to use or disclose PHI about Individuals that Covered Entity has agreed to, that could reasonably be expected to affect Business Associate’s ability to perform its obligations under this Addendum or the Agreement.
(c) Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA if done by Covered Entity.
(d) Covered Entity shall disclose to Business Associate only the minimum necessary amount of PHI to accomplish the purpose of the disclosures, in accordance with 45
Obligations and Activities of Covered Entity. Covered Entity shall notify Business Associate of any limitation(s) or change in its notice of privacy practices in accordance with 45 CFR § 164.520 to the extent that such limitation may affect Business Associate's use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may impact Business Associate's use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.
Obligations and Activities of Covered Entity