Obligations and Activities of the Business Associate. (a) Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required by Law.
(b) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
(c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
(d) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware.
(e) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to the Business Associate with respect to such information.
(f) Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524.
(g) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual, and in the time and manner specified by the Covered Entity.
(h) Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of the Covered Entity, available to the Secretary, in a time and manner specified by the Covered Entity or designated by the Secretary, for purposes of the Secretary determining the Covered Entity's compliance with the Privacy Rule.
(i) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected H...
Obligations and Activities of the Business Associate. (a) The Business Associate shall not use or disclose PHI other than as permitted or required by the Agreement or as required by law.
(b) The Business Associate shall use appropriate safeguards, and comply with the HIPAA Rules and DoD HIPAA Issuances incorporated by reference in this document Issuances with respect to PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.
(c) The Business Associate shall report to the Covered Entity any breach of which it becomes aware, and shall proceed with breach response steps as required by Part V of this agreement. With respect to electronic PHI, the Business Associate shall also respond to any security incident of which it becomes aware in accordance with any cybersecurity provisions of the Agreement. If at any point the Business Associate becomes aware that a security incident involves a breach, the Business Associate shall immediately initiate breach response as required by PartV of this BAA.
(d) In accordance with DoDM 6025.18, paragraph 3.3.c.(3)(b)4, 45 CFR §164.502(e)(1)(ii)) and §164.308(b)(2),the Business Associate shall ensure that any (and all) subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to PHI, specifically the responsibilities laid out in the DoD HIPAA Issuances incorporated by reference in this agreement. PHI.
(e) The business associate may disclose PHI to a business associate that is a subcontractor and may allow the subcontractor to create, receive, maintain, or transmit PHI on its behalf, if the business associate obtains satisfactory assurances, in accordance with DoDM 6025.18, paragraph 4.5.e.(1), that the subcontractor will appropriately safeguard the information.
(f) The Business Associate shall make available PHI in a Designated Record Set, to the Covered Entity or, as directed by the Covered Entity, to an Individual, as necessary to satisfy the Covered Entity obligations under 45 CFR §164.524 and DoDM 6025.18, paragraph 5.3.c.
(g) The Business Associate shall make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR § and DoDM 6025.18, paragraph 5.4.
(h) The Business Associate shall maintain and make available the information required to provide an accounting of disclosures to the Covered Entity or an individual as necessary to satisfy the...
Obligations and Activities of the Business Associate. Use and Disclosure of PHI
3.1 The Business Associate shall not use or disclose PHI other than as permitted or required by this BAA or as required by law. Business Associate may:
a. Use and disclose PHI only as necessary to perform its obligations under the Agreement, provided that such use or disclosure would not violate HIPAA Laws if done by the County;
b. Use the PHI received in its capacity as a Business Associate of the County for its proper management and administration and to fulfill any legal responsibilities of Business Associate;
c. Disclose PHI in its possession to a third party for the proper management and administration of Business Associate, or to fulfill any legal responsibilities of Business Associate, provided that the disclosure would not violate HIPAA Laws if made by the County, or is required by law, and Business Associate has received from the third party written assurances that (i) the information will be kept confidential and used or further disclosed only for the purposes for which it was disclosed to the third party or as required by law; (ii) the third party will notify Business Associate of any instances of which it becomes aware in which the confidentiality of the information may have been breached; and (iii) the third party has agreed to implement reasonable and appropriate steps to safeguard the information;
d. Use PHI to provide data aggregation activities relating to the operations of the County; and
e. De-identify any and all PHI created or received by Business Associate under the Agreement, provided that the de-identification conforms to the requirements of the HIPAA Laws.
3.2 Business Associate shall limit its use and disclosure of, and request for PHI when practical or as required by law, to the information making up a Limited Data Set, as defined by HIPAA, and in all other cases subject to the requirements of 45 CFR 164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request.
3.3 Business Associate is prohibited from selling PHI, using PHI for marketing purposes, or attempting to re-identify any PHI information in violation of HIPAA Laws.
3.4 Business Associate shall implement administrative, physical, and technical safeguards that protect the confidentiality, integrity and availability of PHI that it creates, receives, maintains, or transmits on behalf of the County. The safeguards shall include written policies, procedures, a security risk assessment, traini...
Obligations and Activities of the Business Associate. Compliance. Business Associate agrees to comply with the HIPAA and HITECH Rules, and other applicable state or federal law, to ensure the protection of the Department’s PHI, and only use and disclose PHI consistent with the Department’s minimum necessary policy and the legal requirements of this Agreement. Business Associate may not use or disclose PHI in a manner that would violate the HIPAA or HITECH Rules or other state or federal law if performed by the Department.
Obligations and Activities of the Business Associate. 2.1 Business Associate agrees not to use or further disclose PHI, acquired from or accessed via the Covered Entity, other than as permitted or required by the Agreement or as Required by Law.
2.2 Business Associate agrees to comply with the standards, implementation specifications, and requirements of Subpart C of 45 C.F.R. Part 164 with respect to Electronic Protected Health Information of the Covered Entity.
2.3 Business Associate agrees to mitigate, to the extent practicable, any harmful effect, which is known to Business Associate, resulting from a use or disclosure of PHI discovered by Business Associate, as defined in 45 C.F.R. § 164.410(a)(2), that is not permitted or required by this Agreement or as Required by Law.
2.4 Business Associate agrees to report to the Covered Entity, within the timeframe provided in 45 C.F.R. § 164.410(b), a Security Incident, as defined in 45 C.F.R. § 164.304, or other use or disclosure of PHI, including unsecured PHI, that is not permitted or required by this Agreement or as Required by Law of which Business Associate discovers, as defined at 45 C.F.R. § 164.410.
2.5 Business Associate agrees to ensure that any Subcontractor to whom Business Associate provides PHI, which it received from the Covered Entity, or received on behalf of the Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such PHI, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2).
2.6 Business Associate agrees to provide, at the request of the Covered Entity, an Individual access to PHI about the Individual, as contained in a Designated Record Set, following the Individual’s request for access to the Covered Entity, in compliance with the requirements under 45 C.F.R. § 164.524.
2.7 Business Associate agrees to make any amendment(s) to an Individual’s PHI, as contained in a Designated Record Set, that the Individual or Covered Entity directs Business Associate to make, pursuant to 45 C.F.R. § 164.526 at the request of an Individual.
2.8 Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI – either received from the Covered Entity, created by the Covered Entity, or received on behalf of the Covered Entity – available to the Covered Entity, or at the request of the Covered Entity, to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for purposes of the Secreta...
Obligations and Activities of the Business Associate. Use and Disclosure of PHI
3.1 The Business Associate must not use or disclose PHI other than as permitted or required by this BAA or as required by law. Business Associate may:
a. Use and disclose PHI only as necessary to perform its obligations under the Agreement, provided that such use or disclosure would not violate HIPAA Laws if done by County;
b. Use the PHI received in its capacity as a Business Associate of County for its proper management and administration and to fulfill any legal responsibilities of Business Associate;
c. Disclose PHI in its possession to a third party for the proper management and administration of Business Associate, or to fulfill any legal responsibilities of Business Associate, provided that the disclosure would not violate HIPAA Laws if made by County, or is required by law, and Business Associate has received from the third party written assurances that (i) the information will be kept confidential and used or further disclosed only for the purposes for which it was disclosed to the third party or as required by law;
Obligations and Activities of the Business Associate. 1. Business Associate agrees to keep records and submit compliance reports as well as follow all other requirements regarding compliance with 45 CFR § 160.310.
2. Business Associate agrees to acknowledge that if the Secretary determines that the business associate has violated any administrative provision then the business associate is subject to a civil money penalty pursuant to 45 CFR § 160.402.
3. Business Associate agrees to ensure the confidentiality, integrity, and availability of all electronic protected health information the business associate creates, receives, maintains, or transmits.
4. Business Associate must review and modify security measures implemented as needed to continue to protect electronic protected health information, and update documentation of such security measures in accordance with 45 CFR § 164.316.
5. Business Associate must implement policies and procedures to comply with administrative safeguards pursuant to 45 CFR § 164.308.
6. Business Associate must implement policies and procedures to comply with physical safeguards pursuant to 45 CFR § 164.310.
7. Business Associate must implement policies and procedures to comply with technical safeguards pursuant to 45 CFR § 164.312.
8. Business Associate agrees to notify MSH of any breach of unsecured protected health information within 5 days so that MSH can notify and identify, at the business associate’s expense, each Individual whose unsecured protected health information has been acquired, accessed, or disclosed within 60 days.
9. Business Associate agrees to notify MSH of any breach within 5 days by utilizing the MSH Privacy Violation Report for Business Associates form (hereafter referred to as Attachment A) attached with this Agreement.
10. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the business associate of a use or disclosure of protected health information by the business associate in violation of the requirements of this Agreement.
11. Business Associate agrees that discovery of the breach will be treated as of the first day that the business associate knew of the breach or, by exercising reasonable diligence, would have been known to the business associate.
12. Business Associate may use or disclose protected health information only as permitted or required by this agreement or as required by law.
13. Business Associate agrees to provide MSH with protected health information in order for MSH to satisfy MSH’s obli...
Obligations and Activities of the Business Associate. 2.1. The BA agrees to:
Obligations and Activities of the Business Associate. Business Associate Agrees to:
Obligations and Activities of the Business Associate. Business Associate agrees to:
1. Create, receive, maintain, transmit, use, or disclose PHI only in a manner that is consistent with the Agreement or as required by law. Business Associate may only use or disclose PHI needed to perform the duties set forth in the Adoption Agreement for the treatment, payment or health care operations of the Covered Entity. Such instances include, but are not limited to: communicating with patient assistance programs on behalf of a covered member, obtaining prescriptions and other PHI from a covered member’s health care provider, obtaining manufacturer coupons, and other activities needed to support the Covered Entity’s obligations.
2. Use or disclose PHI as required by law or as permitted by this Agreement. Business Associate shall not use or disclose PHI in a manner that would violate the Privacy Rule. Business Associate shall not release or sell individual PHI to engage in marketing or fundraising activities without prior authorization from the individual.
3. Use or disclose PHI for the proper management and administration of Business Associate, or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware that confidentiality of the information has been breached. Business Associate may use PHI to create de-identified information that may be used or disclosed by Business Associate for any lawful purpose, provided that the information has been de-identified in accordance with the de-identification requirements of 45 C.F.R. 164.51.
4. Use appropriate safeguards, and establish, implement and maintain administrative, physical and technical safeguards that comply with Subpart C of 45 CFR Part 164 with respect to Electronic PHI (the “Security Rule”), to prevent use or disclosure of PHI other than as provided for by the Agreement.
5. Report to the Covered Entity any use or disclosure of PHI not provided by the Agreement of which it becomes aware, including Breaches of Unsecured PHI as required by 45 CFR 164.410, and any Security Incident of which it becomes aware.
a. In the event of a Breach by the Business Associate of Unsecured PHI...