Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to: a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law. b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement. c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure. d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § 164.524 of the Regulations. f. Notify Covered entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § 164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI. g. Document disclosure of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § 164.528 of the Regulations. h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § 164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting. i. Make internal practices, books and records, including policies and procedures relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule. j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, received, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations. k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI. l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach. m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI in a secure manner, as required under federal law. n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA. o. To comply with any and all regulatory requirements, which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund raising restrictions.
Appears in 2 contracts
Samples: Professional Services, Professional Services
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § 164.524 of the Regulations.
f. Notify Covered entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § 164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § 164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § 164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. Make internal practices, books and records, including policies and procedures relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, received, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX EPHI agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund raising restrictions.
Appears in 2 contracts
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § C.F.R. '164.524 of the Regulations.
f. Notify Covered entity Entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entityEntity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § '164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. Make internal practices, books books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, receivedreceives, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI electronic protected health information in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, requirements which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund fund-raising restrictions.
Appears in 1 contract
Samples: Professional Services
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § 164.524 of the Regulations.
f. Notify Covered entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § 164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § 164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § 164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. Make internal practices, books and records, including policies and procedures relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, received, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund fund-raising restrictions.
Appears in 1 contract
Samples: Professional Services
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § C.F.R. '164.524 of the Regulations.
f. Notify Covered entity Entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entityEntity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § '164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. I. Make internal practices, books and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, receivedreceives, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI electronic protected health information in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, requirements which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund raising restrictions.
Appears in 1 contract
Samples: Mental Health Services Agreement
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functionsFunctions, Business Associate agrees toas follows:
a. Use and/or To not use or disclose PHI only other than as permitted or required by this Agreement Section or as required Required by lawLaw.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this AgreementSection.
c. Report to Covered Entity, by contacting, in writing, Covered Entity’s Privacy Officer, within a reasonable time ten days after discovery, any use or disclosure of the PHI not provided for by this Agreement Section of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require Ensure that any agent, including a subcontractor, to whom it Business Associate provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees Entity, agrees, in writing, to the same restrictions and conditions that apply through this Agreement Section to Business Associate with respect to such information.
e. Provide accessaccess by Covered Entity, at the request of Covered Entity, within a reasonable amount of time after requestrequest to PHI, to PHI to Covered Entity or, as directed by Covered Entity, to an individual Individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § 164.524 of the Regulations.
f. Notify Covered entity Entity, by contacting Covered Entity’s Privacy Officer, in writing, within three (3) business days of a request by an individual Individual to amend PHI maintained by Business Associate on behalf of Covered entityAssociate, direct the requesting individual Individual to the Covered Entity in for the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § 164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual Individual for an accounting of disclosures of PHI in accordance with § 164.528 of the Regulations.
h. Provide to Covered Entity or an Individual, within thirty days, information collected in accordance with Section IV (g) of this Section, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. C.F.R. § 164.528 of the Regulations164.528.
h. i. Notify Covered Entity by contacting Covered Entity’s Privacy Officer, in writing, within three (3) business days of any request by an individual Individual for an accounting of disclosures, direct the requesting individual Individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § 164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. j. Make internal practices, books and records, including policies and procedures procedures, and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or as designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Privacy Rule.
j. Implement administrative. Upon fulfilling such a request by the Secretary, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, received, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity notify, in mitigating any harmful effects writing, the City of such security incident or breachrequest and shall indicate to City what was provided the Secretary in response to such request.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund raising restrictions.
Appears in 1 contract
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § C.F.R. '164.524 of the Regulations.
f. Notify Covered entity Entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entityEntity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § '164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. I. Make internal practices, books and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s =s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, receivedreceives, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI electronic protected health information in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, requirements which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund fund-raising restrictions.
Appears in 1 contract
Samples: Professional Services
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § C.F.R. '164.524 of the Regulations.
f. Notify Covered entity Entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entityEntity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § '164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. I. Make internal practices, books and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s =s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, receivedreceives, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI electronic protected health information in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, requirements which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund raising restrictions.
Appears in 1 contract
Samples: Professional Services
Obligations and Assurances of Business Associate. As an express condition of performing Business Associate functions, Business Associate agrees to:
a. Use and/or disclose PHI only as permitted or required by this Agreement or as required by law.
b. Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for in this Agreement.
c. Report to Covered Entity, within a reasonable time after discovery, any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such unauthorized disclosure.
d. Require that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
e. Provide access, at the request of Covered Entity, within a reasonable time after request, to PHI to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of 45 C.F.R 45 C.F. R. § C.F.R. '164.524 of the Regulations.
f. Notify Covered entity Entity within three (3) business days of a request by an individual to amend PHI maintained by Business Associate on behalf of Covered entityEntity, direct the requesting individual to the Covered Entity in the handling of such request, and incorporate any amendment accepted by the Covered Entity in accordance with § '164.526 of the Regulations. Business Associate is not authorized to independently agree to an amendment of PHI.
g. Document disclosure disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations.
h. Notify Covered Entity within three (3) business days of any request by an individual for an accounting of disclosures, direct the requesting individual to the Covered Entity in the handling of such request, and provide Covered Entity within ten (10) days thereafter with all information in its possession or in the possession of its agents, and contractors, which is needed to permit Covered Entity to respond to the request for accounting in accordance with 45 C.F. R. § C.F.R. '164.528 of the Regulations. Business Associate agrees to retain necessary records from which to respond to the requests for an accounting.
i. I. Make internal practices, books and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, within a reasonable time after request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s =s compliance with the Privacy Rule.
j. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Business Associate creates, receivedreceives, maintains, or transmits on behalf of the Covered Entity as required by Subpart C of the Regulations.
k. Ensure that any agent, including a subcontractor, to whom the Business Associate provides such XXXX EPHI agrees to implement reasonable and appropriate safeguards to protect EPHI.
l. Report to Covered Entity, within a reasonable time after discovery, any security incident or breach regarding EPHI not provided for by this Agreement of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. Business Associate shall cooperate with Covered Entity as requested by Covered Entity in mitigating any harmful effects of such security incident or breach.
m. To comply with the security rules as required by HITECH, in a manner consistent with rules and regulations that may be adopted by relevant federal agencies, to keep all EPHI electronic protected health information in a secure manner, as required under federal law.
n. To comply with the confidentiality, disclosure, breach notification, compliance and re-disclosure requirements of HITECH and HIPAA.
o. To comply with any and all regulatory requirements, requirements which may arise in future to comply fully with HIPAA and HITECH, including but not limited to, restrictions on disclosures to health plans, clarified minimum necessary standards, expanded accounting requirements applicable to electronic health records, revised prohibitions on the sales of PHI, and updated marketing and fund raising restrictions.
Appears in 1 contract
Samples: Mental Health Services Agreement
