Common use of OBLIGATIONS OF BA Clause in Contracts

OBLIGATIONS OF BA. In connection with its use of PHI disclosed by County to BA, XX agrees to: A. Implement appropriate administrative, technical, and physical safeguards as are necessary to prevent use or disclosure of PHI other than as permitted by the Agreement that reasonably and appropriately protects the confidentiality, integrity, and availability of the PHI in accordance with Title 45 of the Code of Federal Regulations, Part 160 and Part 164, Subparts A and C (the “HIPAA Privacy Rule” and the “HIPAA Security Rule”) in effect or as may be amended, including but not limited to 45 CFR 164.308, 164.310, 164.312, and 164.504(e)(2). BA shall comply with the policies, procedures, and documentation requirements of the HIPAA Security Rule. B. Report to County within 24 hours of any suspected or actual breach of security, intrusion, or unauthorized use or disclosure of PHI of which BA becomes aware and/or any actual or suspected use or disclosure of data in violation of any applicable federal or state laws or regulations. BA shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. C. Report to County in writing of any access, use, or disclosure of PHI not permitted by the Underlying Agreement and this Business Associate Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than five (5) days. To the extent the Breach is solely a result of BA’s failure to implement reasonable and appropriate safeguards as required by law, and not due in whole or part to the acts or omissions of the County, BA may be required to reimburse the County for notifications required under 45 CFR 164.404 and CFR 164.406. D. BA shall not use or disclose PHI for fundraising or marketing purposes. BA shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates. BA shall not directly or indirectly receive remuneration in exchange of PHI, except with the prior written consent of the County and as permitted by the HITECH Act, 42 USC Section 17935(d)(2); however, this prohibition shall not affect payment by County to BA for services provided pursuant to the Agreement.

OBLIGATIONS OF BA. In connection with its use of PHI disclosed by County to Countyto BA, XX BA agrees to: A. Implement appropriate administrative, technical, and physical safeguards as are necessary to prevent use or disclosure of PHI other than as permitted by the Agreement that reasonably and appropriately protects the confidentiality, integrity, and availability of the PHI in accordance with Title 45 of the Code of Federal Regulations, Part 160 and Part 164, Subparts A and C (the “HIPAA Privacy Rule” and the “HIPAA Security Rule”) in effect or as may be amended, including but not limited to 45 CFR 164.308, 164.310, 164.312164.308,164.310,164.312, and 164.504(e)(2). BA shall comply with the policies, procedures, policies and procedures and documentation requirements of the HIPAA Security Rule. B. Report to County within 24 hours of any suspected or actual breach of security, intrusion, or unauthorized use or disclosure of PHI of which BA becomes aware and/or any actual or suspected use or disclosure of data in violation of any applicable federal or state laws or regulations. BA shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. C. Report to County in writing of any access, use, use or disclosure of PHI not permitted by the Underlying Agreement and this Business Associate Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than five (5) days. To the extent the Breach is solely a result of BA’s failure to implement reasonable implementreasonable and appropriate safeguards as required by law, and not due in whole or part to the acts or omissions of the County, BA may be required to reimburse the County for notifications required under 45 CFR 164.404 and CFR 164.406. D. BA shall not use or disclose PHI for fundraising or marketing purposes. BA shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates. BA shall not directly or indirectly receive remuneration in exchange of PHI, except with the prior written consent of the County and as permitted by the HITECH Act, 42 USC Section 17935(d)(2); however, this prohibition shall not affect payment by County to BA for services provided pursuant to the Agreement.

OBLIGATIONS OF BA. In connection with its use of PHI disclosed by County to BA, XX agrees to: A. Implement appropriate administrative, technical, and physical safeguards as are necessary to prevent use or disclosure of PHI other than as permitted by the Agreement that reasonably and appropriately protects the confidentiality, integrity, and availability of the PHI in accordance with Title 45 of the Code of Federal Regulations, Part 160 and Part 164, Subparts A and C (the “HIPAA Privacy Rule” and the “HIPAA Security Rule”) in effect or as may be amended, including but not limited to 45 CFR 164.308, 164.310, 164.312164.308,164.310,164.312, and 164.504(e)(2). BA shall comply with the policies, procedures, policies and procedures and documentation requirements of the HIPAA Security Rule. B. Report to County within 24 hours of any suspected or actual breach of security, intrusion, or unauthorized use or disclosure of PHI of which BA becomes aware and/or any actual or suspected use or disclosure of data in violation of any applicable federal or state laws or regulations. BA shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. C. Report to County in writing of any access, use, use or disclosure of PHI not permitted by the Underlying Agreement and this Business Associate Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than five (5) days. To the extent the Breach is solely a result of BA’s failure to implement reasonable and appropriate safeguards as required by law, and not due in whole or part to the acts or omissions of the County, BA may be required to reimburse the County for notifications required under 45 CFR 164.404 and CFR 164.406. D. BA shall not use or disclose PHI for fundraising or marketing purposes. BA shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates. BA shall not directly or indirectly receive remuneration in exchange of PHI, except with the prior written consent of the County and as permitted by the HITECH Act, 42 USC Section 17935(d)(2); however, this prohibition shall not affect payment by County to BA for services provided pursuant to the Agreement.

OBLIGATIONS OF BA. In connection with its use of PHI disclosed by County to BA, XX agrees to: A. Implement appropriate administrative, technical, and physical safeguards as are necessary to prevent use or disclosure of PHI other than as permitted by the Agreement that reasonably and appropriately protects the confidentiality, integrity, and availability of the PHI in accordance with Title 45 of the Code of Federal Regulations, Part 160 and Part 164, Subparts A and C (the “HIPAA Privacy Rule” and the “HIPAA Security Rule”) in effect or as may be amended, including but not limited to 45 CFR 164.308, 164.310, 164.312, and 164.504(e)(2)) . BA shall comply with the policies, procedures, and documentation requirements of the HIPAA Security Rule. B. Report to County within 24 hours of any suspected or actual breach of security, intrusion, or unauthorized use or disclosure of PHI of which BA becomes aware and/or any actual or suspected use or disclosure of data in violation of any applicable federal or state laws or regulations. BA shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. C. Report to County in writing of any access, use, or disclosure of PHI not permitted by the Underlying Agreement and this Business Associate Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than five (5) days. To the extent the Breach is solely a result of BA’s failure to implement reasonable and appropriate safeguards as required by law, and not due in whole or part to the acts or omissions of the County, BA may be required to reimburse the County for notifications required under 45 CFR 164.404 and CFR 164.406. D. BA shall not use or disclose PHI for fundraising or marketing purposes. BA shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates. BA shall not directly or indirectly receive remuneration in exchange of PHI, except with the prior written consent of the County and as permitted by the HITECH Act, 42 USC Section 17935(d)(2); however, this prohibition shall not affect payment by County to BA for services provided pursuant to the Agreement.

OBLIGATIONS OF BA. In connection with its use of PHI disclosed by County to BA, XX agrees to: A. Implement appropriate administrative, technical, and physical safeguards as are necessary to prevent use or disclosure of PHI other than as permitted by the Agreement that reasonably and appropriately protects the confidentiality, integrity, and availability of the PHI in accordance with Title 45 of the Code of Federal Regulations, Part 160 and Part 164, Subparts A and C (the “HIPAA Privacy Rule” and the “HIPAA Security Rule”) in effect or as may be amended, including but not limited to 45 CFR 164.308, 164.310, 164.312164.308,164.310,164.312, and 164.504(e)(2). BA shall comply with the policies, procedures, and documentation requirements of the HIPAA Security Rule. B. Report to County within 24 hours of any suspected or actual breach of security, intrusion, or unauthorized use or disclosure of PHI of which BA becomes aware and/or any actual or suspected use or disclosure of data in violation of any applicable federal or state laws or regulations. BA shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. C. Report to County in writing of any access, use, or disclosure of PHI not permitted by the Underlying Agreement and this Business Associate Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than five (5) days. To the extent the Breach is solely a result of BA’s failure to implement reasonable and appropriate safeguards as required by law, and not due in whole or part to the acts or omissions of the County, BA may be required to reimburse the County for notifications required under 45 CFR 164.404 and CFR 164.406. D. BA shall not use or disclose PHI for fundraising or marketing purposes. BA shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates. BA shall not directly or indirectly receive remuneration in exchange of PHI, except with the prior written consent of the County and as permitted by the HITECH Act, 42 USC Section 17935(d)(2); however, this prohibition shall not affect payment by County to BA for services provided pursuant to the Agreement.