Obligations of Business Associate a. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this Agreement or as Required By Law.
b. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware.
e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.
f. Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524.
g. Business Associate agrees, at the request of the Covered Entity, to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526.
h. Unless otherwise prohibited by law, Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Davidson County Department of Social Services, in a time and manner designated by the Secretary, for purposes of the Davidson County Department of Social Services determining Covered Entity's compliance with the Privacy Rule.
i. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in acco...
Obligations of Business Associate. Business Associate agrees to:
i. Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;
ii. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;
iii. Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;
iv. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;
v. Make available protected health information in a designated record set to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.524;
vi. Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR 164.526;
vii. To the extent required by regulators, maintain and make available the information required to provide an accounting of disclosures to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.528;
viii. To the extent the Business Associate is to carry out one or more of covered entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s); and
ix. To the extent required by regulators, make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
Obligations of Business Associate. In performing its duties and obligations under the Agreement, Business Associate agrees as follows:
Obligations of Business Associate. Business Associate agrees to comply with applicable federal and state confidentiality and security laws, specifically the provisions of the HIPAA Rules applicable to business associates, including:
Obligations of Business Associate. As an express condition of performing Business Associate Functions, Business Associate agrees to:
a. Not Use or Disclose PHI other than as permitted or required by this Agreement or as otherwise Required by Law.
b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to Electronic Protected Health Information, to prevent Use or Disclosure of PHI other than as provided for in this Agreement.
c. Report to the Plan's designated privacy official, without unreasonable delay but in no event more than three (3) business days after discovery by Business Associate, any Use or Disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware, including any Breach of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware, together with any remedial or mitigating action taken or proposed to be taken with respect thereto. If Business Associate does not have available complete information in satisfaction of 45 CFR 164.410(c) within three (3) business days of discovery of the impermissible Use or Disclosure, Business Associate shall provide all information it has at such time, and immediately update the Plan with additional information as it becomes available through prompt investigation. This Agreement serves as Business Associate's notice to the Plan that attempted but unsuccessful Security Incidents regularly occur and that no further notice will be made by Business Associate unless there has been a successful Security Incident or attempts or patterns of attempts that Business Associate determines to be suspicious. Business Associate shall cooperate with the Plan in mitigating any harmful effects of any impermissible Use or Disclosure. In the case of a Breach as determined to exist in the sole discretion of the Plan which was due to a violation of this Agreement by Business Associate, Business Associate shall pay for the reasonable costs of investigation, mitigation and notification to affected Individuals. As an alternative to Business Associate reimbursing Company and the Plan for the costs of notification, the Plan may elect to have Business Associate directly provide the notifications to Individuals for breaches caused by Business Associate, provided that Company and the Plan shall have final approval of all content of notifications to Individuals.
d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), ensure that any Subcontr...
Obligations of Business Associate. 2.1. In order that each party may achieve and maintain compliance with the requirements of HIPAA, Business Associate agrees:
a. To only use and disclose PHI as permitted by this HIPAA Addendum or as Required By Law. Business Associate may:
i. use and disclose PHI to perform its obligations as set forth in the Terms and Conditions;
ii. use PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities;
iii. disclose PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities, if such disclosure is required by law or if Business Associate obtains reasonable assurances from the recipient that the recipient will keep the PHI confidential, use or further disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient, and notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached;
iv. use PHI to provide data aggregation services relating to your health care operations;
v. use or disclose PHI to report violations of the law to law enforcement enforcement, consistent with 45 C.F.R. § 164.502(j)(1); and
vi. use PHI to create de-identified information consistent with the standards set forth at 45 C.F.R. § 164.514. Business Associate will not sell PHI or use or disclose PHI for purposes of marketing, as defined and proscribed in the Regulations.
b. To limit its uses and disclosures of, and requests for, PHI (a) when practical, to the information making up a Limited Data Set; and (b) in all other cases subject to the requirements of 45 C.F.R. § 164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request.
c. To use appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of the PHI in compliance with the Regulations.
d. To ensure that all of Business Associate’s employees, subsidiaries and affiliates that receive, use or have access to PHI will adhere to the same restrictions and conditions on the use or disclosure of PHI that apply to Business Associate pursuant to this HIPAA Addendum.
e. To require all of its subcontractors and agents that receive, use or have access to PHI to agree, in writing, to adhere to the same restrictions and conditions on the use or disclosure of PHI that apply to Business Associate pursuant to this HIPAA Addendum....
Obligations of Business Associate. With regard to the use and disclosure of LIBERTY PHI, Business Associate hereby agrees as follows:
Obligations of Business Associate. Except as expressly set forth in this Agreement, as necessary to provide the Services, or as otherwise requested in writing by Covered Entity:
Obligations of Business Associate. Business Associate agrees to comply with the provisions of Privacy Rule applicable to “business associates” (as defined by the Privacy Rule), including:
Obligations of Business Associate. Business Associate agrees:
A. Not to use or disclose Protected Health Information other than (i) as permitted or required by this BAA, (ii) as permitted or required to perform its obligations pursuant to the Agreements, or (iii) as Required by Law.
B. To use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to Electronic Protected Health Information, to prevent the use or disclosure of PHI other than as provided for by this BAA.
C. To mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.
D. To report to the appropriate Covered Entity any use or disclosure of PHI not provided for by this BAA of which it becomes aware and any Successful Security Incident of which Business Associate becomes aware. For purposes of this BAA, a “Successful Security Incident” is any Security Incident that results in unauthorized access, use, disclosure, modification, or destruction of Electronic Protected Health Information of Covered Entity. The parties further stipulate and agree that this paragraph constitutes notice by Business Associate to Covered Entity with respect to any “Unsuccessful Security Incident,” which is defined for purposes of this BAA as any Security Incident that is not a Successful Security Incident. Covered Entity and Business Associate agree that reporting of Unsuccessful Security Incidents are too numerous to be meaningful or helpful and therefore this BAA constitutes the report from Business Associate that these incidents occur.
E. In accordance with 45 CFR §§164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to ensure that any subcontractor that creates, receives, maintains or transmits Protected Health Information on behalf of Business Associate agrees to the same restrictions and conditions that apply through this BAA to Business Associate with respect to such PHI. If Business Associate becomes aware of a pattern or practice by the subcontractor that violates such agreement, Business Associate shall take steps to cure the breach or end the violation. If efforts to cure the breach or end the violation are not successful, Business Associate shall terminate its arrangement with the subcontractor, if feasible. If not feasible, Business Associate shall notify Covered Entity of the breach or violation.
F. To make available, at the request of Covered Entity, and in the form and format designat...
