Common use of Obligations of the Covered Entity Clause in Contracts

Obligations of the Covered Entity. (a) The Covered Entity shall notify the Business Associate of any limitations in the Notice of Privacy Practices maintained by the Covered Entity to the extent that such limitations may affect the Business Associate’s use or disclosure of the PHI. (b) The Covered Entity shall immediately notify the Business Associate of any changes in, or revocation of, permission granted by an Individual under 45 C.F.R. § 164.506 or § 164.508 to use or disclose PHI, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI. (c) The Covered Entity shall immediately notify the Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect the Business Associate’s use or disclosure of PHI. (d) The Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule, Security Rule, or HIE Statute if done by the Covered Entity. (e) If the Business Associate provides the Covered Entity with access to the HIE, the Covered Entity shall, prior to accessing the HIE, obtain all necessary consents from the individual who is the subject of the PHI being accessed, as required by the Business Associate and under the HIE Statute or any other applicable law. (f) If the Business Associate provides the Covered Entity with access to the HIE, the Covered Entity shall use any PHI obtained through the HIE only for the purpose of caring for and treating a patient. The Covered Entity shall not disclose any PHI obtained through the HIE to any person unless such disclosure is necessary to facilitate the care and treatment of a patient. In its use and disclosure of any PHI obtained through the HIE, the Covered Entity shall comply with all applicable laws, including, without limitation, HIPAA, the HITECH Act, the Privacy Rule, the Security Rule, and the HIE Statute. The Covered Entity shall put in place reasonable training procedures to inform its employees, agents, and subcontractors of the restrictions on use and disclosure of PHI obtained through the HIE and shall not permit any employee, agent, or subcontractor to access the HIE unless such person commits in writing to abide by the restrictions in this Agreement regarding use or disclosure of PHI obtained through the HIE. The Covered Entity shall report any unauthorized use or disclosure of PHI obtained through the HIE to the Business Associate within three (3) days of the time at which it becomes aware, or in the exercise of reasonable care should have been aware, of the unauthorized use or disclosure.

Obligations of the Covered Entity. (a) The Covered Entity shall immediately notify the Business Associate of any limitations in the Notice of Privacy Practices maintained by the Covered Entity to the extent that such limitations may affect the Business Associate’s use or disclosure of the PHI. (b) The Covered Entity shall immediately notify the Business Associate of any changes in, or revocation of, permission granted by an Individual under 45 C.F.R. § 164.506 or § 164.508 to use or disclose PHI, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI. (c) The Covered Entity shall immediately notify the Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect the Business Associate’s use or disclosure of PHI. (d) The Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule, Security Rule, or HIE Statute Rules if done by the Covered Entity. (e) If the Business Associate provides the Covered Entity with access to the HIE, the Covered Entity shall, prior to accessing the HIE, obtain all necessary consents from the individual who is the subject of the PHI or ePHI being accessed, as required by the Business Associate and under the HIE Statute or any other applicable law. (f) If the Business Associate provides the Covered Entity with access to the HIE, the Covered Entity shall use any PHI or ePHI obtained through the HIE only for the purpose of caring for and treating a patient. The Covered Entity shall not disclose any PHI or ePHI obtained through the HIE to any person unless such disclosure is necessary to facilitate the care and treatment of a patient. In its use and disclosure of any PHI or ePHI obtained through the HIE, the Covered Entity shall comply with all applicable laws, including, without limitation, HIPAA, the HITECH Act, the Privacy Rule, the Security Rule, and the HIE Statute. The Covered Entity shall put in place reasonable training procedures to inform its employees, agents, and subcontractors of the restrictions on use and disclosure of PHI or ePHI obtained through the HIE and shall not permit any employee, agent, or subcontractor to access the HIE unless such person commits in writing to abide by the restrictions contained in this Agreement regarding use or disclosure of PHI or ePHI obtained through the HIE. The Covered Entity shall report any unauthorized use or disclosure of PHI or ePHI obtained through the HIE to the Business Associate within three (3) days of the time at which it becomes aware, or in the exercise of reasonable care should have been aware, of the unauthorized use or disclosure.

Obligations of the Covered Entity. (aA. If the Covered Entity wishes to receive PHI, it shall provide the Business Associate with the name or identity/job title of the individual(s) authorized to represent the Covered Entity and who can receive and disclose PHI for purposes of the Services. The Covered Entity shall also notify the Business Associate of any changes made with respect to the individuals so identified. B. The Covered Entity shall provide the Business Associate with the Notice of Privacy Practices produced in accordance with 45 C.F.R § 164.520 and any changes thereto. C. The Covered Entity shall obtain all consents or authorizations necessary for the Business Associate's access to or creation, maintenance, use or disclosure of PHI subject to this Agreement. D. The Covered Entity shall notify the Business Associate of any limitations in the Notice of Privacy Practices maintained by the Covered Entity restrictions applicable to the extent that such limitations may affect the Business Associate’s 's use or disclosure of PHI that the PHICovered Entity has accepted and that apply to any access to or use or disclosure of PHI subject to this Agreement. (b) E. The Covered Entity shall immediately notify the Business Associate of any changes in, or revocation of, permission granted by an Individual under 45 C.F.R. § 164.506 or § 164.508 to use or disclose PHI, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI. (c) The Covered Entity shall immediately notify the Business Associate of any restriction to on the use or disclosure of PHI that the Covered Entity has agreed to in accordance with 45 C.F.R. C.F.R § 164.522, to the extent that such restriction may affect the Business Associate’s use or disclosure of PHI. (d) F. The Covered Entity shall not request that the Business Associate to use or disclose PHI in any a manner that would not be permissible under the Privacy Rule, Security Rule, or HIE Statute Subpart E of 45 C.F.R. Part 1764 if done so disclosed by the Covered Entity. (e) If the Business Associate provides the Covered Entity with access to the HIE, the Covered Entity shall, prior to accessing the HIE, obtain all necessary consents from the individual who is the subject of the PHI being accessed, as required by the Business Associate and under the HIE Statute or any other applicable law. (f) If the Business Associate provides the Covered Entity with access to the HIE, the Covered Entity shall use any PHI obtained through the HIE only for the purpose of caring for and treating a patient. G. The Covered Entity shall not disclose any PHI obtained through notify the HIE to any person unless such disclosure is necessary to facilitate the care and treatment of a patient. In its use and disclosure Business Associate of any PHI obtained through the HIE, specific obligations of the Covered Entity shall comply with all applicable laws, including, without limitation, HIPAA, to any obligations of the HITECH Act, Covered Entity that the Privacy Rule, the Security Rule, and the HIE Statute. Business Associate performs under this Agreement H. The Covered Entity shall put in place be solely responsible for compliance with the Security Rule and the implementation of reasonable training procedures and appropriate safeguards with respect to inform PHI that is subject to this Agreement and that it provides to or receives from the Business Associate, prior to its employees, agentsreceipt by the Business Associate, and subcontractors upon and following its receipt by the Covered Entity from the Business Associate. I. The Covered Entity shall be responsible for reporting security incidents, unauthorized uses and disclosures of PHI, and breaches to all other business associates. J. The Covered Entity shall provide the restrictions on use and disclosure of PHI obtained through the HIE and shall not permit Business Associate with any employee, agentchanges in, or subcontractor revocation of, or authorization by Covered Entity to access use or disclose PHI, if such changes affect the HIE unless such person commits in writing to abide by Business Associate's permitted or required uses and disclosures. K. The Covered Entity shall notify the restrictions in this Agreement regarding Business Associate of any restriction on the use or disclosure of PHI obtained through that the HIE. The Covered Entity shall report any unauthorized use or disclosure of PHI obtained through the HIE has agreed to the Business Associate within three (3) days of the time at which it becomes aware, or in the exercise of reasonable care should have been aware, of the unauthorized use or disclosureaccordance with 45 C.F.R § 164.522.