Permitted Uses and Disclosures i. Business Associate shall use and disclose PHI only to accomplish Business Associate’s obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements of Subpart E that apply to Covered Entity in the performance of such obligation.
ii. Business Associate may disclose PHI to carry out the legal responsibilities of Business Associate, provided, that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required by Law or for the purpose for which Business Associate originally disclosed the information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity. Business Associate may de-identify any or all PHI created or received by Business Associate under this Agreement, provided the de-identification conforms to the requirements of the HIPAA Rules.
Permitted Uses and Disclosures a. Except as otherwise limited in this Agreement or by other applicable law or agreement, if the Contract permits, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Contract, provided that such use or disclosure:
1) would not violate the Privacy Rule if done by Covered Entity; or
2) would not violate the minimum necessary policies and procedures of the Covered Entity.
b. Except as otherwise limited in this Agreement or by other applicable law or agreements, if the Contract permits, Business Associate may use Protected Health Information as necessary for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement or by other applicable law or agreements, if the Contract permits, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that:
1) disclosures are Required By Law; or
2) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and will be used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
d. Except as otherwise limited in this Agreement or by other applicable law or agreements, if the Contract permits, Business Associate may use Protected Health Information to provide data aggregation services to Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B).
e. Notwithstanding the foregoing provisions, Business Associate may not use or disclose Protected Health Information if the use or disclosure would violate any term of the Contract or other applicable law or agreements.
Permitted Uses and Disclosures. Except as otherwise indicated in this Addendum, Business Associate may use or disclose PHI only to perform functions, activities or services specified in this Agreement, for, or on behalf of County, provided that such use or disclosure would not violate the HIPAA regulations, if done by County.
Permitted Uses and Disclosures. The MCP will not use or disclose PHI except as provided in this Agreement or as otherwise required under HIPAA regulations or other applicable law.
Permitted Uses and Disclosures. A. Business Associate agrees to use or disclose Protected Health Information (“PHI”) that it creates for or receives from Recipient or its Subsidiaries only as follows. The capitalized term “Protected Health Information or PHI” has the meaning set forth in 45 Code of Federal Regulations Section 164.501, as amended from time to time. Generally, this term means individually identifiable health information including, without limitation, all information, data and materials, including without limitation, demographic, medical and financial information, that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past present, or future payment for the provision of health care to an individual; and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. This definition shall include any demographic information concerning members and participants in, and applicants for, Recipient’s or its Subsidiaries’ health benefit plans. All other terms used in this Addendum shall have the meanings set forth in the applicable definitions under the HIPAA Privacy Rule.
Permitted Uses and Disclosures. BA may only use and disclose PHI owned by the CE that it creates, receives, maintains, or transmits if the use or disclosure is in compliance with each applicable requirement of 45 C.F.R. 164.504(e) of the Privacy Rule or this BAA. The additional requirements of Subtitle D of the HITECH Act contained in Public Law 111-5 that relate to privacy and that are made applicable with respect to Covered Entities shall also be applicable to BA and are incorporated into this BAA. To the extent that BA discloses CE’s PHI to a subcontractor, BA must obtain, prior to making any such disclosure: (1) reasonable assurances from the subcontractor that it will agree to the same restrictions, conditions, and requirements that apply to the BA with respect to such information; and (2) an agreement from the subcontractor to notify BA of any Breach of confidentiality, or security incident, within two business days of when it becomes aware of such Breach or incident.
Permitted Uses and Disclosures. Except as otherwise Required by Law or limited in this Addendum or the Agreement, Business Associate may use or disclose PHI as permitted by the Privacy Rule and to perform functions, activities, or services to, for, or on behalf of, Covered Entity as specified in the Agreement, provided that such use or disclosure would not violate the Privacy Rule or the Security Rule if made by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. Business Associate may use or disclose PHI for the proper management and administration of the Business Associate as permitted by the Privacy Rule.
Permitted Uses and Disclosures a. Except as otherwise limited in this Agreement or by other applicable law or agreement, if the MOU permits, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the MOU, provided that such use or disclosure:
1) would not violate the Privacy Rule if done by Covered Entity; or
2) would not violate the minimum necessary policies and procedures of the Covered Entity.
b. Except as otherwise limited in this Agreement or by other applicable law or agreements, if the MOU permits, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that:
1) the disclosures are Required By Law; or
2) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and will be used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
c. Except as otherwise limited in this Agreement or by other applicable law or agreements, if the MOU permits, Business Associate may use Protected Health Information to provide data aggregation services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B).
d. Notwithstanding the foregoing provisions, Business Associate may not use or disclose Protected Health Information if the use or disclosure would violate any term of the MOU or other applicable law or agreements.
Permitted Uses and Disclosures a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law.
b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached.
c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.
Permitted Uses and Disclosures. Provider may disclose the information received by it under the Agreement only if the disclosure is required by law.
