Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement. (b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program. (c) Business Associate may use or disclose PHI as required by law. (d) Business Associate may use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity. (f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures. (g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law. (h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a). (i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below. (j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 5 contracts
Samples: Professional Services, Professional Services, Professional Services Agreement
Permitted Uses and Disclosures by Business Associate. (a) 3.1. Business Associate may only use or disclose protected health information Protected Health Information as necessary only to perform the services set forth in the underlying agreement between the Parties. Specifically, unless otherwise provided in such agreement, Business Associate may not use or disclose Protected Health Information except to perform functions, activities activities, or services us set forth for, or on behalf of, Covered Entity for the purposes of payment, treatment, or health care operations as those terms are defined in the Underlying AgreementHIPAA Rules; provided that such use or disclosure would not violate the HIPAA Rules if done by Covered Entity.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) 3.2. Business Associate may use or disclose PHI Protected Health Information as required by law.
(d) 3.3. Business Associate may only use, disclose, or request Protected Health Information consistent with Covered Entity’s minimum necessary policies and procedures.
3.4. Business Associate may not use or disclose Protected Health Information in a manner that, if done by Covered Entity, would violate 45 CFR Part 164, Subpart E, except for the specific uses and disclosures set forth below:
3.4.1. Business Associate may use or disclose PHI Protected Health Information to de-identify the information in accordance with 45 CFR §§ 164.514(a)-(c). Before proceeding with any such de-identification, Business Associate shall inform Covered Entity in writing of the manner in which it will de-identify the Protected Health Information and of Business Associate’s proposed use and disclosure of the de-identified information.
3.4.2. Business Associate may use Protected Health Information for the its proper management and Administration of Business Associate administration or to carry out the its legal responsibilities of responsibilities.
3.4.3. Business AssociateAssociate may disclose Protected Health Information for its proper management and administration; to carry out its legal responsibilities, provided the that disclosures are required by law, ; or Business Associate if it obtains reasonable assurances assurances, in writing, from the person or entity to whom the information is disclosed that the information will remain confidential and only be used or further disclosed only as required by law either to or for the purposes purpose for which it was disclosed to the persondisclosed; or as Required by Law. In such instances, and Business Associate must obtain from the person notifies or entity to whom it discloses any Protected Health Information assurances that the person or entity will notify the Business Associate of any instances of which it is aware in which the confidentiality of the information that there has been breacheda breach of confidentiality.
(e) 3.4.4. Business Associate may use Protected Health Information to provide data aggregation services relating to the health care operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 4 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) a. Except as otherwise limited by this Agreement, Business Associate may only use or disclose protected health information as make any Uses and Disclosures of Protected Health Information necessary only to perform functionsits services to Covered Entity and otherwise meet its obligations under this Agreement, activities if such Use or services us set forth in Disclosure would not violate the Underlying Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement, or by specific instruction of Covered Entity, are prohibited.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program includeb. Except as otherwise limited in this Agreement, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI Use Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement, Business Associate may Disclose Protected Health Information for the proper management and administration of the Business Associate, provided the disclosures that Disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information it will remain confidential and used used, or further disclosed Disclosed, only as required by law Required By Law, or for the purposes purpose for which it was disclosed Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) d. Except as otherwise limited in this Agreement, Business Associate may Use Protected Health Information to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Entity only wherein said services pertain to Health Care Operations. Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate further agrees that said services shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI be provided in a manner that would violate Subpart E result in Disclosure of 45 CFR Part 164 if done by Protected Health Information to another covered entity who was not the originator and/or lawful possessor of said Protected Health Information. Further, Business Associate agrees that any such wrongful Disclosure of Protected Health Information is a direct violation of this Agreement and shall be reported to Covered EntityEntity immediately after the Business Associate becomes aware of said Disclosure and, except for the specific uses and disclosures set forth belowunder no circumstances, later than five (5) business days thereafter.
(j) e. Business Associate may Use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with §164.502(j)(1).
f. Business Associate shall not directly or indirectly receive remuneration in exchange make Uses, Disclosures, and requests for PHI, except Protected Health Information consistent with the prior written consent of Covered Entity and Minimum Necessary principle as permitted by 42 U.S.C. section 17935(d)(2)defined herein.
Appears in 3 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) A. Business Associate associate may only use or disclose protected health information as necessary only follows:
1. Necessary to perform functions, activities or the services us set forth in the Underlying Service Agreement.
(b) 2. Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate associate may use or disclose PHI protected health information as required by law.
(d) 3. Business Associate may shall not request, use or disclose more than the minimum amount of PHI necessary to accomplish the purpose of the Use, Disclosure, or request, consistent with Covered Entity’s minimum necessary policies and procedures.
4. Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth below.
5. Business associate may use protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
6. Business associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) 7. Business Associate associate may provide data aggregation services relating to the health care operations of the Covered Entity only with the written consent of the Covered Entity.
(f) B. Provisions for Covered Entity to Inform Business Associate agrees to make uses, disclosures, of Privacy Practices and requests for PHI consistent with Restrictions Covered Entity’s minimum necessary policies and procedures.
(g) entity shall notify Business Associate may not divulge of any limitation(s) in the Medi-Cal status notice of a privacy practices of Covered Entity Members without under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information. Covered Entity’s prior approval except for treatment, payment and operationsentity shall notify Business Associate of any changes in, or as required revocation of, the permission by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI his or her protected health information, to the extent that such changes may affect Business Associate’s use or disclosure of protected health information. Covered entity shall notify Business Associate of any restriction on the use or disclosure of protected health information that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of protected health information.
C. Permissible Requests by Covered Entity Covered entity shall not request Business Associate to use or disclose protected health information in a any manner that would violate not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity, except for . [Include an exception if the specific uses and disclosures set forth below.
(j) Business Associate shall not directly will use or indirectly receive remuneration in exchange for PHIdisclose protected health information for, except with and the prior written consent agreement includes provisions for, data aggregation or management and administration and legal responsibilities of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)the Business Associate.]
Appears in 3 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) A. Except as otherwise provided in this Agreement, the Business Associate may only use or disclose protected health information to perform functions, activities or services identified in this Agreement provided that such use or disclosure would not violate federal or state laws or regulations. Without express written permission from Covered Entity, Business Associate is not authorized to use protected health information to de-identify the information in accordance with 45 CFR 164.514(a)-(c).
B. Business Associate may use or disclose protected health information as required by law.
C. Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary only to perform functions, activities policies and procedures attached hereto as Exhibit E – Attachment 1.
D. Business Associate may not use or services us disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth in the Underlying Agreement.below:
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c1) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate
2) Business Associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e3) Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 3 contracts
Samples: Standard Agreement, Standard Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Except as otherwise limited in this BAA, Business Associate may only use or disclose protected health information as necessary only PHI (i) to perform functions, activities or services us set forth for, or on behalf of, Covered Entity as specified in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may Contractual Agreement provided that such use or disclose PHI disclosure does not violate the Privacy Rule if done by Covered Entity or (ii) as required by law.
(db) Business Associate may use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business AssociateExcept as provided below, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate violates Subpart E of 45 CFR Part 164 if done by a covered entity.
1. Business Associate may use and disclose PHI to perform services for Covered Entity including all services covered by and set out in the Contractual Agreement.
2. Business Associate may use PHI in its possession for the proper management and administration of Business Associate and to carry out the legal responsibilities of Business Associate.
3. Business Associate may disclose PHI in its possession for the proper management and administration of Business Associate, provided that disclosures are Required by Law or Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that such PHI will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the third party, and the third party notifies Business Associate of any instances of which it is aware that the confidentiality of the PHI has been breached.
4. Business Associate may de-identify any and all PHI in its possession obtained from Covered Entity and use such de-identified data in accordance with all de-identification requirements of the Privacy Rule.
5. Business Associate may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 CFR 164.502(j)(1). Covered Entity shall be furnished with a copy of all correspondence sent by Business Associate to any federal or state authority.
6. Except as otherwise limited in this BAA, Business Associate may use PHI to provide Data Aggregation Services to Covered Entity, except for the specific uses and disclosures set forth below.
(j) 7. Any use or disclosure of PHI by Business Associate shall not directly or indirectly receive remuneration be in exchange for PHI, except accordance with the prior written consent minimum necessary policies and procedures of Covered Entity and as permitted the regulations and guidance issued by 42 U.S.C. section 17935(d)(2)the Secretary on what constitutes the minimum necessary for Business Associate to perform its obligations to Covered Entity under this BAA and the Contractual Agreement.
Appears in 2 contracts
Samples: Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) The Business Associate may only use or disclose protected health information PHI as necessary only to perform functions, activities or the services us set forth in the Underlying AgreementAgreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the corresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by the Agreement or directed by the Covered Entity.
(b) The Business Associate activities which are for purposes directly connected agrees to use, disclose and request PHI only in accordance with the administration of HIPAA Privacy Rule “minimum necessary” standard and corresponding DHA policies and procedures as stated in the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDoD HIPAA Issuances.
(c) The Business Associate may shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate’s own management and administration and legal responsibilities or for data aggregation services as required by lawset forth in the following three paragraphs.
(d) Except as otherwise limited in the Agreement, the Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.
(e) Except as otherwise limited in the Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information PHI is disclosed that the information it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(ef) Except as otherwise limited in the Agreement, the Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)operations.
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Business Associate Agreement (Baa), Business Associate Agreement (Baa)
Permitted Uses and Disclosures by Business Associate. (a) a. Except as otherwise limited by this Agreement, Business Associate may only use or disclose protected health information as make any Uses and Disclosures of PHI necessary only to perform functionsits services to Covered Entity and otherwise meet its obligations under this Agreement, activities if such Use or services us set forth in Disclosure would not violate the Underlying Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement, or by specific instruction of Covered Entity, are prohibited.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program includeb. Except as otherwise limited in this Agreement, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose Use PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement, Business Associate may Disclose PHI for the proper management and administration of the Business Associate, provided the disclosures that Disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information it will remain confidential and used used, or further disclosed Disclosed, only as required by law Required By Law, or for the purposes purpose for which it was disclosed Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) d. Except as otherwise limited in this Agreement, Business Associate may Use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services will be provided to Covered Entity only when such Data Aggregation services pertain to Health Care Operations. Business Associate further agrees that such services will not be provided in a manner that would result in Disclosure of PHI to another covered entity who was not the originator or lawful possessor of such PHI. Further, Business Associate agrees that any such wrongful Disclosure of PHI is a direct violation of this Agreement and must be reported to Covered Entity immediately after the Business Associate becomes aware of such Disclosure and, under no circumstances, later than three (3) business days after the Disclosure.
e. Business Associate may Use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).
f. Business Associate will make usesUses, disclosuresDisclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and proceduresthe Minimum Necessary principle as Required by Law.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Business Associate Agreement, Group Vision Plan Insurance Agreement
Permitted Uses and Disclosures by Business Associate. (a) A. Business Associate associate may only use or disclose protected health information as necessary only follows:
1. Necessary to perform functions, activities or the services us set forth in the Underlying Service Agreement.
(b) 2. Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate associate may use or disclose PHI protected health information as required by law.
(d) 3. Business Associate may shall not request, use or disclose more than the minimum amount of PHI necessary to accomplish the purpose of the Use, Disclosure, or request, consistent with Covered Entity’s minimum necessary policies and procedures.
4. Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth below.
5. Business associate may use protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
6. Business associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) 7. Business Associate associate may provide data aggregation services relating to the health care operations of the Covered Entity only with the written consent of the Covered Entity.
(f) B. Provisions for Covered Entity to Inform Business Associate agrees to make uses, disclosures, of Privacy Practices and requests for PHI consistent with Restrictions Covered Entity’s minimum necessary policies and procedures.
(g) entity shall notify Business Associate may not divulge of any limitation(s) in the Medi-Cal status notice of a privacy practices of Covered Entity Members without under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information. Covered Entity’s prior approval except for treatment, payment and operationsentity shall notify Business Associate of any changes in, or as required revocation of, the permission by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI his or her protected health information, to the extent that such changes may affect Business Associate’s use or disclosure of protected health information. Covered entity shall notify Business Associate of any restriction on the use or disclosure of protected health information that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of protected health information.
C. Permissible Requests by Covered Entity Covered entity shall not request Business Associate to use or disclose protected health information in a any manner that would violate not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use Use or disclose protected health information Disclose Protected Health Information as necessary only to perform functions, activities or the services us set forth in the Underlying underlying Service Agreement.
(b) Business Associate activities which are for purposes directly connected may Use or Disclose Protected Health Information as long as it is de- identified in accordance with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program45 CFR 164.514(a)-(c).
(c) Business Associate may use Use or disclose PHI Disclose Protected Health Information as required by law.
(d) Business Associate agrees to make Uses and Disclosures and requests for Protected Health Information consistent with Covered Entity’s Minimum Necessary policies and procedures, as delivered to Business Associate.
(e) Business Associate may use not Use or disclose PHI Disclose Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific Uses and Disclosures set forth below.
(f) Business Associate may Use Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(g) Business Associate may Disclose Protected Health Information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures Disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information will remain confidential and used Used or further disclosed Disclosed only as required by law or for the purposes for which it was disclosed Disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(eh) Business Associate may provide data aggregation Data Aggregation services relating to the health care operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Prescription Drug Benefit Management Agreement, Prescription Drug Benefit Management Agreement
Permitted Uses and Disclosures by Business Associate. (a) A. Except as otherwise provided in this Agreement, the Business Associate may only use or disclose protected health information to perform functions, activities or services identified in this Agreement provided that such use or disclosure would not violate federal or state laws or regulations. Without express written permission from Covered Entity, Business Associate is not authorized to use protected health information to de-identify the information in accordance with 45 CFR 164.514(a)-(c).
B. Business Associate may use or disclose protected health information as required by law.
C. Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary only to perform functions, activities policies and procedures attached hereto as Exhibit E – Attachment 1.
D. Business Associate may not use or services us disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth in the Underlying Agreement.below:
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c1) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business ssociate
2) Business Associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e3) Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Standard Agreement, Standard Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or the services us set forth in the Underlying AgreementContract to which this Agreement is appended, including, if applicable, authorization to use protected health information to de-identify the information in accordance with 45 CFR 164,514(a)-(c) and follow additional guidance provided by US DHHS in “Guidance Regarding Methods for De-identification of protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” found at xxxxx://xxx.xxx.xxx/hipaa/for-professionals/privacy/guidance/index.html.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting may use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programdisclose protected health information as required by law.
(c) Business Associate may use agrees to limit uses, disclosures, and requests for protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or disclose PHI as required by lawrequest according to the HIPAA Privacy Rule.
(d) Business Associate may not use or disclose PHI protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
(e) Business Associate may disclose protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person individual to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the personindividual, and the person individual notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a disclose or duplicate protected health information identified by Covered Entity Members as provided by the Social Security Administration (SSA) without Covered Entity’s prior written approval except and permission from SSA. If the need for treatmentsuch disclosure and/or duplication arises, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of must notify Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)work with Covered Entity to obtain approval and permission from SSA.
Appears in 2 contracts
Samples: Hipaa Business Associate Agreement, Hipaa Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information a. Except as necessary only to perform functionsotherwise limited in this Agreement, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as required Protected Health Information, or perform functions, activities, or services for, or on behalf of, Covered Entity for the following purposes, if such use or disclosure of Protected Health Information would not violate the HIPAA Rules if done by lawCovered Entity or the minimum necessary policies and procedures of the Covered Entity:
i. To determine or verify Covered Entity’s eligibility for coverage pursuant to an insurance policy issued or administered by Business Associate;
ii. To investigate, analyze, and evaluate any potential or actual claim against Covered Entity which may be covered pursuant to an insurance policy issued or administered by Business Associate, including use of outside legal counsel and expert witnesses;
iii. To litigate and defend any potential or actual claim against Covered Entity and/or Business Associate which may be covered pursuant to an insurance policy issued or administered by Business Associate, including use of outside legal counsel and expert witnesses;
iv. To perform any underwriting or actuarial functions or activities associated with an insurance policy issued or administered by Business Associate;
v. To investigate, analyze, evaluate, respond to, and defend against any regulatory, licensing, or other issue, inquiry, or dispute involving any State or Federal administrative agency, which in any way actually or potentially relates to or concerns claims or other matters of any kind arising from an insurance policy issued or administered by Business Associate; and
vi. To enable Business Associate to fulfill in any reasonable manner its statutory, regulatory, contractual, or other legal obligations to Covered Entity pursuant to an insurance policy issued or administered by Business Associate.
(d) b. Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) d. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide data aggregation services relating to the health care operations of Covered EntityEntity as permitted by 45 CFR § 164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) e. Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a§ 164.502(j)(1).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information a. Except as necessary only to perform functionsotherwise limited in this Agreement, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as required specified in the Service Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by lawCovered Entity or the minimum necessary policies and procedures of the Covered Entity (except for the specific uses and disclosures set forth below).
(d) b. Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) d. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2CFR 164.504(e)(2)(i)(B).
e. Business Associate may use Protected Health Information to report violations of law to appropriate federal and state authorities, consistent with 45 CFR 164.502(j)(1).
f. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information to a business associate who is an agent or Subcontractor and may allow the agent or Subcontractor to create, receive, maintain or transmit Protected Health Information on its behalf, if the Business Associate enters into a written contract with the agent or Subcontractor in which the agent or Subcontractor agrees to abide by the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information, including without limitation an agreement to implement reasonable and appropriate safeguards to protect non-electronic and electronic Protected Health Information.
g. Business Associate may use or disclose Protected Health Information as Required By Law.
Appears in 2 contracts
Samples: Health Information Services Provider (Hisp) Services Agreement, Health Information Services Provider (Hisp) Services Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information PHI as necessary only required to satisfy its obligations to perform functions, activities the Activities or services us set forth as otherwise permitted herein or in the Underlying Related Agreement.
(b) . Business Associate activities which are for purposes directly connected is authorized to use PHI to de-identify the PHI in accordance with Applicable Law. The Parties acknowledge and agree that once de-identified the administration of the Medi-Cal program include, but are information is no longer PHI and not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related subject to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) restrictions herein. Business Associate associate may use or disclose PHI as required Required By Law (as that term is defined in Applicable Law. Business Associate agrees to make uses and disclosures and requests for PHI, consistent with the Minimum Necessary requirement, as applicable. Business Associate may not use or disclose PHI in a manner that would violate Applicable Law if done by law.
Covered Entity, except for the specific uses and disclosures set forth below in paragraphs F, G, and H of this Section III (d) “Permitted Uses and Disclosures”). Business Associate may use PHI to contact patients and offer such patients an authorization for the use and disclosure of PHI that complies with Applicable Law. If a patient chooses to sign such an authorization, Business Associate may use and disclose PHI to the extent permitted by the authorization, including to market Business Associate’s products. Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. Business Associate may disclose PHI for the proper management and Administration administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Breached. Business Associate may provide data aggregation services perform Data Aggregation activities relating to the health care operations Health Care Operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 2 contracts
Samples: Metagenics Online Webpage Agreement, Metagenics Online™ Webpage Agreement – Resale Estore
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) 2.1 Business Associate may use or disclose PHI Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as required specified in the Prime Contracts, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by law.
Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only Protected Health Information that is contained in a limited data set (das defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business Associate may disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the use, disclosure, or request for use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restrictiondisclosure, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)the requirements of HIPAA. Covered Entity shall determine what quantum of information constitutes the “minimum necessary” amount for Business Associate to accomplish its intended purposes.
(i) 2.2 Business Associate may not use or disclose PHI Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) 2.3 Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B).
2.4 Business Associate may disclose Protected Health Information in its possession to third parties with whom it contracts for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that:
2.4.1 The disclosures are required by law; or
2.4.2 Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached.
2.4.3 Without limiting the foregoing, if Business Associate discloses PHI to a “Subcontractor” as defined under the HIPAA Privacy and Security Rules, Business Associate shall not directly or indirectly receive remuneration execute a Business Associate Agreement with such Subcontractor containing substantially the same terms and conditions as set forth in exchange for this Agreement.
2.5 Business Associate shall train the members of its workforce whose function involves contact with PHI to appropriately handle and safeguard PHI. Such training shall, except with the prior written consent at a minimum, include: implementation and use of Covered Entity risk assessment criteria to determine when a Breach occurs, and as permitted by 42 U.S.C. section 17935(d)(2)how to report a Breach.
Appears in 2 contracts
Samples: Business Associate Agreement, Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) 3.1 In case Business Associate may only use obtains or disclose protected health information as necessary only to perform functionscreates Protected Health Information, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI Protected Health Information, or any information derived from that Protected Health Information, only as required by law.explicitly permitted in the Underlying Agreements and this Agreement, and only if such use or Disclosure, respectively, is in compliance with each applicable requirement of 45 CFR § 164.504(e). It means that:
(d) 3.1.1 Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
3.1.2 Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures that Disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person person/organization to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it was disclosed to the person/organization, and the person person/organization notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breachedBreached.
(e3.1.3 In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate may provide data aggregation services relating agree to the health care operations same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
3.2 Business Associate understands and agrees that its access to Protected Health Information stored in databases and information systems at the Covered Entity is subject to review and audit by the Covered Entity or agents of the HHS and OCR at any time, that remote audits of such access may occur at any time, that on-site audits of such access will be conducted during regular business hours, and that any review or audit may occur with or without prior notice by the Covered Entity. The fact that Covered Entity reviews or audits, or fails to review or audit, or has the right to review and audit, Business Associate’s access does not relieve Business Associate of the responsibility to comply with this Agreement, nor does Covered Entity’s (i) failure to detect or (ii) detection, but failure to notify Business Associate or to require Business Associate’s remediation of any unsatisfactory practice, constitute acceptance of such practice or waiver of Covered Entity’s enforcement rights under this Agreement.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) a. Business Associate may only use or disclose protected health information Protected Health Information as necessary only to perform the services described in the Underlying Agreement and this Agreement.
b. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information to a third party to perform functions, activities activities, or services us set forth for, or on behalf of, Covered Entity as specified in HIPAA and the Underlying Agreement, provided that such disclosure would not violate the Privacy & Security Rules if done by Covered Entity, and provided Business Associate and third party have executed a subcontractor agreement as required by Section 2(f) of this Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) c. Business Associate may use or disclose PHI Protected Health Information as required by law.
(d) d. Business Associate agrees to make uses and disclosures and requests for Protected Health Information consistent with the minimum necessary standards set forth in 45 CFR 164.502(b).
e. Business Associate may not use or disclose Protected Health Information in a manner that would violate Subpart B of 45 CFR Part 164, except for the following specific uses and disclosures:
1. Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
2. Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) 3. Business Associate may use Protected Health Information to provide data aggregation Data Aggregation services relating related to the health care operations of the Covered EntityEntity as permitted by 45 CFR 164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) 4. Business Associate may not divulge aggregate and de-identify any and all PHI obtained by the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full under this Agreement and the individual requests use all such restriction, de-identified data in accordance with 42 U.S.C. section 17935(a) and the de-identification requirements at 45 CFR section 164.522(a164.514(b).
. With respect to de-identification, the aggregated and de-identified data produced by the Business Associate either: (i) will not include any identifiers listed in 45 CFR 164.514(b)(2)(i), or (ii) will have been determined by a person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable and applying such principles and methods, that the risk is very small that the aggregated and de-identified data generated by the Business Associate may under this Agreement could be used, alone or in combination with other reasonably available information, by an anticipated recipient, to identify an individual who is a subject of the information, thereby forming a "statistically de-identified data set" and rendering the information not use or disclose PHI in a manner that would violate Subpart E under HIPAA. De-identified information does not constitute PHI and is not subject to the terms of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth belowthis Agreement.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: End User Software License Agreement
Permitted Uses and Disclosures by Business Associate. (a) 3.1 Except as otherwise limited in this BAA, Business Associate may only use or disclose protected health information as necessary only PHI to perform functions, activities or services us set forth for, or on behalf of, Covered Entity as specified in the Underlying Agreement.
(b) underlying service agreement Covered Entity and Business Associate activities which are for purposes directly connected with Associate, provided that such use or disclosure would not violate the administration Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Covered Entity. Business Associate may use or disclose PHI to perform functions, activities or services for, or on behalf of, Covered Entity for the purposes of payment, treatment or health care operations as required those terms are defined in the Privacy Rule, provided that such use or disclosure would not violate the Privacy Rule if done by lawCovered Entity or the minimum necessary policies and procedures of the Covered Entity.
(d) 3.2 Except as otherwise limited in this BAA, Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
3.3 Except as otherwise limited in this BAA, Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required Required by lawLaw, or Business Associate obtains reasonable assurances in writing from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required Required by law Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) 3.4 Except as otherwise limited in this BAA, Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered EntityEntity as permitted by 45 CFR 164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) 3.5 Business Associate may not divulge the Medi-Cal status use PHI to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal, payment State and operationslocal authorities, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a154.502(j)(1).
(i) 3.6 Business Associate may not use will limit the use, disclosure, or disclose PHI in a manner that would violate Subpart E request of 45 CFR Part 164 PHI, to the extent practicable, to the Limited Data Set or, if done needed by Covered EntityBusiness Associate, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, except for to the specific uses and disclosures set forth belowextent a broader use, disclosure, or request of PHI is allowed by the Privacy Rule.
(j) 3.7 Except as otherwise authorized by the Privacy Rule, Business Associate shall not directly or indirectly receive remuneration in exchange for PHIany PHI of an Individual unless Covered Entity has received a valid authorization from the Individual that includes a specification of whether the PHI can be further exchanged for remuneration by the entity receiving PHI of that Covered Individual.
3.8 Business Associate may not use or disclose PHI regarding an Individual with respect to a communication about a project or service that encourages recipients of the communication to purchase or use the product or service unless the communication is made to the Individual: (i) to describe a health-related product or service (or payment for such product or service) that is provided by, or included in, the Plan, including communications about the entities participating in a health care provider network or health plan network, replacement of, or enhancements to, the Plan, and health-related products or services available only to Individuals that add value to, but are not part of, the Plan; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the Individual. Notwithstanding the foregoing, except as allowed by the Privacy Rule, Business Associate may not use or disclose PHI regarding an Individual with respect to a communication described above if Covered Entity receives direct or indirect payment in exchange for making such communication.
3.9 With respect to PHI that Business Associate creates or receives on behalf of Covered Entity, Business Associate will not use or further disclose the prior written consent PHI other than as permitted or required by this BAA or as Required by Law.
3.10 In the event the Business Associate transmits or receives any electronic transaction on behalf of Covered Entity, it shall comply with all applicable provisions of HIPAA and HITECH and the applicable regulations and shall ensure that any agents and subcontractors that assist Business Associate in conducting electronic transactions on behalf of Covered Entity agree in writing to comply with all applicable provisions of HIPAA and as permitted HITECH and the applicable regulations to the extent Required by 42 U.S.C. section 17935(d)(2)Law.
Appears in 1 contract
Permitted Uses and Disclosures by Business Associate. (a) Except as otherwise limited in this BAA, Business Associate may only may:
A. Use or disclose PHI to perform services for or on behalf of the Covered Entity as described in the Services Agreement between the parties to which this BAA is made an exhibit, if such use or disclose protected health information as necessary only to perform functions, activities or services us set forth in disclosure of Protected Health Information would not violate the Underlying AgreementPrivacy Rule if done by the Covered Entity.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use B. Use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) C. Business Associate agrees to make uses, disclosures, any uses and disclosures and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) D. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below:
1. Use PHI for the proper management and administration of Business Associate or to fulfill any present or future legal responsibilities of Business Associate.
(j) 2. Disclose PHI for the proper management and administration of Business Associate shall not directly or indirectly receive remuneration to fulfill any present or future legal responsibilities of Business Associate, provided that such disclosure is either Required by Law or Business Associate obtains reasonable assurances from any person to whom PHI is disclosed that such person will: (i) keep such information confidential, (ii) use or further disclose such information only for the purpose for which it was disclosed to such person or as Required by Law, and (iii) notify Business Associate of any instances of which it is aware in exchange for PHIwhich the confidentiality of the information has been breached.
3. Use or disclose PHI to provide data aggregation services relating to the health care operations of the Covered Entity, except as provided in 45 CFR §164.501.
E. Business Associate may create de-identified data, provided that the Business Associate de- identifies the information in accordance with the prior written consent Privacy Rule. De-identified information does not constitute PHI and is not subject to the terms and conditions of Covered Entity this BAA.
F. Business Associate may use or disclose PHI to respond to requests for PHI either accompanied by an authorization that meets the requirements of 45 CFR 164.508 or from a covered entity or health care provider in accordance with 45 CFR 164.506(c). G. Business Associate may use PHI to create a limited data set in accordance with 45 CFR §164.514, which limited data set may be used and disclosed by Business Associate as permitted by 42 U.S.C. section 17935(d)(2)law, including HIPAA.
Appears in 1 contract
Samples: Vision Plan Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business associate may only Use or Disclose Protected Health Information as necessary to perform the Services in accordance with the ASA. Business Associate may also Disclose Protected Health Information to other Business Associates of Plan upon written request of the Plan provided that the Plan certifies in writing that the receiving party has entered into an effective and binding Business Associate Agreement with the Plan and the receiving party and Plan agree to any additional provisions reasonably required by Business Associate. Business Associate will only use or disclose protected health information Use and Disclose the Minimum Necessary Protected Health Information as necessary only to perform functions, activities or services us set forth in required by 45 CFR 164.502. Business Associate may assume that any Disclosures of Protected Health Information requested by Plan constitute the Underlying AgreementMinimum Necessary.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting associate may Use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDisclose Protected Health Information as Required by Law.
(c) Business Associate may use or disclose PHI as required by lawde-identify Protected Health Information, in accordance with 45 CFR 164.518.
(d) Business Associate may use not Use or disclose PHI Disclose Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 of the HIPAA Rules if done by the Plan except as set forth below:
(i) Business associate may Use Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(ii) Business associate may Disclose Protected Health Information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures Disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information will remain confidential and used Used or further disclosed Disclosed only as required by law or for the purposes for which it was disclosed Disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(eg) Business Associate associate may provide data aggregation services relating to the health care operations of Covered Entitythe Plan.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or the services us set forth in the Underlying AgreementContract to which this Agreement is appended, including, if applicable, authorization to use protected health information to de-identify the information in accordance with 45 CFR 164,514(a)-(c) and follow additional guidance provided by US DHHS in “Guidance Regarding Methods for De-identification of protected health information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” found at xxxxx://xxx.xxx.xxx/hipaa/for-professionals/privacy/guidance/index.html.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting may use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programdisclose protected health information as required by law.
(c) Business Associate may use agrees to limit uses, disclosures, and requests for protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or disclose PHI as required by lawrequest according to the HIPAA Privacy Rule.
(d) Business Associate may not use or disclose PHI protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
(e) Business Associate may disclose protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person individual to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the personindividual, and the person individual notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been hasbeen breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make usesmay not disclose or duplicate protected health information identified by Covered Entity as provided by the Social Security Administration (SSA) without written approval and permission from SSA. If the need for such disclosure and/or duplication arises, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of must notify Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)work with Covered Entity to obtain approval and permission from SSA.
Appears in 1 contract
Samples: Hipaa Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only Protected Health Information to perform functions, activities or services us set forth for, or on behalf of, Covered Entity as specified in the Underlying Agreement.
(b) underlying service agreement between Covered Entity and Business Associate activities which are for purposes directly connected with Associate, provided that such use or disclosure would not violate the administration HIPAA Rules if done by Covered Entity or the minimum necessary policies and procedures of the Medi-Cal program includeCovered Entity. If there is no underlying service agreement between Covered Entity and Business Associate, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI Protected Health Information to perform functions, activities or services for, or on behalf of, Covered Entity for the purposes of payment, treatment or health care operations as required those terms are defined in the HIPAA Rules, provided that such use or disclosure would not violate the HIPAA Rules if done by law.
(d) Covered Entity. Business Associate is authorized to use Protected Health Information to de-identify the information in accordance with 45 CFR 164.514(a)-(c). Before proceeding with any such de-identification, Business Associate shall inform Covered Entity in writing of the manner in which it will de-identify the Protected Health Information and the proposed use and disclosure by the Business Associate of the de-identification information. Business Associate may use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required Protected Health Information as Required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Law. Business Associate agrees to make uses, disclosures, uses and disclosures and requests for PHI Protected Health Information consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) . Business Associate may not use or disclose PHI Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) in this Article. Business Associate shall not directly may use Protected Health Information for the proper management and administration of the Business Associate or indirectly receive remuneration to carry out the legal responsibilities of the Business Associate. Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that disclosures are Required by Law, or Business Associate obtains reasonable assurances in exchange writing from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for PHIthe purpose for which it was disclosed to the person, except with and the prior written consent person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Business Associate may use Protected Health Information to provide data aggregation services relating to the health care operations of the Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)Entity.
Appears in 1 contract
Samples: Subcontractor Enrollment Agreement
Permitted Uses and Disclosures by Business Associate. (a) a. The Business Associate may only use or disclose protected health information PHI as necessary only to perform functions, activities or the services us set forth in the Underlying AgreementAgreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the corresponding 45 C.F.R. Part 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by the Agreement or directed by the Covered Entity.
(b) b. The Business Associate activities which are for purposes directly connected agrees to use, disclose, and request PHI only in accordance with the administration of HIPAA Privacy Rule “minimum necessary” standard and corresponding DHA policies and procedures as stated in the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDoD HIPAA issuances.
c. The Business Associate shall not use or disclose PHI in a manner that would violate the DoD HIPAA issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate’s own management and administration and legal responsibilities or for data aggregation services as set forth in the following three paragraphs:
(c1) Except as otherwise limited in the Agreement, the Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.
(2) Except as otherwise limited in the Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information PHI is disclosed that the information it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e3) Except as otherwise limited in the Agreement, the Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and health care operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(aC.F.R. Part 164.504(e)(2)(i)(B).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate Subject to BUSINESS ASSOCIATE’s compliance with the HIPAA Rules and this BAA:
3.1 BUSINESS ASSOCIATE may only use or disclose protected health information PHI as authorized by and necessary only to perform functions, activities or the services us set forth in the Underlying Agreement.;
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate 3.2 BUSINESS ASSOCIATE may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are . Unless otherwise required by law, BUSINESS ASSOCIATE shall notify COVERED ENTITY promptly prior to making any such use or Business Associate obtains reasonable assurances from the person to whom the information disclosure so that COVERED ENTITY may, if desired, resist such disclosure or seek an appropriate protective order. If BUSINESS ASSOCIATE nonetheless is disclosed that the information will remain confidential and used or further disclosed only as required by law to use or for the purposes for which it was disclosed disclose PHI, BUSINESS ASSOCIATE shall limit its use or disclosure to the personminimum necessary that is required by law;
3.3 BUSINESS ASSOCIATE shall use, disclose and request PHI in a manner consistent with the person notifies Business Associate of any instances of which it is aware in which the confidentiality minimum necessary requirements of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, HIPAA Rules and requests for PHI consistent with Covered EntityCOVERED ENTITY’s minimum necessary policies and procedures.;
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate 3.4 BUSINESS ASSOCIATE shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done such use or disclosure was made by Covered Entity, except COVERED ENTITY;
3.5 BUSINESS ASSOCIATE may use PHI to provide data aggregation services relating to the health care operations of COVERED ENTITY at the request of and for the sole benefit of COVERED ENTITY;
3.6 If use of disclosure of PHI is based upon an individual’s specific uses consent or authorization and disclosures set forth below.(i) the individual revokes such consent or authorization, (ii) the duration of such consent or authorization has expired, or (iii) the consent or authorization is found to be defective in any manner that renders it invalid, BUSINESS ASSOCIATE shall notify COVERED ENTITY promptly and no later than ten (10) days after discovering or receiving notice of such revocation, expiration or invalidity, and shall cease all further use and disclosure of the individual’s PHI that is not permitted or required in the absence of such consent or authorization; and
(j) Business Associate 3.7 As between COVERED ENTITY and BUSINESS ASSOCIATE, COVERED ENTITY shall remain the sole and exclusive owner of the PHI. BUSINESS ASSOCIATE does not have and shall not directly acquire any right, title or indirectly receive remuneration interest in exchange for or to the PHI, except with including aggregate or de-identified PHI, by virtue of this BAA or the prior written consent Agreement, or as a result of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)the selection, arrangement, creation or processing thereof.
Appears in 1 contract
Samples: Medical Director Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate General Use and Disclosure Provisions [Select an alternative.] Except as otherwise limited in this Agreement, BUSINESS ASSOCIATE may only use or disclose protected health information Protected Health Information on behalf of, or to provide services to, COVERED ENTITY for the following purposes, if such use or disclosure of Protected Health Information would not violate the HIPAA Privacy Rule if done by COVERED ENTITY: [List Purposes]. Refer to underlying services agreement/contract Except as necessary only otherwise limited in this Agreement, BUSINESS ASSOCIATE may use or disclose Protected Health Information to perform functions, activities activities, or services us set forth for, or on behalf of, COVERED ENTITY as specified in [Insert Name of Services Agreement/Contract], provided that such use or disclosure would not violate the Underlying AgreementHIPAA Privacy Rule if done by COVERED ENTITY or the minimum necessary policies and procedures of the COVERED ENTITY.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program includeSpecific Use and Disclosure Provisions [only necessary if parties wish to allow BUSINESS ASSOCIATE to engage in such activities] Except as otherwise limited in this Agreement, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate BUSINESS ASSOCIATE may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of Business Associate the BUSINESS ASSOCIATE or to carry out the legal responsibilities of Business Associatethe BUSINESS ASSOCIATE. Except as otherwise limited in this Agreement, BUSINESS ASSOCIATE may disclose Protected Health Information for the proper management and administration of the BUSINESS ASSOCIATE, provided the that disclosures are required by lawRequired By Law, or Business Associate BUSINESS ASSOCIATE obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it was disclosed to the person, and the person notifies Business Associate the BUSINESS ASSOCIATE of any instances of which it is aware in which the confidentiality of the information has had been breached.
(e) Business Associate . Except as otherwise limited in this Agreement, BUSINESS ASSOCIATE may use Protected Health Information to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and COVERED ENTITY as permitted by 42 U.S.C. section 17935(d)(2CFR §164.504(e)(2)(i)(B).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) 3.1 Business Associate may use and disclose PHI only use or disclose protected health information as necessary only to perform functionsfollows:
a. Except as otherwise limited in this Agreement, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as necessary to perform functions, activities, or services for Covered Entity as specified in the Underlying Contracts, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity: the creation of a Limited Data Set, as provided in the data use provisions set forth in Section 5 (Data Use) of this Agreement, which Limited Data Set will be used in connection with the CARES registry, a public health surveillance activity that is being conducted for public health, public research, and health care operations purposes.
b. With respect to permitted disclosures under subsection 3.1.a above, unless otherwise specifically agreed to by the parties as set forth herein, Business Associate will not permit the disclosure of PHI to any person or entity other than such of its employees, agents or subcontractors who must have access to the PHI in order for Business Associate to perform its obligations under an Underlying Contract and who agree to keep such PHI confidential as required by lawthis Agreement.
(d) c. Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
d. Except as otherwise limited in this Agreement, Business Associate may disclose PHI in its possession to a third party for the purpose of its proper management and administration or to fulfill any legal responsibilities of Business Associate, provided that (1) the disclosure is required by law or (2) Business Associate has obtained reasonable written assurances from the third party to whom the information is disclosed that it will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party (i.e., for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, ) and the person notifies third party agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information PHI has been breached. Business Associate will notify Emory’s Privacy Officer of any disclosure required by law at 0000 Xxxxxxx Xx., 4th Floor, Atlanta, GA 30322, of such disclosure within fifteen (15) days of the disclosure.
(e) e. If the Business Associate provides data aggregation services for Covered Entity under the Underlying Contract, Business Associate may provide use and aggregate the PHI for purposes of providing the data aggregation services relating to Covered Entity. Use of PHI for any other data aggregation is not permitted.
f. Effective February 17, 2010, Business Associate may use and disclose PHI that Business Associate obtains or creates only if such use or disclosure, respectively, complies with each applicable requirement of Section 164.504(e) of Title 45, Code of Federal Regulations.
3.2 All other uses or disclosures of PHI not authorized by this Agreement are prohibited.
3.3 As between Covered Entity and Business Associate, Covered Entity holds all right, title and interest in and to the PHI, and Business Associate does not hold, and will not acquire by virtue of this Agreement or by virtue of providing any services or goods to Covered Entity, any right, title or interest in or to the PHI or any portion thereof. Except as otherwise specified in this Agreement or agreed to in writing by the parties, Business Associate will have no right to de-identify PHI for its own use or compile and/or distribute statistical analyses and reports utilizing aggregated data derived from the PHI or any other health care operations of and medical data obtained from Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) The Business Associate may only use or disclose protected health information PHI as necessary only to perform functions, activities or the services us set forth in this Agreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the Underlying Agreementcorresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by this Agreement or directed by the Covered Entity [MODIFY THIS SECTION IF THE PURPOSE OF THE AGREEMENT/CONTRACT IS FOR THE BA TO DEIDENTIFY PHI FOR THE CE].
(b) The Business Associate activities which are for purposes directly connected agrees to use, disclose and request PHI only in accordance with the administration of HIPAA Privacy Rule “minimum necessary” standard and corresponding DHA policies and procedures as stated in the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDoD HIPAA Issuances.
(c) The Business Associate may shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate’s own management and administration and legal responsibilities or for data aggregation services as required by lawset forth in the following three paragraphs.
(d) Except as otherwise limited in this Agreement, the Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.
(e) Except as otherwise limited in this Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information PHI is disclosed that the information it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(ef) Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)operations.
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) The Business Associate may only use or disclose protected health information PHI as necessary only to perform functions, activities or the services us set forth in this Agreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the Underlying Agreementcorresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by this Agreement or directed by the Covered Entity.
(b) The Business Associate activities which are for purposes directly connected agrees to use, disclose and request PHI only in accordance with the administration of HIPAA Privacy Rule “minimum necessary” standard and corresponding DHA policies and procedures as stated in the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDoD HIPAA Issuances.
(c) The Business Associate may shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate’s own management and administration and legal responsibilities or for data aggregation services as required by lawset forth in the following three paragraphs.
(d) Except as otherwise limited in this Agreement, the Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.
(e) Except as otherwise limited in this Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information PHI is disclosed that the information it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(ef) Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)operations.
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) The Business Associate may only use or disclose protected health information PHI as necessary only to perform functions, activities or the services us set forth in this Agreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the Underlying Agreementcorresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by this Agreement or directed by the Covered Entity.
(b) The Business Associate activities which are for purposes directly connected agrees to use, disclose and request PHI only in accordance with the administration of HIPAA Privacy Rule “minimum necessary” standard and corresponding DHA policies and procedures as stated in the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDoD HIPAA Issuances.
(c) The Business Associate may shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate’s own management and administration and legal responsibilities or for data aggregation services as required by lawset forth in the following three paragraphs.
(d) Except as otherwise limited in this Agreement, the Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.
(e) Except as otherwise limited in this Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legalresponsibilities of the Business Associate, provided the that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information PHI is disclosed that the information it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(ef) Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)operations.
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Permitted Uses and Disclosures by Business Associate. (a) Except as otherwise limited by this Agreement, Business Associate may only use make any Uses or disclose protected health information as Disclosures of Protected Health Information necessary only to perform functionsits services to Covered Entity and otherwise meet its obligations under this Agreement, activities if such Use or services us set forth in the Underlying AgreementDisclosure would not violate any HIPAA Rule if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement or by specific instruction of Covered Entity are prohibited.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting may Use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programDisclose Protected Health Information as Required by Law.
(c) Business Associate may use or disclose PHI as required by lawagrees to make Uses and Disclosures and requests for Protected Health Information consistent with Covered Entity’s Minimum Necessary policies and procedures.
(d) Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided (i) the disclosures are required Required by lawLaw, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information will remain confidential and used Used or further disclosed Disclosed only as required Required by law Law or for the lawful purposes for which it was disclosed Disclosed to the person, and (ii) the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Except as otherwise permitted by the HIPAA Rules, when using or disclosing Protected Health Information or requesting or responding to a request for Protected Health Information, Business Associate must limit such Protected Health Information, to the extent practicable, to a Limited Data Set, or if more information than a Limited Data Set is required, to the minimum necessary to accomplish the intended purpose of such Use, Disclosure, or request.
(f) Except as otherwise specifically permitted by the HIPAA Rules, Business Associate agrees that it will not directly or indirectly receive remuneration in exchange for any Protected Health Information unless Covered Entity has obtained from an Individual a valid authorization that includes a specification of whether the Protected Health Information can be further exchanged for remuneration by the entity receiving the Protected Health Information of the Individual.
(g) Except as otherwise specifically permitted by the HIPAA Rules, Business Associate agrees that it will not Use or Disclose Protected Health Information in connection with any fundraising and/or marketing communication unless Covered Entity has obtained a valid authorization from each Individual who will be a recipient of any such communication
(h) Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Producer Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information Except as necessary only to perform functionsotherwise limited by this Agreement, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI to perform functions, activities, or services for or on behalf of HSD/MAD for related projects between the Business Associate and HSD/MAD. Business Associate will be reviewing data for CMS Medicare Cost Reporting, specifically Disproportionate Share Hospital reimbursement. The Business Associate may not use or disclose PHI received or created pursuant to this Agreement, except as required follows: Except as otherwise limited by law.
(d) this Agreement, Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. Except as otherwise limited by this Agreement, provided Business Associate may disclose PHI where the disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances assurance from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes for purpose of which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) . Business Associate may provide data aggregation services relating use PHI to the health care operations report violations of Covered Entity.
(f) law to appropriate federal and state authorities, consistent with 45 CFR § 164.5020(1). MAD shall not request Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a any manner that would violate Subpart E of 45 CFR Part 164 not be permissible under the Privacy Rule if done by Covered EntityMAD. During the term of this BAA, except for the specific uses and disclosures set forth below.
(j) Business Associate shall be required to perform the following pursuant to the Breach Notification Rule regarding Breach Notification, Risk Assessment and Mitigation: Business Associate agrees to report to the Department’s BAA Manager or HIPAA Privacy and Security Officer any use or disclosure of PHI not directly provided for by this BAA, and HIPAA Standards, including breaches of unsecured PHI as required by 45 CFR § 164.410, as soon as it (or indirectly receive remuneration any employee or agent) becomes aware of the Breach, and in exchange for PHIno case later than three (3) business days after it (or any employee or agent) becomes aware of the Breach, except when a government official determines that a notification would impede a criminal investigation or cause damage to national security. Business Associate shall provide the Department with the prior written consent names of Covered Entity the individuals whose unsecured PHI has been, or is reasonably believed to have been, the subject of the Breach and any other available information that is required to be given to the affected individuals, as permitted set forth in 45 CFR §164.404(c), and, if requested by 42 U.S.C. section 17935(d)(2)the Department, provide information necessary for the Department to investigate promptly the impermissible use or disclosure. Business Associate shall continue to provide to the Department information concerning the Breach as it becomes available to it, and shall also provide such assistance and further information as is reasonably requested by the Department.
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or the services us set forth in the Underlying AgreementContract to which this Agreement is appended, including, if applicable, authorization to use protected health information to de-identify the information in accordance with 45 CFR 164,514(a)-(c) and follow additional guidance provided by US DHHS in “Guidance Regarding Methods for De-identification of protected health information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” found at: xxxxx://xxx.xxx.xxx/hipaa/for-professionals/privacy/guidance/index.html.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting may use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programdisclose protected health information as required by law.
(c) Business Associate may use agrees to limit uses, disclosures, and requests for protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or disclose PHI as required by lawrequest according to the HIPAA Privacy Rule.
(d) Business Associate may not use or disclose PHI protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
(e) Business Associate may disclose protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person individual to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the personindividual, and the person individual notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a disclose or duplicate protected health information identified by Covered Entity Members as provided by the Social Security Administration (SSA) without Covered Entity’s prior written approval except and permission from SSA. If the need for treatmentsuch disclosure and/or duplication arises, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of must notify Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)work with Covered Entity to obtain approval and permission from SSA.
Appears in 1 contract
Samples: Contract
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or the services us set forth in the Underlying Agreement. Covered Entity and Business Associate agree that Business Associate may disclose protected health information to other business associates of Covered Entity for Business Associate’s performance of services contemplated in the Agreements at Covered Entity’s direction, provided that such other business associates have entered into agreements imposing the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information. In addition, Business Associate may use de-identified information as set forth in Section 3.4 of the Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting may use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programdisclose protected health information as required by law.
(c) Business Associate may use or disclose PHI as required by lawagrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures.
(d) Business Associate may not use or disclose PHI protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity. However, Business Associate may use or disclose protected health information for its own management and administration and legal responsibilities as set forth in paragraphs (e), (f), or (g) below.
(e) Business Associate may use protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(f) Business Associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(eg) Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Application Terms of Service
Permitted Uses and Disclosures by Business Associate. (a) a. Except as otherwise limited by this Agreement, Business Associate may only use or disclose protected health information as make any Uses and Disclosures of PHI necessary only to perform functionsits services to Covered Entity and otherwise meet its obligations under this Agreement, activities if such Use or services us set forth in Disclosure would not violate the Underlying Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement, or by specific instruction of Covered Entity, are prohibited.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program includeb. Except as otherwise limited in this Agreement, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose Use PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement, Business Associate may Disclose PHI for the proper management and administration of the Business Associate, provided the disclosures that Disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information it will remain confidential and used used, or further disclosed Disclosed, only as required by law Required By Law, or for the purposes purpose for which it was disclosed Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) d. Except as otherwise limited in this Agreement, Business Associate may Use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services will be provided to Covered Entity only when such Data Aggregation services pertain to Health Care Operations. Business Associate further agrees that such services will not be provided in a manner that would result in Disclosure of PHI to another covered entity who was not the originator or lawful possessor of such PHI. Further, Business Associate agrees that any such wrongful Disclosure of PHI is a direct violation of this Agreement and must be reported to Covered Entity promptly after the Business Associate becomes aware of such Disclosure and, under no circumstances, later than three (3) business days after the Disclosure.
e. Business Associate may Use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).
f. Business Associate will make usesUses, disclosuresDisclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and proceduresthe Minimum Necessary principle as Required by Law.
(g) g. Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment use and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to de-identify the information or create a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, limited data set in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) § 164.514, which de-identified information or limited data set may be used and disclosed by Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)law, including HIPAA.
Appears in 1 contract
Samples: Hipaa Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Covered Entity and Business Associate may only use or disclose protected health hereby agree that this Agreement constitutes a Qualified Service Organization Agreement (“QSOA”) as required by 42 CFR Part 2. Accordingly, information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) obtained by Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionrelating to individuals who may have been diagnosed as needing, or civil or criminal proceeding related to who have received, chemical dependence treatment services shall be maintained and used only for the administration purposes intended under this Agreement and in conformity with all applicable provisions of 42 USC § 290dd-2 and the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) underlying federal regulations, 42 CFR Part 2. Accordingly, except as otherwise limited in this Agreement, Business Associate may use or disclose PHI as required Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity provided that such use or disclosure would not violate the Confidentiality or Privacy Rules if done by lawCovered Entity.
(da) Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(b) Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and will be used or further disclosed only as required by law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Notwithstanding the preceding language of this subsection, Business Associate acknowledges that the Protected Health Information received from Covered Entity, or created by Business Associate, is covered by 42 CFR Part 2 and therefore Business Associate is specifically prohibited from disclosing such information to agents or subcontractors without specific written consent of the subject individual.
(ec) Business Associate may use Protected Health Information to provide data Data Aggregation services to Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B). Data aggregation services relating to includes the health care operations combining of Covered Entityprotected information created or received by a business associate through its activities under this contract with other information gained from other sources.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(gd) Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) New York State Mental Hygiene Law and 45 CFR section 164.522(a164.502(j)(1) and 42 CFR 2.12(c)(5)(ii).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Qualified Service Organization / Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Covered Entity and Business Associate may only use or disclose protected health hereby agree that this Agreement constitutes a Qualified Service Organization Agreement (“QSOA”) as required by 42 CFR Part 2. Accordingly, information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) obtained by Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionrelating to individuals who may have been diagnosed as needing, or civil or criminal proceeding related to who have received, chemical dependence treatment services shall be maintained and used only for the administration purposes intended under this Agreement and in conformity with all applicable provisions of 42 USC § 290dd-2 and the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) underlying federal regulations 42 CFR Part 2. Accordingly, except as otherwise limited in this Agreement, Business Associate may use or disclose PHI as required Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity provided that such use or disclosure would not violate the Confidentiality or Privacy Rules if done by lawCovered Entity.
(da) Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(b) Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and will be used or further disclosed only as required by law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Notwithstanding the preceding language of this subsection, Business Associate acknowledges that the Protected Health Information received from Covered Entity, or created by Business Associate is covered by 42 CFR Part 2 and therefore Business Associate is specifically prohibited from disclosing such information to agents or subcontractors without specific written consent of the subject individual.
(ec) Business Associate may use Protected Health Information to provide data Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). Data aggregation services relating to includes the health care operations combining of Covered Entityprotected information created or received by a business associate through its activitiesunder this contract with other information gained from other sources.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(gd) Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) New York State Mental Hygiene Law and 45 CFR section 164.522(a§ 164.502(j)(1) and 42 CFR § 2.12(c)(5)(ii).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Qualified Service Organization/Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use Use or disclose protected health information Protected Health Information as necessary only to perform functions, activities or the services us set forth in [the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with Business/Service Agreement between the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) parties dated __________] Business Associate may use Use or disclose PHI Protected Health Information as required by law.
(d) Required By Law. Business Associate agrees to make Uses and Disclosures and requests for Protected Health Information consistent with Covered Entity’s Minimum Necessary policies and procedures. Business Associate may use not Use or disclose PHI Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific Uses and Disclosures set forth in (e), (f), and (g) below. Business Associate may Use Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. Business Associate may disclose Protected Health Information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures Disclosures are required by lawRequired By Law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Breached. Business Associate may provide data aggregation Data Aggregation services relating to the health care operations Health Care Operations of the Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) 3.1 Except as otherwise limited in this BAA, Business Associate may only use or disclose protected health information as necessary only PHI to perform functions, activities or services us set forth for, or on behalf of, Covered Entity as specified in the Underlying Agreement.
(b) underlying service agreement Covered Entity and Business Associate activities which are for purposes directly connected with Associate, provided that such use or disclosure would not violate the administration Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Covered Entity. Business Associate may use or disclose PHI to perform functions, activities or services for, or on behalf of, Covered Entity for the purposes of payment, treatment or health care operations as required those terms are defined in the Privacy Rule, provided that such use or disclosure would not violate the Privacy Rule if done by lawCovered Entity or the minimum necessary policies and procedures of the Covered Entity.
(d) 3.2 Except as otherwise limited in this BAA, Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
3.3 Except as otherwise limited in this BAA, Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required Required by lawXxx, or Business Associate obtains reasonable assurances in writing from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required Required by law Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) 3.4 Except as otherwise limited in this BAA, Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered EntityEntity as permitted by 45 CFR 164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) 3.5 Business Associate may not divulge the Medi-Cal status use PHI to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal, payment State and operationslocal authorities, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a154.502(j)(1).
(i) 3.6 Business Associate may not use will limit the use, disclosure, or disclose PHI in a manner that would violate Subpart E request of 45 CFR Part 164 PHI, to the extent practicable, to the Limited Data Set or, if done needed by Covered EntityBusiness Associate, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, except for to the specific uses and disclosures set forth belowextent a broader use, disclosure, or request of PHI is allowed by the Privacy Rule.
(j) 3.7 Except as otherwise authorized by the Privacy Rule, Business Associate shall not directly or indirectly receive remuneration in exchange for PHIany PHI of an Individual unless Covered Entity has received a valid authorization from the Individual that includes a specification of whether the PHI can be further exchanged for remuneration by the entity receiving PHI of that
3.8 Business Associate may not use or disclose PHI regarding an Individual with respect to a communication about a project or service that encourages recipients of the communication to purchase or use the product or service unless the communication is made to the Individual: (i) to describe a health-related product or service (or payment for such product or service) that is provided by, or included in, the Plan, including communications about the entities participating in a health care provider network or health plan network, replacement of, or enhancements to, the Plan, and health-related products or services available only to Individuals that add value to, but are not part of, the Plan; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the Individual. Notwithstanding the foregoing, except as allowed by the Privacy Rule, Business Associate may not use or disclose PHI regarding an Individual with respect to a communication described above if Covered Entity receives direct or indirect payment in exchange for making such communication.
3.9 With respect to PHI that Business Associate creates or receives on behalf of Covered Entity, Business Associate will not use or further disclose the prior written consent PHI other than as permitted or required by this BAA or as Required by Law.
3.10 In the event the Business Associate transmits or receives any electronic transaction on behalf of Covered Entity, it shall comply with all applicable provisions of HIPAA and HITECH and the applicable regulations and shall ensure that any agents and subcontractors that assist Business Associate in conducting electronic transactions on behalf of Covered Entity agree in writing to comply with all applicable provisions of HIPAA and as permitted HITECH and the applicable regulations to the extent Required by 42 U.S.C. section 17935(d)(2)Law.
Appears in 1 contract
Samples: Professional Services
Permitted Uses and Disclosures by Business Associate. (a) 3.1 Business Associate may use and disclose PHI only use or disclose protected health information as necessary only to perform functionsfollows:
a. Except as otherwise limited in this Agreement, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as necessary to perform functions, activities, or services for ADA Member as specified in the Underlying Contracts, provided that such use or disclosure would not violate the Privacy Rule if done by ADA Member.
b. With respect to permitted uses and disclosures under subsection 3.1.a above, unless otherwise specifically agreed to by the parties, Business Associate will not permit the disclosure of PHI to any person or entity other than such of its employees, agents or subcontractors who must have access to the PHI in order for Business Associate to perform its obligations under an Underlying Contract and who agree to keep such PHI confidential as required by lawthis Agreement.
(d) c. Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
d. Except as otherwise limited in this Agreement, and after giving ADA Member advance notice as set forth above in Section 2.10, Business Associate may disclose PHI in its possession to a third party for the purpose of its proper management and administration or to fulfill any legal responsibilities of Business Associate, provided that (1) the disclosure is required by law or (2) Business Associate has obtained reasonable written assurances from the person to whom the information is disclosed that it will be held confidentially and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the person (i.e., for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, ) and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information PHI has been breached. Within fifteen (15) days of a disclosure required by law, Business Associate will notify ADA Member.
(e) e. If the Business Associate may provide provides data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make usesADA Member for ADA Member under the Underlying Contract, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may use and aggregate the PHI for purposes of providing the data aggregation services to ADA Member. Use of PHI for any other data aggregation is not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by lawpermitted.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) f. Business Associate may not use and disclose PHI that Business Associate obtains or creates only if such use or disclose PHI in a manner that would violate Subpart E disclosure, respectively, complies with each applicable requirement of 45 CFR Part 164 if done by Covered EntitySection 164.504(e) of Title 45, except for the specific uses and disclosures set forth belowCode of Federal Regulations.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Service Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) 2.1 Business Associate may use or disclose PHI Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as required specified in the Prime Contracts, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by law.
Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only Protected Health Information that is contained in a limited data set (das defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business Associate may disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the use, disclosure, or request for use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restrictiondisclosure, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)the requireme nts of HIPAA. Covered Entity shall determine what quantum of information constitutes the “minimum necessary” amount for Business Associate to accomplish its intended purposes.
(i) 2.2 Business Associate may not use or disclose PHI Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) 2.3 Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B).
2.4 Business Associate may disclose Protected Health Information in its possession to third parties with whom it contracts for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that:
2.4.1 The disclosures are required by law; or
2.4.2 Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached.
2.4.3 Without limiting the foregoing, if Business Associate discloses PHI to a “Subcontractor” as defined under the HIPAA Privacy and Security Rules, Business Associate shall not directly or indirectly receive remuneration execute a Business Associate Agreement with such Subcontractor containing substantially the same terms and conditions as set forth in exchange for this Agreement.
2.5 Business Associate shall train the members of its workforce whose function involves contact with PHI to appropriately handle and safeguard PHI. Such training shall, except with the prior written consent at a minimum, include: implementation and use of Covered Entity risk assessment criteria to determine when a Breach occurs, and as permitted by 42 U.S.C. section 17935(d)(2)how to report a Breach.
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate associate may only use or disclose protected health information “as necessary only to perform functions, activities or the services us set forth in ASO Agreement.” Protected Health Information Use Business Associate may use Covered Person’s Protected Health Information as necessary for Business Associate to perform Data Aggregation services, and to create De-identified Information, Summary Health Information and/or Limited Data Sets. Protected Health Information Disclosure Business Associate may disclose, in conformance with the Underlying AgreementHIPAA Privacy Regulations, Covered Person’s Protected Health Information to make disclosures of De-identified Information, Limited Data Set Information, and Summary Health Information, and to make Incidental Disclosures.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate associate may use or disclose PHI protected health information as required by law.
(c) Business associate agrees to make uses and disclosures and requests for protected health information consistent with covered entity’s minimum necessary policies and procedures that accomplish the intended purpose.
(d) Business Associate associate may not use or disclose PHI protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by covered entity except for the specific uses and disclosures set forth below.
(e) Business associate may use protected health information for the proper management and Administration administration of Business Associate the business associate or to carry out the legal responsibilities of the business associate.
(f) Business Associateassociate may disclose protected health information for the proper management and administration of business associate or to carry out the legal responsibilities of the business associate, provided the disclosures are required by law, or Business Associate business associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate business associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(eg) Business Associate associate may provide data aggregation services relating to the health care operations of Covered Entitythe covered entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information a. Except as necessary only to perform functionsotherwise limited in this Agreement, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Service Agreement, provided that such use or disclosure would not violate the Privacy Rule or the HITECH Act, if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity required by law45 CFR §164.514(d).
(d) b. Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) d. Except as otherwise limited in this Agreement, Business Associate will ensure that any agents, including subcontractors, to whom it discloses PHI agrees in writing to the same restrictions and conditions that apply to the Business Associate.
e. If the Business Associate creates, receives, maintains, or transmits electronic PHI on behalf of the Covered Entity: Agents, including subcontractors, will implement at a minimum the safeguards required of Business Associate with respect to electronic PHI.
f. The Business Associate shall implement and apply appropriate sanctions against agents and subcontractors that violate the conditions and restrictions of this Agreement and shall mitigate the effects of any such violation. .
g. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide data aggregation Data Aggregation services relating to the health care operations of Covered EntityEntity as permitted by 45 CFR §164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) h. Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a§164.502(j)(1).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Covered Entity and Business Associate may only use or disclose protected health hereby agree that this Agreement constitutes a Qualified Service Organization Agreement (“QSOA”) as required by 42 CFR Part 2. Accordingly, information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) obtained by Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionrelating to individuals who may have been diagnosed as needing, or civil or criminal proceeding related to who have received, substance use disorder treatment services shall be maintained and used only for the administration purposes intended under this Agreement and in conformity with all applicable provisions of 42 USC § 290dd-2 and the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) underlying federal regulations 42 CFR Part 2. Accordingly, except as otherwise limited in this Agreement, Business Associate may use or disclose PHI as required Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity provided that such use or disclosure would not violate the Confidentiality or Privacy Rules if done by lawCovered Entity.
(da) Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(b) Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and will be used or further disclosed only as required by law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Notwithstanding the preceding language of this subsection, Business Associate acknowledges that the Protected Health Information received from Covered Entity, or created by Business Associate is covered by 42 CFR Part 2 and therefore Business Associate is specifically prohibited from disclosing such information to agents or subcontractors without specific written consent of the subject individual.
(ec) Business Associate may use Protected Health Information to provide data Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). Data aggregation services relating to includes the health care operations combining of Covered Entityprotected information created or received by a business associate through its activities under this contract with other information gained from other sources.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(gd) Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) New York State Mental Hygiene Law and 45 CFR section 164.522(a§ 164.502(j)(1) and 42 CFR § 2.12(c)(5)(ii).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Covered Entity and Business Associate may only use or disclose protected health hereby agree that this Agreement constitutes a Qualified Service Organization Agreement (“QSOA”) as required by 42 CFR Part 2. Accordingly, information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) obtained by Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionrelating to individuals who may have been diagnosed as needing, or civil or criminal proceeding related to who have received, chemical dependence treatment services shall be maintained and used only for the administration purposes intended under this Agreement and in conformity with all applicable provisions of 42 USC § 290dd-2 and the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) underlying federal regulations 42 CFR Part 2. Accordingly, except as otherwise limited in this Agreement, Business Associate may use or disclose PHI as required Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity provided that such use or disclosure would not violate the Confidentiality or Privacy Rules if done by lawCovered Entity.
(da) Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(b) Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and will be used or further disclosed only as required by law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the ATTACHMENT V information has been breached. Notwithstanding the preceding language of this subsection, Business Associate acknowledges that the Protected Health Information received from Covered Entity, or created by Business Associate is covered by 42 CFR Part 2 and therefore Business Associate is specifically prohibited from disclosing such information to agents or subcontractors without specific written consent of the subject individual.
(ec) Business Associate may use Protected Health Information to provide data Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). Data aggregation services relating to includes the health care operations combining of Covered Entityprotected information created or received by a business associate through its activities under this contract with other information gained from other sources.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(gd) Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) New York State Mental Hygiene Law and 45 CFR section 164.522(a§ 164.502(j)(1) and 42 CFR § 2.12(c)(5)(ii).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Qualified Service Organization / Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Except as otherwise limited by this Agreement, Business Associate may only use or disclose protected health information as make any Uses and Disclosures of Protected Health Information necessary only to perform functionsits services to Covered Entity and otherwise meet its obligations under this Agreement, activities if such Use or services us set forth in Disclosure would not violate the Underlying Agreement.
(b) Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionauthorized by this Agreement, or civil or criminal proceeding related to the administration by specific instruction of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Covered Entity, are prohibited. • Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI Use Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. • Except as otherwise limited in this Agreement, Business Associate may Disclose Protected Health Information for the proper management and administration of the Business Associate, provided the disclosures that Disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information it will remain confidential and used used, or further disclosed Disclosed, only as required by law Required By Law, or for the purposes purpose for which it was disclosed Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) . • Except as otherwise limited in this Agreement, Business Associate may Use Protected Health Information to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Entity only wherein said services pertain to Health Care Operations. Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate further agrees that said services shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI be provided in a manner that would violate Subpart E result in Disclosure of 45 CFR Part 164 if done by Protected Health Information to another covered entity who was not the originator and/or lawful possessor of said Protected Health Information. Further, Business Associate agrees that any such wrongful Disclosure of Protected Health Information is a direct violation of this Agreement and shall be reported to Covered EntityEntity immediately after the Business Associate becomes aware of said Disclosure and, except for the specific uses under no circumstances, later than three (3) business days thereafter. • Business Associate may Use Protected Health Information to report violations of law to appropriate Federal and disclosures set forth below.
(j) State authorities, consistent with § 164.502(j)(1). • Business Associate shall not directly or indirectly receive remuneration in exchange make Uses, Disclosures, and requests for PHI, except Protected Health Information consistent with the prior written consent of Covered Entity and Minimum Necessary principle as permitted by 42 U.S.C. section 17935(d)(2)defined herein.
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Covered Entity and Business Associate may only use or disclose protected health hereby agree that this Agreement constitutes a Qualified Service Organization Agreement (“QSOA”) as required by 42 CFR Part 2. Accordingly, information as necessary only to perform functions, activities or services us set forth in the Underlying Agreement.
(b) obtained by Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionrelating to individuals who may have been diagnosed as needing, or civil or criminal proceeding related to who have received, chemical dependence treatment services shall be maintained and used only for the administration purposes intended under this Agreement and in conformity with all applicable provisions of 42 USC § 290dd-2 and the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) underlying federal regulations 42 CFR Part 2. Accordingly, except as otherwise limited in this Agreement, Business Associate may use or disclose PHI as required Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity provided that such use or disclosure would not violate the Confidentiality or Privacy Rules if done by lawCovered Entity.
(da) Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(b) Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided the that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information it will remain confidential and will be used or further disclosed only as required by law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Notwithstanding the preceding language of this subsection, Business Associate acknowledges that the Protected Health Information received from Covered Entity, or created by Business Associate is covered by 42 CFR Part 2 and therefore Business Associate is specifically prohibited from disclosing such information to agents or subcontractors without specific written consent of the subject individual.
(ec) Business Associate may use Protected Health Information to provide data Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). Data aggregation services relating to includes the health care operations combining of Covered Entityprotected information created or received by a business associate through its activities under this contract with other information gained from other sources.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(gd) Business Associate may not divulge the Medi-Cal status use Protected Health Information to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal and State authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) New York State Mental Hygiene Law and 45 CFR section 164.522(a§ 164.502(j)(1) and 42 CFR § 2.12(c)(5)(ii).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Qualified Service Organization / Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) A. Except as otherwise limited by this Agreement, Business Associate may only use or disclose protected health information as make any Uses and Disclosures of PHI necessary only to perform functionsits services to Covered Entity and otherwise meet its obligations under this Agreement, activities if such User or services us set forth in Disclosure would not violate the Underlying Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement, or by specific instruction of Covered Entity, are prohibited.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program includeB. Except as otherwise limited in this Agreement, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose Use PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
C. Except as otherwise limited in this Agreement, Business Associate may Disclose PHI for the proper management and administration of the Business Associate, provided the disclosures that Disclosures are required by lawRequired By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed Disclosed that the information it will remain confidential and used used, or further disclosed Disclosed, only as required by law Required By Law, or for the purposes purpose for which it was disclosed Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) D. Except as otherwise limited in this Agreement, Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Entity as permitted by 45 CFR Section 164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to Covered Entity only wherein said services pertain to Health Care Operations. Business Associate further agrees that said services shall not be provided in a manner that would result in Disclosure of PHI to another covered entity who was not the originator and/or lawful possessor of said PHI. Further, Business Associate agrees that any such wrongful Disclosure of PHI is a direct violation of this Agreement and shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Disclosure and, under no circumstances, later than three (3) business days thereafter.
E. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with Section 164.502(j)(1).
F. Business Associate shall make usesUses, disclosuresDisclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and proceduresthe Minimum Necessary principle as defined herein.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only Pursuant to perform functions, activities or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, Agreement Contractor will provide access and crisis mental health services. These services may include but are not limited to: answering and triaging after-hours calls received via the 24/7 Behavioral Health (amental health and substance use services) establishing eligibility ACCESS Line for Yolo County Health and methods Human Services Agency (HHSA); assessing and appropriately disposing service calls, urgent support requests, and crisis calls; performing crisis evaluations and clinical triage work including making appropriate referrals to both internal and external behavioral health services; coordinating with law enforcement agencies to support community based mental health response; and utilizing the County’s Electronic Health Record and Practice Management System (EHR) AVATAR to document in the ACCESS log and to document all other services provided in accordance with Medi-Cal documentation standards and the requirements of reimbursement; the Underlying Agreement. These services may involve use and disclosure of protected health information (bPHI) determining the amount of medical assistance; or Electronic Protected Health Information (cEPHI) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration treatment and care of clients. Except as otherwise specified herein, Contractor will be given access to the County’s EHR AVATAR. Such access will be granted to specific individuals by named user accounts/logons and user roles, upon completion of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related County’s AVATAR Practitioner ID enrollment process. Contractor agrees to abide by all County policies and procedures regarding AVATAR and the administration privacy and security of client information. Contractor may only access Avatar and make use of it in order to perform its obligations under the Medi-Cal program.
(c) Underlying Agreement between the parties. As otherwise limited in this Addendum and the Underlying Agreement, Business Associate may use or disclose PHI and EPHI to perform functions, activities, or services for, or on behalf of, Covered Entity as required by law.
(d) Business Associate may specified in the Underlying Agreement, provided that such use or disclose PHI for disclosure would not violate the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except Entity and the use or disclosure of PHI and EPHI is limited to the minimum amount necessary for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with to perform its obligations pursuant to the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)Underlying Agreement.
Appears in 1 contract
Samples: Agreement for Mental Health Services
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or and disclose protected health information PHI as necessary only to perform functions, activities or services us set forth in the Underlying Agreementthis Section.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include3.1 Except as otherwise limited in this Agreement, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Business Associate may use or disclose PHI to perform functions, activities, or services for or on behalf of Covered Entity as required specified in the underlying service agreement between Covered Entity and Business Associate, provided that such use or disclosure shall not violate the Privacy Rule if done by law.
(d) Covered Entity or the minimum necessary policies and procedures of the Covered Entity. If no underlying service agreement exists between Covered Entity and Business Associate, Business Associate may use or disclose PHI to perform functions, activities, or services for or on behalf of Covered Entity for the purposes of payment, treatment, or health care operations as those terms are defined in the Privacy Rule, provided that such use or disclosure shall not violate the Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
3.2 Except as otherwise limited in this Agreement, Business Associate may use PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
3.3 Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required Required by law, Law or Business Associate obtains reasonable assurances in writing from the person to whom the information is disclosed that that: (a) the information disclosed PHI will remain confidential and will be used or further disclosed only as required Required by law Law or for the purposes purpose for which it was disclosed to the person, person and (b) the person notifies the Business Associate of any known instances of which it is aware in which the confidentiality of the information has been breached.
(e) 3.4 Except as otherwise limited in this Agreement, Business Associate may use PHI to provide data aggregation services relating to the health care operations of Covered EntityEntity as permitted by 45 CFR 164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) 3.5 Business Associate may not divulge the Medi-Cal status use PHI to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate federal and state authorities, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a164.502(j)(1).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Professional Services
Permitted Uses and Disclosures by Business Associate. (a) Except as otherwise limited in this Agreement, Business Associate may only use or disclose protected health information Protected Health Information as necessary only to perform functions, activities activities, or services us set forth in the Underlying Agreement.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecutionfor, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) on behalf of, Covered Program as specified in this Agreement. Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI Protected Health Information for the proper management and Administration administration of Business Associate. Business Associate may disclose Protected Health Information as Required By Law. Term and Termination This Agreement shall be effective for the term as specified on the cover page of this Agreement, after which time all of the Protected Health Information provided by Covered Program to Business Associate, or created or received by Business Associate on behalf of Covered Program, shall be destroyed or returned to Covered Program; provided that, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Appendix to this Agreement. Termination for Cause. Upon Covered Program’s knowledge of a material breach by Business Associate, Covered Program may provide an opportunity for Business Associate to cure the breach and end the violation or may terminate this Agreement if Business Associate does not cure the breach and end the violation within the time specified by Covered Program, or Covered Program may immediately terminate this Agreement if Business Associate has breached a material term of this Agreement and cure is not possible. Effect of Termination. Except as provided in paragraph (c)(2) below, upon termination of this Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Program, or created or received by Business Associate on behalf of Covered Program. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information. In the event that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Program notification of the conditions that make return or destruction infeasible. Upon mutual Agreement of Business Associate and Covered Program that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to carry out such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. Violations Any violation of this Agreement may cause irreparable harm to the County. Therefore, the County may seek any legal responsibilities remedy, including an injunction or specific performance for such harm, without bond, security or necessity of demonstrating actual damages. Business Associate shall indemnify and hold the County harmless against all claims and costs resulting from acts/omissions of Business Associate in connection with Business Associate’s obligations under this Agreement. Business Associate shall be fully liable for the actions of its agents, employees, partners or subcontractors and shall fully indemnify and save harmless the County from suits, actions, damages and costs, of every name and description relating to breach notification required by 45 CFR Part 164 Subpart D, or State Technology Law § 208, caused by any intentional act or negligence of Business Associate, provided the disclosures are required by lawits agents, employees, partners or Business Associate obtains reasonable assurances from the person to whom the information is disclosed subcontractors, without limitation; provided, however, that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual indemnify for that portion of any claim, loss or damage arising hereunder due to a health plan for payment the negligent act or health care operations purposes if failure to act of the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a)County.
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2).
Appears in 1 contract
Samples: Assisted Living Program Agreement
Permitted Uses and Disclosures by Business Associate. Business Associate may obtain, use and/or disclose Protected Health Information incident to its provision of brokerage or consulting services for Covered Entity and any health benefit plan sponsored by Covered Entity, so long as such access, use or disclosure is either Required By Law or Permitted By Law if done by the Covered Entity and provided further that Business Associate has met all legal requirements for such access, use or disclosure. This specifically includes but is not limited to the following:
(a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or services us set forth in Claim administration for the Underlying AgreementCovered Entity.
(b) Business Associate activities which are Disclosure to other entities for purposes directly connected with the administration of the Medi-Cal program includetheir treatment, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting payment or assisting an investigation, prosecution, or civil or criminal proceeding related permitted health care operations to the administration of extent the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related Covered Entity is Permitted By Law to the administration of the Medi-Cal programdo so.
(c) Business Associate may use or disclose PHI as required by law.
(d) Business Associate may use or disclose PHI for Management and administration of the proper management and Administration of Business Associate or to carry out the legal responsibilities of the Business Associate, Associate provided the disclosures are required by law, or that such use is Permitted By Law and provided that Business Associate obtains reasonable assurances in advance and in writing from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate within fourteen days of any instances of which it is aware in which the confidentiality of the information has been breached.
(ed) Business Associate may To provide data aggregation Data Aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required permitted by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a164.504(e)(2)(1)(B).
(ie) De-identification of the Protected Health Information to the extent Permitted By Law, provided that Business Associate satisfies the applicable provisions for de-identification under the HIPAA Privacy Regulations and provides Covered Entity with written documentation as required by said provisions and as may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done be specified by Covered Entity, except for Entity as well as a certification of compliance with the specific uses and disclosures set forth below.
(j) Business Associate HIPAA Privacy Regulations. Any such de-identified information shall not directly or indirectly receive remuneration in exchange for PHI, except with constitute Protected Health Information and shall not be subject to the prior written consent terms and conditions of Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)this Agreement regarding Protected Health Information.
Appears in 1 contract
Samples: Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) 3.1 Except as otherwise limited in this BAA, Business Associate may only use or disclose protected health information as necessary only PHI to perform functions, activities or services us set forth for, or on behalf of, Covered Entity as specified in the Underlying Agreement.
(b) underlying service agreement Covered Entity and Business Associate activities which are for purposes directly connected with Associate, provided that such use or disclosure would not violate the administration Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) Covered Entity. Business Associate may use or disclose PHI to perform functions, activities or services for, or on behalf of, Covered Entity for the purposes of payment, treatment or health care operations as required those terms are defined in the Privacy Rule, provided that such use or disclosure would not violate the Privacy Rule if done by lawCovered Entity or the minimum necessary policies and procedures of the Covered Entity.
(d) 3.2 Except as otherwise limited in this BAA, Business Associate may use or disclose PHI for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
3.3 Except as otherwise limited in this BAA, Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the that disclosures are required Required by lawXxx, or Business Associate obtains reasonable assurances in writing from the person to whom the information is disclosed that the information it will remain confidential and used or further disclosed only as required Required by law Law or for the purposes purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) 3.4 Except as otherwise limited in this BAA, Business Associate may use PHI to provide data aggregation Data Aggregation services relating to the health care operations of Covered EntityEntity as permitted by 45 CFR 164.504(e)(2)(i)(B).
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) 3.5 Business Associate may not divulge the Medi-Cal status use PHI to report violations of a Covered Entity Members without Covered Entity’s prior approval except for treatmentlaw to appropriate Federal, payment State and operationslocal authorities, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance consistent with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a154.502(j)(1).
(i) 3.6 Business Associate may not use will limit the use, disclosure, or disclose PHI in a manner that would violate Subpart E request of 45 CFR Part 164 PHI, to the extent practicable, to the Limited Data Set or, if done needed by Covered EntityBusiness Associate, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, except for to the specific uses and disclosures set forth belowextent a broader use, disclosure, or request of PHI is allowed by the Privacy Rule.
(j) 3.7 Except as otherwise authorized by the Privacy Rule, Business Associate shall not directly or indirectly receive remuneration in exchange for PHIany PHI of an Individual unless Covered Entity has received a valid authorization from the Individual that includes a specification of whether the PHI can be further exchanged for remuneration by the entity receiving PHI of that Covered Individual.
3.8 Business Associate may not use or disclose PHI regarding an Individual with respect to a communication about a project or service that encourages recipients of the communication to purchase or use the product or service unless the communication is made to the Individual: (i) to describe a health-related product or service (or payment for such product or service) that is provided by, or included in, the Plan, including communications about the entities participating in a health care provider network or health plan network, replacement of, or enhancements to, the Plan, and health-related products or services available only to Individuals that add value to, but are not part of, the Plan; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the Individual. Notwithstanding the foregoing, except as allowed by the Privacy Rule, Business Associate may not use or disclose PHI regarding an Individual with respect to a communication described above if Covered Entity receives direct or indirect payment in exchange for making such communication.
3.9 With respect to PHI that Business Associate creates or receives on behalf of Covered Entity, Business Associate will not use or further disclose the prior written consent PHI other than as permitted or required by this BAA or as Required by Law.
3.10 In the event the Business Associate transmits or receives any electronic transaction on behalf of Covered Entity, it shall comply with all applicable provisions of HIPAA and HITECH and the applicable regulations and shall ensure that any agents and subcontractors that assist Business Associate in conducting electronic transactions on behalf of Covered Entity agree in writing to comply with all applicable provisions of HIPAA and as permitted HITECH and the applicable regulations to the extent Required by 42 U.S.C. section 17935(d)(2)Law.
Appears in 1 contract
Permitted Uses and Disclosures by Business Associate. (a) Business Associate may only use or disclose protected health information as necessary only to perform functions, activities or the services us set forth in the Underlying AgreementContract to which this Agreement is appended, including, if applicable, authorization to use protected health information to de-identify the information in accordance with 45 CFR 164,514(a)-(c) and follow additional guidance provided by US DHHS in “Guidance Regarding Methods for De-identification of protected health information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” found at xxxxx://xxx.xxx.xxx/hipaa/for-professionals/privacy/guidance/index.html.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting may use or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal programdisclose protected health information as required by law.
(c) Business Associate may use agrees to limit uses, disclosures, and requests for protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or disclose PHI as required by lawrequest according to the HIPAA Privacy Rule.
(d) Business Associate may not use or disclose PHI protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
(e) Business Associate may disclose protected health information for the proper management and Administration administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person individual to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the personindividual, and the person individual notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) Business Associate agrees to make uses, disclosures, and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.
(g) Business Associate may not divulge the Medi-Cal status of a disclose or duplicate protected health information identified by Covered Entity Members as provided by the Social Security Administration (SSA) without Covered Entity’s prior written approval except and permission from SSA. If the need for treatmentsuch disclosure and/or duplication arises, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.
(j) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of must notify Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)work with Covered Entity to obtain approval and permission from SSA.
Appears in 1 contract
Samples: Hipaa Business Associate Agreement
Permitted Uses and Disclosures by Business Associate. (a) Since the Business Associate is or shall provide services as necessary to perform its obligations to the Covered Entity [as set forth in (the “Services Agreement”)] (“Services”) that may involve the receipt, creation, or other uses of any nature or description of PHI, the Business Associate agrees, except as otherwise provided in this Agreement, only to use or disclose protected health information PHI as necessary only to perform functions, activities or services us set forth in the Underlying AgreementServices for the Covered Entity.
(b) Business Associate activities which are for purposes directly connected with the administration of the Medi-Cal program include, but are not limited to: (a) establishing eligibility and methods of reimbursement; (b) determining the amount of medical assistance; (c) providing services for Members; (d) conducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the Medi-Cal program; (e) conducting or assisting a legislative investigation or audit related to the administration of the Medi-Cal program.
(c) The Business Associate may use or disclose PHI as required Required by lawLaw.
(dc) Business Associate may use or disclose PHI for the proper management and Administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(e) Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
(f) The Business Associate agrees to make uses, disclosures, uses and disclosures and requests for PHI consistent with the Covered Entity’s minimum necessary Minimum Necessary policies and and/or procedures.
(gd) Business Associate may not divulge the Medi-Cal status of a Covered Entity Members without Covered Entity’s prior approval except for treatment, payment and operations, or as required by law.
(h) Business Associate shall not disclose PHI about an individual to a health plan for payment or health care operations purposes if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full and the individual requests such restriction, in accordance with 42 U.S.C. section 17935(a) and 45 CFR section 164.522(a).
(i) The Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR C.F.R. Part 164 if done by the Covered Entity, Entity except for the specific uses and disclosures set forth belowbelow in subsection (e).
(je) The Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are Required By Law, or the Business Associate obtains the following:
(i) written approval from the Covered Entity; and (ii) reasonable assurances from the person to whom the PHI is disclosed that (A) the PHI will remain confidential and used or further disclosed only as Required By Law or for the purposes for which it was disclosed to the person, and (B) the person will immediately notify the Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been Breached.
(f) Business Associate may provide Data Aggregation services relating to the Health Care Operations of the Covered Entity if requested by the Covered Entity in writing.
(g) The Business Associate shall not directly or indirectly receive remuneration use de-identified PHI in exchange for PHI, except with any manner without the prior express written consent authorization of the Covered Entity and as permitted by 42 U.S.C. section 17935(d)(2)Entity.
Appears in 1 contract
Samples: Hipaa Business Associate Agreement
