Common use of Permitted Uses and Disclosures by the Business Associate Clause in Contracts

Permitted Uses and Disclosures by the Business Associate. a. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in the Contract, provided that such use or disclosure would not violate Subpart E of 45 CFR § 164 if the same activity were performed by the Covered Entity or would not violate the minimum necessary policies and procedures of the Covered Entity. b. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. c. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that the disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used, or further disclosed, only as required by law, or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it has knowledge that the confidentiality of the information has been breached. d. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may use PHI to provide Data Aggregation services to the Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B). e. Business Associate may use PHI to report violations of the Law to the appropriate federal and District of Columbia authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures by the Business Associate. a. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may use or disclose PHI Protected Health Information to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in the Contract, provided that such use or disclosure would not violate Subpart E of 45 CFR § 164 HIPAA if the same activity were performed by the Covered Entity or would not violate the minimum necessary policies and procedures of the Covered Entity. b. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may use PHI Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. c. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may disclose PHI Protected Health Information for the proper management and administration of the Business Associate, provided that the disclosures are required by lawRequired By Law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used, or further disclosed, only as required by lawRequired By Law, or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it has knowledge that the confidentiality of the information has been breached. d. Except as otherwise limited in this HIPAA Compliance Clause, the Business Associate may use PHI Protected Health Information to provide Data Aggregation services to the Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B). e. Business Associate may use PHI Protected Health Information to report violations of the Law to the appropriate federal and District of Columbia authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures by the Business Associate. a. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in the Contract, provided that such use or disclosure would not violate Subpart E of 45 CFR § C.F.R Part 164 if the same activity were performed by the Covered Entity or would not violate the minimum necessary policies and procedures of the Covered Entity. b. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. c. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that the disclosures are required by lawRequired By Law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used, or further disclosed, only as required by lawRequired By Law, or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it has knowledge that the confidentiality of the information has been breached. d. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may use PHI to provide Data Aggregation services to the Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B). e. Business Associate may use PHI to report violations of this BAA or the Law HIPAA Regulations to the appropriate federal and District of Columbia authorities, consistent with 45 C.F.R. § 164.502(j)(1164.502(j)(1)-(2).

Permitted Uses and Disclosures by the Business Associate. a. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in the Contract, provided that such use or disclosure would not violate Subpart E of 45 CFR § C.F.R Part 164 if the same activity were performed by the Covered Entity or would not violate the minimum necessary policies and procedures of the Covered Entity. b. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. c. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that the disclosures are required by lawRequired By Law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used, or further disclosed, only as required by lawRequired By Law, or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it has knowledge that the confidentiality of the information has been breached. d. Except as otherwise limited in this HIPAA Compliance ClauseBAA, the Business Associate may use PHI to provide Data Aggregation services to the Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B164.504(e) (2)(i)(B). e. Business Associate may use PHI to report violations of this BAA or the Law HIPAA Regulations to the appropriate federal and District of Columbia authorities, consistent with 45 C.F.R. § 164.502(j)(1164.502(j)(1)-(2).