Common use of Permitted Uses and Disclosures by the Business Associate Clause in Contracts

Permitted Uses and Disclosures by the Business Associate. a. The Business Associate may Use or Disclose Protected Health Information received in relation to the Underlying Agreement as necessary to perform the services set forth in the Underlying Agreement. b. The Business Associate is not authorized to de-identify Protected Health Information in accordance with 45 C.F.R. § 164.514(a)-(c) unless expressly authorized to do so in writing by the Covered Entity’s Security and Privacy Officer. c. The Business Associate agrees to make Uses and Disclosures and Requests for Protected Health Information consistent with the Covered Entity’s Minimum Necessary policies and procedures. d. The Business Associate may not Use or Disclose Protected Health Information in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity. e. The Business Associate may Use or Disclose the Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the Disclosures are Required By Law, or the Business Associate obtains reasonable assurances from the person to who the information is Disclosed that the information will remain confidential and used or further Disclosed only as Required By Law or for the purposes for which it was Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the Protected Health Information has been Breached.

Permitted Uses and Disclosures by the Business Associate. a. i) The Business Associate may Use or Disclose Protected Health Information received in relation to the Underlying Agreement as necessary to perform the services set forth in the Underlying Agreement. b. ii) The Business Associate is not authorized to de-identify Protected Health Information in accordance with 45 C.F.R. § 164.514(a)-(c) unless expressly authorized to do so in writing by the Covered Entity’s Security and Privacy Officer. c. iii) The Business Associate agrees to make Uses and Disclosures and Requests for Protected Health Information consistent with the Covered Entity’s Minimum Necessary policies and procedures. d. iv) The Business Associate may not Use or Disclose Protected Health Information in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity. e. v) The Business Associate may Use or Disclose the Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided the Disclosures are Required By Law, or the Business Associate obtains reasonable assurances from the person to who the information is Disclosed that the information will remain confidential and used or further Disclosed only as Required By Law or for the purposes for which it was Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the Protected Health Information has been Breached.