Permitted Uses and Disclosures of Phi by Business Associate Sample Clauses

Permitted Uses and Disclosures of Phi by Business Associate. Except as otherwise indicated in this Agreement, Business Associate may use or disclose PHI, inclusive of de-identified data derived from such PHI, only to perform functions, activities or services specified in this Agreement on behalf of DHCS, provided that such use or disclosure would not violate HIPAA or other applicable laws if done by DHCS.

Permitted Uses and Disclosures of Phi by Business Associate. Business Associate may only use or disclose PHI: A. As necessary to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreement, provided that such use or Disclosure would not violate the Privacy Rule if done by Covered Entity; B. As required by law; and C. For the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

Permitted Uses and Disclosures of Phi by Business Associate. A. Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Underlying Agreement or as required by law. B. Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s policies and procedures regarding minimum necessary use of PHI. C. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by Covered Entity. D. Business Associate may, if directed to do so in writing by Covered Entity, create a limited data set as defined at 45 C.F.R. § 164.514(e)(2), for use in public health, research, or health care operations. Any such limited data sets shall omit any of the identifying information listed in 45 C.F.R. § 164.514(e)(2). Business Associate will enter into a valid, HIPAA-compliant Data Use Agreement as described in 45 C.F.R. § 164.514(e)(4), with the limited data set recipient. Business Associate will report any material breach or violation of the data use agreement to Covered Entity immediately after it becomes aware of any such material breach or violation. E. Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration or legal responsibilities of the Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. F. The Business Associate shall not directly or indirectly receive remuneration in exchange for any PHI of an individual pursuant to §§ 13405(d)(1) and (2) of the HITECH Act. This prohibition does not apply to the State’s payment of Business Associate for its performance pursuant to the Underlying Agreement. G. The Business Associate shall comply with the limitations on marketing and fundraising communications provided in § 13406 of the HITECH Act in connection with any PHI of individuals.

Permitted Uses and Disclosures of Phi by Business Associate. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such uses and/or further disclosures (i) do not violate the requirements of HIPAA’s Business Associate contract standard at 45 C.F.R. § 164.504(e)(1) and/or the HITECH Act, if done by the Covered Entity, (ii) are the minimum necessary PHI to accomplish the intended purpose, or (iii) are Required By Law. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate, provided, however, that any such uses or disclosures are Required By Law, or Business Associate obtains reasonable written assurances from the person to whom the information is disclosed that (i) the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and (ii) the person immediately notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been the subject of a Breach. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity, consistent with 45 C.F.R. 164.504(e)(2)(i)(B). Business Associate may use PHI to report violations of law to appropriate federal and state authorities as required under HIPAA and/or other federal and state laws, consistent with 45 C.F.R. § 164.502(j)(1), provided that Business Associate gives Covered Entity prior written notice of its intention to report any such violation of law and the facts or circumstances related thereto, to the extent legally permissible.

Permitted Uses and Disclosures of Phi by Business Associate. Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Underlying Agreement or as required by law.

Permitted Uses and Disclosures of Phi by Business Associate a. Business Associate may use or disclose PHI as permitted by HIPAA as necessary to further the HCDS discussions between the Parties or to perform the services set forth in any future Participation Agreement between Covered Entity and Business Associate. b. Business Associate may use or disclose PHI as Required by Law. c. Business Associate agrees to make uses and disclosures and requests for PHI consistent with the minimum necessary standards at 45 CFR 164.502(b) and the Covered Entity’s policies regarding minimum necessary. d. Business Associate may not use or disclose PHI in a manner that would violate Supart E of 45 CFR Part 164 if done by the Covered Entity, except for the specific Uses and Disclosures set forth below: (1) Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. (2) Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (3) Business Associate may provide Data Aggregation services relating to the Health Care operations of the Covered Entity.

Permitted Uses and Disclosures of Phi by Business Associate. (a) Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI to perform functions, activities or services for, or on behalf of, SBBC as previously agreed to by the parties (the “Service Agreement”) provided that such use or disclosure would not violate the Privacy Rule if done by SBBC. (b) Except as otherwise limited in this Agreement, Business Associate may use PHI for the proper management and administration of Business Associate and to carry out the legal responsibilities of Business Associate. (c) Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of Business Associate and to carry out the legal responsibilities of Business Associate if: (i) such disclosure is Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that such information will remain confidential and used or further disclosed only as Required by Law or for the purposes for which it was disclosed to the person, and the person agrees to notify Business Associate of any and all instances of which it is aware that the confidentiality of the information has been breached. (d) Except as otherwise limited in this Agreement, Business Associate may use PHI to provide Data Aggregation services to SBBC as permitted by 42 C.F.R. § 164.504(e)(2)(i)(B).

Permitted Uses and Disclosures of Phi by Business Associate. A. Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Underlying Agreement or as required by law. B. Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s policies and procedures regarding minimum necessary use of PHI. C. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by Covered Entity.

Permitted Uses and Disclosures of Phi by Business Associate. Except as otherwise provided in this Agreement, Business Associate may use or disclose PHI on behalf of or to provide services to Covered Entity for the purposes specified in this Agreement, if such use or disclosure of PHI would not violate the Privacy Rule if done by Covered Entity. Unless otherwise limited herein, Business Associate may:

Permitted Uses and Disclosures of Phi by Business Associate. Permitted Uses and Disclosures. Except as otherwise indicated in this Addendum, Business Associate may use or disclose PHI only to perform functions, activities or services specified in the Agreement, for, or on behalf of CDPH, provided that such use or disclosure would not violate the HIPAA regulations, if done by CDPH. Any such use or disclosure must, to the extent practicable, be limited to the limited data set, as defined in 45 CFR section 164.514(e)(2), or, if needed, to the minimum necessary to accomplish the intended purpose of such use or disclosure, in compliance with the HITECH Act and any guidance issued pursuant to such Act, and the HIPAA regulations.