Common use of Permitted Uses and Disclosures of Phi by Business Associate Clause in Contracts

Permitted Uses and Disclosures of Phi by Business Associate. a. Business Associate may use or disclose PHI as permitted by HIPAA as necessary to further the HCDS discussions between the Parties or to perform the services set forth in any future Participation Agreement between Covered Entity and Business Associate. b. Business Associate may use or disclose PHI as Required by Law. c. Business Associate agrees to make uses and disclosures and requests for PHI consistent with the minimum necessary standards at 45 CFR 164.502(b) and the Covered Entity’s policies regarding minimum necessary. d. Business Associate may not use or disclose PHI in a manner that would violate Supart E of 45 CFR Part 164 if done by the Covered Entity, except for the specific Uses and Disclosures set forth below: (1) Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. (2) Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (3) Business Associate may provide Data Aggregation services relating to the Health Care operations of the Covered Entity.

Permitted Uses and Disclosures of Phi by Business Associate. a. Except as otherwise limited in this Agreement, Business Associate may use or disclose de-identified PHI for purposes of evaluation and analysis in determining appropriate and mutually agreed-upon scientific research and/or educational training and related studies, as permitted approved by HIPAA as necessary to further the HCDS discussions between the Parties or to perform the services set forth in any future Participation Agreement between Covered Entity and Business Associate. b. Entity. Business Associate may use the de-identified PHI only in accordance with the purposes and procedures set forth in an approved study protocol, its internal policies and, for funded research, as outlined in any subsequent, separately executed Research Agreement, provided that such use or disclose PHI disclosure would not violate the Privacy Rule if done by Covered Entity. Any such use or disclosure shall be limited to those reasons and those individuals as Required by Law. c. necessary to meet the Business Associate’s obligations under the Research Agreement. In all circumstances, Business Associate agrees to make shall limit such uses and disclosures and requests for PHI consistent with to the minimum amount of de-identified PHI that is necessary standards at 45 CFR 164.502(b) and the Covered Entity’s policies regarding minimum necessary. d. Business Associate may not use or disclose PHI in a manner that would violate Supart E of 45 CFR Part 164 if done by the Covered Entity, except for the specific to fulfill those obligations. Uses and Disclosures set forth below: (1) of PHI for Management, Administration, and Legal Responsibilities. Business Associate may use PHI PHI, if necessary, for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. (2) . If Business Associate provides Data Aggregation services, Business Associate may use PHI to provide Data Aggregation services to Covered Entity as permitted by 42 CFR § 164.504(e)(2)(i)(B), except as otherwise provided by this Agreement. Business Associate may disclose PHI PHI, if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that disclosures are required provided: The disclosure is Required by law, Law and approved by authorized officials of Business Associate; or Business Associate obtains reasonable proper written assurances from the person to whom the information PHI is disclosed that it will remain confidential and will be used or further disclosed only as required Required by law Law or for the purpose for which it was disclosed to the person, and the person promptly notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information PHI has been breached. Obligations of Business Associate. (3) Business Associate may provide Data Aggregation services relating to the Health Care operations of the Covered Entity.

Permitted Uses and Disclosures of Phi by Business Associate. a. Business Associate may use Use or disclose Disclose PHI as permitted by HIPAA as necessary to further the HCDS discussions between the Parties or to perform the services set forth in any future the Participation Agreement between Covered Entity Participant and Business Associate. b. Business Associate may use Use or disclose Disclose PHI as Required by Law. c. Business Associate agrees to make uses Uses and disclosures Disclosures and requests for PHI consistent with the minimum necessary standards at 45 CFR 164.502(b) and the Covered Entity’s any policies provided to it by Participant regarding minimum necessary. d. Business Associate may not use Use or disclose Disclose PHI in a manner that would violate Supart Subpart E of 45 CFR Part 164 if done by the applicable Covered Entity, except for the specific Uses and Disclosures set forth below: (1) Business Associate may use Use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. (2) Business Associate may disclose Disclose PHI for the proper management and administration of Business Associate, provided that disclosures Disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (3) Business Associate may provide Data Aggregation services relating to the Health Care operations of the applicable Covered Entity. (4) Business Associate may de-identify any and all PHI provided that the information is de-identified in accordance with HIPAA standards. De-identified information does not constitute PHI and is not subject to the terms and conditions of this Addendum, provided, however that such de-identified information may not be used for commercial purposes or shared with third parties.

Permitted Uses and Disclosures of Phi by Business Associate. a. Except as otherwise provided in this Agreement, Business Associate may use or disclose PHI as permitted by HIPAA as necessary to further the HCDS discussions between the Parties on behalf of or to perform the provide services set forth in any future Participation Agreement between to Covered Entity and Business Associate. b. Business Associate may for the purposes specified in this Agreement, if such use or disclose disclosure of PHI as Required by Law. c. Business Associate agrees to make uses and disclosures and requests for PHI consistent with would not violate the minimum necessary standards at 45 CFR 164.502(b) and the Covered Entity’s policies regarding minimum necessary. d. Business Associate may not use or disclose PHI in a manner that would violate Supart E of 45 CFR Part 164 Privacy Rule if done by the Covered Entity. Unless otherwise limited herein, except for the specific Uses and Disclosures set forth belowBusiness Associate may: (1) Business Associate may i. use PHI for the its proper management and administration of the Business Associate or to carry out the fulfill any present or future legal responsibilities of the Business Associate.; (2) Business Associate may ii. disclose PHI for the its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that that; (i) the disclosures are required by law, ; or (ii) Business Associate obtains reasonable assurances from the any person to whom the information PHI is disclosed that it such PHI will remain be kept confidential and will be used or further disclosed only as required Required by law Law or for the purpose purpose(s) for which it was disclosed to the person, and the person notifies the commits to notifying Business Associate of any instances of which it is aware in which the confidentiality of the information PHI has been breached.; (3) iii. disclose PHI to report violations of law to appropriate federal and state authorities; or iv. aggregate the PHI with other data in its possession for purposes of Covered Entity’s Health Care Operations; v. make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures; vi. de-identify any and all PHI obtained by Business Associate may provide Data Aggregation services relating to under this BAA, and use such de-identified data, all in accordance with the Health Care operations de-identification requirements of the Covered EntityPrivacy Rule [45 C.F.R. § (d)(1)].

Permitted Uses and Disclosures of Phi by Business Associate. a. (a) General Use and Disclosure Provisions Except as otherwise limited in this Addendum, Business Associate may use Use or disclose Disclose PHI as permitted by HIPAA as necessary to further the HCDS discussions between the Parties obtained from or on behalf of Covered Entity to perform the functions, activities, or services set forth in any future Participation Agreement between Covered Entity and Business Associate. b. Business Associate may use for, or disclose PHI as Required by Law. c. Business Associate agrees to make uses and disclosures and requests for PHI consistent with the minimum necessary standards at 45 CFR 164.502(b) and the Covered Entity’s policies regarding minimum necessary. d. Business Associate may not use or disclose PHI in a manner that would violate Supart E of 45 CFR Part 164 if done by the on behalf of, Covered Entity, except for provided that such Use or Disclosure complies with HIPAA. Business Associate acknowledges and agrees that it acquires no title or rights to the specific Uses PHI, including any de-identified information, as a result of this Addendum. (b) Specific Use and Disclosures set forth below:Disclosure Provisions (1) Business Associate may use only Use or Disclose PHI as necessary to perform functions, activities, or services for, or on behalf of, Covered Entity to fulfill its obligations under the Underlying Agreement, provided that such Use or Disclosure would not violate the Privacy Rule or Security Rule if done by the Covered Entity. (2) Business Associate agrees to make Uses and Disclosures and requests for PHI consistent with Covered Entity’s Minimum Necessary policies and procedures. (3) Business Associate may Use and disclose PHI for the proper and necessary management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. (2) Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that disclosures that, as to any such Disclosure, the following requirements are met: (i) the Disclosure is required by law, or ; or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (34) Except as otherwise limited in this Addendum, Business Associate may Use PHI to provide Data Aggregation services to Covered Entity, relating to the Health Care operations Operations of the Covered Entity. (5) If the Underlying Agreement permits or requires Business Associate to Use de-identified PHI, the PHI must be de-identified in accordance with 45 CFR 164.514 (a)-(c).