Common use of Permitted Uses and Disclosures under HIPAA and the HITECH Act Clause in Contracts

Permitted Uses and Disclosures under HIPAA and the HITECH Act. From time to time during the course of this HIPAA Agreement, BCBSRI may receive or create PHI on behalf of the Plan. (a) With respect to its Use and Disclosure of the Plan’s PHI, BCBSRI agrees to comply with any applicable Business Associate requirements under HIPAA and the HIPAA Regulations. Employer agrees, as plan sponsor and plan administrator, that Employer and Plan will fully comply with each of Employer and Plan’s respective obligations, under HIPAA and the HIPAA Regulations. (b) The Plan’s PHI. With respect to the Plan’s PHI, BCBSRI may: 1. Use and Disclose the Plan’s PHI for the performance of Services by BCBSRI and/or TPA under the Ancillary Services Agreement, including Disclosure to and Use by TPA, and including reviewing and evaluating information collected from BCBSRI internal systems, and providing an eligibility feed based on that data to TPA in order to enroll Covered Individuals into the Plans; 2. Disclose the Plan’s PHI to Employer subject to the provisions of Section VI.A below and the limitations set forth in the Employer Certification (as that term is defined in Section VI.A below) for the purpose of performing plan administrative functions (as that term is defined in the HIPAA Regulations); 3. Use and Disclose the Plan’s PHI for BCBSRI’s proper management and administration or to carry out BA’s legal responsibilities, provided that, with respect to Disclosure of Plan’s PHI, either: a. The Disclosure is Required by Law; or b. BCBSRI will require any third party, including vendors and agents to which BCBSRI Discloses Plan’s PHI, to provide reasonable assurance evidenced by written contract, that such vendor or agent will: i. Hold Plan’s PHI in confidence and Use or further Disclose Plan’s PHI only for the purpose for which BCBSRI Disclosed Plan’s PHI to the person or entity or as Required by Law; and ii. Promptly notify BCBSRI (who will in turn notify Employer in accordance with Section 8.5 of this HIPAA Agreement) of any instance of which the person or entity becomes aware in which the confidentiality of Plan’s PHI was breached. 4. Use and Disclose the Plan’s PHI in its capacity as a business associate of Plan to provide Data Aggregation services relating to the Health Care Operations of the Plan.

Permitted Uses and Disclosures under HIPAA and the HITECH Act. From time to time during the course of this HIPAA Agreement, BCBSRI may receive or create PHI on behalf of the Plan. (a) With respect to its Use and Disclosure of the Plan’s PHI, BCBSRI agrees to comply with any applicable Business Associate requirements under HIPAA and the HIPAA Regulations. Employer agrees, as plan sponsor and plan administrator, that Employer and Plan will fully comply with each of Employer and Plan’s respective obligations, under HIPAA and the HIPAA Regulations. (b) The Plan’s PHI. With respect to the Plan’s PHI, BCBSRI may: 1. Use and Disclose the Plan’s PHI for the performance of Services by BCBSRI and/or TPA under the Ancillary Services Agreement, including Disclosure to and Use by TPA, and including reviewing and evaluating information collected from BCBSRI internal systems, and providing an eligibility feed based on that data to TPA in order to enroll Covered Individuals into the Plans; 2. Disclose the Plan’s PHI to Employer subject to the provisions of Section VI.A 8.6(a) below and the limitations set forth in the Employer Certification (as that term is defined in Section VI.A 8.7(a) below) for the purpose of performing plan administrative functions (as that term is defined in the HIPAA Regulations); 3. Use and Disclose the Plan’s PHI for BCBSRI’s proper management and administration or to carry out BA’s legal responsibilities, provided that, with respect to Disclosure of Plan’s PHI, either: a. The Disclosure is Required by Law; or b. BCBSRI will require any third party, including vendors and agents to which BCBSRI Discloses Plan’s PHI, to provide reasonable assurance evidenced by written contract, that such vendor or agent will: i. Hold Plan’s PHI in confidence and Use or further Disclose Plan’s PHI only for the purpose for which BCBSRI Disclosed Plan’s PHI to the person or entity or as Required by Law; and ii. Promptly notify BCBSRI (who will in turn notify Employer in accordance with Section 8.5 of this HIPAA Agreement) of any instance of which the person or entity becomes aware in which the confidentiality of Plan’s PHI was breached. 4. Use and Disclose the Plan’s PHI in its capacity as a business associate of Plan to provide Data Aggregation services relating to the Health Care Operations of the Plan.