Use and Disclosure All Confidential Information of a party will be held in confidence by the other party with at least the same degree of care as such party protects its own confidential or proprietary information of like kind and import, but not less than a reasonable degree of care. Neither party will disclose in any manner Confidential Information of the other party in any form to any person or entity without the other party’s prior consent. However, each party may disclose relevant aspects of the other party’s Confidential Information to its officers, affiliates, agents, subcontractors and employees to the extent reasonably necessary to perform its duties and obligations under this Agreement and such disclosure is not prohibited by applicable law. Without limiting the foregoing, each party will implement physical and other security measures and controls designed to protect (a) the security and confidentiality of Confidential Information; (b) against any threats or hazards to the security and integrity of Confidential Information; and (c) against any unauthorized access to or use of Confidential Information. To the extent that a party delegates any duties and responsibilities under this Agreement to an agent or other subcontractor, the party ensures that such agent and subcontractor are contractually bound to confidentiality terms consistent with the terms of this Section 11.
CERTIFICATION AND DISCLOSURE REGARDING PAYMENTS TO INFLUENCE CERTAIN FEDERAL TRANSACTIONS (SEP 2007). This clause applies only if this contract exceeds (i) $100,000 if included in
General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
Specific Use and Disclosure Provisions (A) Except as otherwise limited in this Section of the Contract, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate.
(B) Except as otherwise limited in this Section of the Contract, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(C) Except as otherwise limited in this Section of the Contract, Business Associate may use PHI to provide data aggregation services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B).
Permitted Uses and Disclosures i. Business Associate shall use and disclose PHI only to accomplish Business Associate’s obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements of Subpart E that apply to Covered Entity in the performance of such obligation.
ii. Business Associate may disclose PHI to carry out the legal responsibilities of Business Associate, provided, that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required by Law or for the purpose for which Business Associate originally disclosed the information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity. Business Associate may de-identify any or all PHI created or received by Business Associate under this Agreement, provided the de-identification conforms to the requirements of the HIPAA Rules.
Permitted Uses and Disclosures of PHI and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
