Privacy of Protected Health Information. Business Associate will develop, implement, maintain, and use appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information. The safeguards must reasonably protect Protected Health Information from any intentional or unintentional use or disclosure in violation of the Privacy Rule and limit incidental uses or disclosures made pursuant to a use or disclosure otherwise permitted by this Agreement. To the extent the parties agree that the Business Associate will carry out directly one or more of Covered Entity's obligations under the Privacy Rule, the Business Associate will comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligations.
Privacy of Protected Health Information. Business Associate shall use appropriate safeguards to prevent use or disclosure of Protected Health Information and Nonpublic Personal Financial Information not provided for by Section E. Business Associate shall report in writing to Company’s Corporate Compliance Office any use or disclosure of Protected Health Information or Nonpublic Personal Financial Information not provided for by Section E as soon as practicable but no later than five (5) days after Business Associate becomes aware of such unauthorized use or disclosure. Unless otherwise directed by Company’s Corporate Compliance Office, Business Associate shall include in the report the following:
(A) the date of the unauthorized use or disclosure;
(B) the name and (if known) address of the person or entity which received Protected Health Information pursuant to the unauthorized disclosure;
(C) a brief description of the Protected Health Information that was the subject of the unauthorized use or disclosure;
(D) a brief statement of the nature of the unauthorized use or disclosure;
(E) the name and date of birth of the individual(s) whose Protected Health Information was the subject of the unauthorized use or disclosure, and each such individual’s contract number;
(F) the corrective action that Business Associate has taken or will take to prevent further unauthorized uses or disclosures; and
(G) the steps Business Associate has taken or will take to mitigate any known harmful effects of the unauthorized use or disclosure.
Privacy of Protected Health Information. Business Associate is permitted or required to use or disclose Protected Health Information it creates or receives for or from Covered Entity or to request Protected Health Information on Covered Entity’s behalf only as follows:
Privacy of Protected Health Information. SASMI is a hybrid plan In accordance with the HIPAA Privacy Rule, to the extent HIPAA applies, the Trustees and SASMI will only disclose Protected Health Information in accordance with the following rules:
(a) Hybrid Entity. SASMI, which includes both the Active Plan and the Retiree Plan, is designated a “hybrid entity” as defined under 45 CFR §164.504. As such, the rules in subsections (b) to (n) below apply only with respect to the group health benefit operations of SASMI, directly or in relation to a Local Fund. The only benefit provided by the Active Plan that is related to heath benefits is the payment of Premiums for participants who do not work sufficient hours to maintain coverage in their Health Plans, which in itself is not a group health benefit.
Privacy of Protected Health Information a) Permitted Uses and Disclosures Business Associate is permitted to use and disclose Protected Health Information that it creates or receives on Organization’s behalf or receives from Organization (or another business associate of Organization) and to request Protected Health Information on Organization’s behalf (collectively, “Organization’s Protected Health Information”) only as follows:
i. Functions and Activities on Organization’s Behalf To perform functions, activities, services, and operations on behalf of Organization, consistent with the Privacy Rule and as specified in Agreement.
ii. Business Associate’s Operations For Business Associate’s proper management and administration or to carry out Business Associate’s legal responsibilities, provided that, with respect to disclosure of Organization’s Protected Health Information, either A) The disclosure is Required by Law; or
Privacy of Protected Health Information. Florida Blue will maintain reasonable and appropriate administrative, physical, and technical safeguards, consistent with 45 C.F.R. § 164.530(c) and any other implementing regulations issued by DHHS that are applicable to Florida Blue as GHP’s Business Associate, to protect against reasonably anticipated threats or hazards to and to ensure the security and integrity of Protected Health Information, to protect against reasonably anticipated unauthorized use or disclosure of Protected Health Information, and to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure in violation of this Addendum.
Privacy of Protected Health Information. In accordance with the HIPAA Privacy Rule in 45 C.F.R. Part 160 and Subparts A and E of Part 164, the Trustees and SASMI will only disclose Protected Health Information in accordance with the following rules:
Privacy of Protected Health Information. Health Logix and Customer recognize and acknowledge that in order to conduct their mutual business, Customer may need to disclose to Health Logix protected health information (“PHI”) for individual patients. PHI refers to any information, whether oral or recorded in any form, that is created or received by Customer and/or Health Logix, and which relates to the past, present or future physical or mental health or condition, treatment or payment of health care to an individual. It is understood and agreed by the parties that PHI is covered by various state and federal regulations, including the Health Insurance Portability and Accountability Act of 1996, 104 P.L. 191 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Rules”). In connection with Health Logix use and disclosure of PHI, Health Logix agrees that it will:
5.3.1. Not use or further disclose PHI other than for the purpose for which it was provided or as permitted or required by law or by this Agreement;
5.3.2. Use appropriate safeguards to prevent the use or disclosure of PHI other than as provided in this Agreement without limiting the foregoing, Health Logix will (i) implement administrative, physical and technical safeguards that reasonably protect the confidentiality, integrity and availability of “Electronic Protected Health Information” (as defined in 45 CFR 160.103) that Health Logix creates, receives, maintains, or transmits on behalf of Customer as required by Subpart C of 45 CFR 164; (ii) ensure that any agent, including a subcontractor, to whom it provides Electronic Protected Health Information agrees to implement reasonable and appropriate safeguards to protect the Electronic Protected Health Information and (iii) report to Customer any security incident of which Health Logix becomes aware as required by the Privacy Rules;
5.3.3. Report to Customer any use or disclosure of PHI that is not authorized by this Agreement, of which Health Logix becomes aware, as required by applicable law;
5.3.4. Ensure that any agents, including a subcontractor, to whom Health Logix provides PHI received from, or created or received by Health Logix on behalf of Customer, agrees to the same restrictions and conditions that apply to Health Logix pursuant to this Agreement with respect to such information;
5.3.5. Make available PHI in accordance with applicable law;
5.3.6. Make available PHI for amendment and i...
Privacy of Protected Health Information. A. Company agrees to use and disclose the minimum necessary PHI and NPFI (or a limited Data Set, if practicable) it creates or receives for or from Covered Entity only as permitted by the Privacy Rule, as expressly permitted by this Exhibit, and only as necessary to perform functions, activities or services for, or on behalf of, Covered Entity as specified in the Agreement. Company is prohibited from using or disclosing PHI and NPFI in its possession, except as permitted or required by this Exhibit, or as required by law, the Agreement, or as otherwise expressly permitted in writing by Covered Entity.
B. Company will disclose PHI and NPFI for the purposes authorized by this Exhibit only
1. To its employees
2. To its Subcontractors, only in accordance with paragraph F of this Section 2 3. As directed by Covered Entity in writing
4. As otherwise permitted by the terms of this Exhibit, or
Privacy of Protected Health Information. Business Associate will develop, implement, maintain, and use appropriate administrative, technical, and physical safeguards to protect the privacy of PHI. The safeguards must reasonably protect PHI from any intentional or unintentional use or disclosure in violation of the Privacy Rule and limit incidental uses or disclosures made pursuant to a use or disclosure otherwise permitted by this Agreement. To the extent the parties agree that the Business Associate will carry out directly one or more of Covered Entity’s obligations under the Privacy Rule, the Business Associate will comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligations.
