Protection of Phi by Business Associate Sample Clauses

Protection of Phi by Business Associate. Business Associate shall: Not use or disclose PHI other than as permitted or required by this Agreement, any underlying agreement between the parties, or as Required By Law. Make reasonable efforts to limit requests for and the use and disclosure of PHI to a Limited Data Set (as defined in 45 C.F.R. § 164.514(e)(2)) or to the Minimum Necessary PHI (as defined in 45 C.F.R. § 164.514(d)) to accomplish the intended purpose of such use, disclosure or request. Use appropriate, commercially reasonable safeguards to prevent the use or disclosure of PHI other than those uses or disclosures provided for by this Agreement and comply with the Security Rule with respect to ePHI. Develop and implement administrative, physical and technical safeguards, at its expense, as may be required from time to time to maintain compliance with HIPAA and HITECH and to reasonably and appropriately protect the confidentiality, integrity and availability of ePHI that it creates, receives, maintains or transmits on behalf of Covered Entity and to prevent non-permitted or violating Uses or Disclosures of ePHI. Mitigate, to the extent practicable, any harmful effect of an unauthorized use or disclosure of PHI by Business Associate, or a subcontractor, vendor, or agent of Business Associate, in violation of the requirements of this Agreement. Report without unreasonable delay and in no event later than three (3) business days, to the designated privacy officer of Covered Entity any Security Incident Business Associate Discovers. Notify the designated privacy officer of Covered Entity after Business Associate’s Discovery of a Breach without unreasonable delay, and in no event later than three (3) business days after Business Associate, or any of its employees or agents, Discovered the Breach. Such notification shall include, to the extent possible, the identification of each Individual whose PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, or disclosed during the Breach and any other information available to Business Associate about the Breach which is required to be included in the notification of the Breach provided to the Individual in accordance with 45 C.F.R. §164.404(c). Business Associate will notify Covered Entity prior to any communication with Individuals affected by any Breach. If Business Associate (or one of its subcontractors, vendors or agents) is responsible for a Breach, Covered Entity may, at its option, require Business...
Sample 1
AutoNDA by SimpleDocs
Protection of Phi by Business Associate. With regard to its use and/or disclosure of PHI, Business Associate shall: (1) Not use or further disclose PHI other than as permitted or required by this Agreement or as required by law. Notwithstanding anything contained in this Agreement or any other agreement or understanding between Customer and Business Associate to the contrary, Business Associate shall not further disclose PHI to any third party for purposes other than "treatment," "payment" or "health care operations," as those terms are used and defined within the Privacy Rule, without the prior, written consent of Customer. To the extent Customer’s written consent is given to make such disclosures, Business Associate shall: (a) Maintain records of each such disclosure containing, at a minimum, the following information: (i) the date of the disclosure; (ii) the name of the entity or person who received the PHI and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure; and (b) Provide, upon request, to Customer or to the individual to whom the PHI relates an accounting of all such disclosures in accordance with 45 C.F.R. § 164.528 and Section 13405(c) of the HITECH Act. Business Associate shall notify Customer promptly, and in any event, within ten (10) days of a receipt of any request for an accounting of disclosures by an Individual. In the event Business Associate discloses PHI to any third party for purposes other than "treatment", "payment" or "health care operations," as those terms are used and defined within the Privacy Rule, Business Associate shall provide prompt notice of the date and purpose of such disclosure as well as the name and address of the recipient, which notice shall be sent to Customer at address provided in Service Agreement; (2) Use appropriate, commercially reasonable safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement; (3) Report to the Customer any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including without limitation, any disclosure of PHI to any unauthorized subcontractor, within ten (10) days of its discovery; (4) report any Breach of Unsecured Protected Health Information of which Business Associate becomes aware in writing to Customer without unreasonable delay, and in no event more than ten (10) days following discovery of the Breach, with such report to include such information...
Sample 1
Protection of Phi by Business Associate. Business Associate shall: A. Not use or disclose PHI other than as permitted or required by this Agreement, any underlying agreement between the parties, or as Required By Law. B. Make reasonable efforts to limit requests for and the use and disclosure of PHI to a Limited Data Set (as defined in 45 C.F.R. § 164.514(e)(2)) or to the Minimum Necessary PHI (as defined in 45 C.F.R. § 164.514(d)) to accomplish the intended purpose of such use, disclosure or request. C. Use appropriate, commercially reasonable safeguards to prevent the use or disclosure of PHI other than those uses or disclosures provided for by this Agreement and comply with the Security Rule with respect to ePHI. D. Develop and implement administrative, physical and technical safeguards, at its expense, as may be required from time to time to maintain compliance with HIPAA and HITECH and to reasonably and appropriately protect the confidentiality, integrity and availability of ePHI that it creates, receives, maintains or transmits on behalf of Covered Entity and to prevent non-permitted or violating Uses or Disclosures of ePHI.
Sample 1
Protection of Phi by Business Associate. Business Associate shall: A. Not use or disclose PHI other than as permitted or required by this Agreement, any underlying agreement between the parties, or as Required By Law. B. Make reasonable efforts to limit requests for and the use and disclosure of PHI to a Limited Data Set (as defined in 45 C.F.R. § 164.514(e)(2)) or to the Minimum Necessary PHI to accomplish the intended purpose of such use, disclosure or request. C. Use appropriate, commercially reasonable safeguards to prevent the use or disclosure of PHI other than those uses or disclosures provided for by this Agreement and comply with the Security Rule with respect to ePHI. D. Develop and implement administrative, physical and technical safeguards, at its expense, as may be required from time to time to maintain compliance with HIPAA and HITECH and to reasonably and appropriately protect the confidentiality, integrity and availability of ePHI that it creates, receives, maintains or transmits on behalf of Covered Entity and to prevent non-permitted or violating Uses or Disclosures of ePHI.
Sample 1
Protection of Phi by Business Associate 
Sample 1Sample 2Sample 3See All (19)

Related to Protection of Phi by Business Associate

  • Business Associate “Business Associate” shall have the same meaning as the term “business associate” at 45 C.F.R. 160.103, and shall refer to Contractor.

  • Permitted Uses and Disclosures of Phi by Business Associate Except as otherwise indicated in this Agreement, Business Associate may use or disclose PHI, inclusive of de-identified data derived from such PHI, only to perform functions, activities or services specified in this Agreement on behalf of DHCS, provided that such use or disclosure would not violate HIPAA or other applicable laws if done by DHCS.

  • Permitted Uses and Disclosure by Business Associate (1) General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.

  • Permitted Uses and Disclosures by Business Associate Except as otherwise limited by this Agreement, Business Associate may make any uses and disclosures of Protected Health Information necessary to perform its services to Covered Entity and otherwise meet its obligations under this Agreement, if such use or disclosure would not violate the Privacy Rule if done by Covered Entity. All other uses or disclosures by Business Associate not authorized by this Agreement or by specific instruction of Covered Entity are prohibited.

  • Business Associate Contract GENERAL PROVISIONS AND RECITALS

  • Business Associate Agreement This Agreement may require the exchange of information covered by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). A Business Associate Agreement (“BAA”) executed by the Parties is attached as Appendix [Letter C/D/E etc.].

  • Protection of Personal Information Party agrees to comply with all applicable state and federal statutes to assure protection and security of personal information, or of any personally identifiable information (PII), including the Security Breach Notice Act, 9 V.S.A. § 2435, the Social Security Number Protection Act, 9 V.S.A. § 2440, the Document Safe Destruction Act, 9 V.S.A. § 2445 and 45 CFR 155.260. As used here, PII shall include any information, in any medium, including electronic, which can be used to distinguish or trace an individual’s identity, such as his/her name, social security number, biometric records, etc., either alone or when combined with any other personal or identifiable information that is linked or linkable to a specific person, such as date and place or birth, mother’s maiden name, etc.

  • Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that: a) they process data only for the express purpose for which it was obtained; b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form; c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement; d) they do not disclose personal data of the other Party, other than in terms of this Agreement; e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use; f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement; g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access. 25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing. 25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data. 25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it. 25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented. 25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.

  • Responsibilities of Business Associate Business Associate agrees:

  • Protection of PFPC PFPC shall be indemnified by the Fund and without liability for any action PFPC takes or does not take in reliance upon directions or advice or Oral Instructions or Written Instructions PFPC receives from or on behalf of the Fund or from counsel and which PFPC believes, in good faith, to be consistent with those directions or advice and Oral Instructions or Written Instructions. Nothing in this section shall be construed so as to impose an obligation upon PFPC (i) to seek such directions or advice or Oral Instructions or Written Instructions, or (ii) to act in accordance with such directions or advice or Oral Instructions or Written Instructions.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!