Provider Duties. In addition to its other obligations with respect to BFA Confidential Information, Provider will:
Provider Duties. Your provider will maintain the privacy of PHI and give you a notice of practices with respect to PHI. • Your provider reserves the right to change the privacy policies and practices described in this notice. Unless Your provider notifies you of such changes, however, he is required to abide by the terms currently in effect. • If your provider revises his policies and procedures, you will be sent a notice by mail.
Provider Duties. Provider will: (a) not use or disclose Customer PHI except (i) as required or permitted by law; (ii) as permitted under the terms of the Agreement or any permission of Customer under the Agreement; or (iii) as incidental under HIPAA to another permitted use or disclosure; (b) use reasonable and appropriate safeguards to prevent use or disclosure of Customer PHI other than as provided in the Agreement; (c) implement administrative, physical, and technical standards in accordance with the Security Rule to protect the confidentiality, integrity, and availability of Customer PHI in electronic form ("EPHI"); (d) mitigate, to the extent practicable, any harmful effect of a use or disclosure of Customer PHI by Provider that is known to Provider to violate the requirements of the Agreement; (e) limit its request for Customer PHI to the minimum amount necessary to accomplish the intended purpose of requests for, and uses and disclosures of, Customer PHI in accordance with 45 C.F.R. 502(b)(1); (f) report to Customer as soon as practicable and as required by HIPAA and the HITECH Act any known use or disclosure of Customer PHI by Provider not as provided by the Agreement and any "Security Incident" with respect to Customer EPHI as defined in the Security Rule. Additionally, Provider will notify Customer of any Breach of Unsecured PHI, and such notification shall be made without unreasonable delay following the date of discovery to enable Customer to comply with the Breach disclosure requirements under the HITECH Act. Provider shall include within such notice identification, to the extent possible, of each Individual whose Unsecured PHI has been, or is reasonably believed by Provider to have been, accessed, used, or disclosed through the Breach and any other valuable information known to Provider that Customer is required to include in its notice to affected Individuals. The reporting requirement set forth hereunder shall include, without limitation, disclosures that Provider is aware of that would need to be included in Customer's Accounting of Disclosures under HIPAA and/or HITECH Act, provided that Provider is required by HIPAA and the HITECH Act as a Business Associate of Customer to include such disclosures; (g) require any agent, including a subcontractor, under the Agreement that creates, receives, maintains, or transmits Customer PHI on behalf of Provider to agree in writing to substantially the same restrictions and conditions with respect to Customer PHI and ...
Provider Duties. The Provider agrees:
Provider Duties. The Provider shall:
Provider Duties. Provider agrees that:
Provider Duties
