Responsibilities of Business Associate Sample Clauses

Responsibilities of Business Associate. Business Associate agrees:

Responsibilities of Business Associate. With regard to its use and/or disclosure of PHI, Business Associate shall: (a) use and/or disclose the PHI only as permitted or required by this Agreement or as otherwise required by law; (b) report to the privacy officer of Covered Entity, in writing, any use and/or disclosure of the PHI that is not permitted or required by this Agreement of which Business Associate becomes aware, within fifteen (15) business days of Business Associate's determination of the occurrence of such unauthorized use and/or disclosure; (c) use commercially reasonable efforts to maintain the security of the PHI and to prevent use and/or disclosure of such PHI other than as provided herein; (d) require all of its subcontractors and agents that receive, use, or have access to, PHI to agree to adhere to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate pursuant to this Agreement; (e) upon fifteen (15) business days' prior written request, make available all internal practices, records, books, agreements, policies and procedures and PHI relating to the use and/or disclosure of PHI to the Secretary for purposes of determining Covered Entity's compliance with the Privacy Rule; (f) document disclosures of PHI and information related to such disclosure and, within fifteen (15) business days of receiving a written request from Covered Entity, provide to Covered Entity such information as is requested by Covered Entity to permit Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual's PHI in accordance with 45 C.F.R. § 164.528; (g) subject to Section 4.4 below, return to Covered Entity within twenty-one (21) business days of the termination of this Agreement, the PHI in its possession and retain no copies, including backup copies; (h) disclose to its subcontractors, agents or other third parties, and request from Covered Entity, only the minimum PHI necessary to perform or fulfill a specific function required or permitted hereunder; and (i) if all or any portion of the PHI is maintained in a Designated Record Set: (i) upon fifteen (15) business days' prior written request from Covered Entity, provide access to the PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, the individual to whom such PHI relates or his or her authorized representative to meet a request by such individual under 45 C.F.R. § 164.524; and (ii) upon fifteen (15) business days' ...

Responsibilities of Business Associate. A. Business Associate shall provide relevant training on HIPAA and the requirements of this agreement to all persons accessing PHI or ePHI. The training materials and records shall be provided to the covered entity upon request. B. Business Associate shall implement and use appropriate Technical, Physical and Administrative Safeguards to reasonably and appropriately protect the Confidentiality, Integrity and Availability of PHI and to prevent Use or Disclosure of PHI, other than as permitted by this BAA. C. Business Associate shall, within the earlier of the Compliance Date or 90-days from the Effective Date, comply with all applicable provisions of the Security Rule. The Business Associate shall conduct a risk assessment to evaluate compliance with the Security Rule and shall, at the request of the Covered Entity, provide a written attestation acknowledging completion and communicating the results of the risk assessment. D. Business Associate shall Encrypt all transmissions of ePHI and all portable media or storage devices on which ePHI may be stored, including laptops, back-up media, CDs, or USB drives. E. Within 30-days after receiving a written request from Covered Entity, make available information necessary for Covered Entity to make an accounting of disclosures of PHI about an Individual, as provided in 45 C.F.R. § 164.528; and in accordance with 42 U.S.C. § 17935(c) and its implementing regulations as of the Compliance Date, make that accounting directly to the Individual if directed to do so by Covered Entity. F. At the request of Covered Entity and in the time, manner, and form designated by Covered Entity, not to exceed 15-days, provide access to PHI in a Designated Record Set to Covered Entity or, if directed by Covered Entity, to an Individual or to a recipient designated by the Individual, in accordance with the requirements of 45 C.F.R. § 164.524. Business Associate shall not charge Covered Entity or any Individual any fee associated with the production of PHI in accordance with this section that exceeds fees described at 45 C.F.R. § 164.524. G. Make available PHI in a Designated Record Set, no more than 30-days following receipt of a written request by Covered Entity, PHI for amendment and incorporate any amendments to the PHI as directed by Covered Entity, all in accordance with 45 C.F.R. § 164.526. H. Business Associate shall notify Covered Entity, in writing, no more than 3-days following Business Associate’s receipt directly from an Ind...

Responsibilities of Business Associate. 2.1 With regard to its use and/or disclosure of PHI, Business Associate agrees to: (a) use and/or disclose PHI only as necessary to provide the Services, specifically as permitted or required by this B.A. Agreement and in compliance with each applicable requirement of 45 C.F.R. § 164.504(e) or as otherwise Required by Law; (b) implement and use appropriate technical, physical and administrative safeguards to (i) prevent use or disclosure of PHI other than as permitted or required by this B.A. Agreement; (ii) reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, maintains, or transmits on behalf of the Covered Entity; and (iii) as of the Compliance Date of 42 U.S.C. § 17931, comply with the requirements set forth in 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316; (c) promptly report to Covered Entity: (i) any use or disclosure of PHI of which it becomes aware that is not permitted by this B.A. Agreement; and/or (ii) any Security Incident of which Business Associate becomes aware; (d) without unreasonable delay and in no case later than sixty (60) calendar days after discovery, Business Associate shall notify Covered Entity of a Breach of any Unsecured PHI all in accordance with 42 U.S.C. § 17932(b) as of its Compliance Date; (e) require all of its subcontractors and agents that create, receive, maintain, or transmit PHI to agree, in writing, to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate; to the extent that Business Associate provides ePHI to a subcontractor or agent, it shall require the subcontractor or agent to implement reasonable and appropriate safeguards to protect the ePHI;‌ (f) make available its internal practices, books, and records relating to the use and disclosure of PHI to the Secretary for purposes of determining Covered Entity’s compliance with the Privacy Rule; (g) within thirty (30) days after receiving a written request from Covered Entity, make available information necessary for Covered Entity to make an accounting of disclosures of PHI about an Individual as provided in 45 C.F.R. § 164.528 and, as of its Compliance Date, in accordance with 42 U.S.C. 17935(c), and when directed by Covered Entity, make that accounting directly to the Individual; (h) mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate that is not permitte...

Responsibilities of Business Associate. With regard to the use and/or disclosure of Protected Health Information, Business Associate agrees: 4.1 not to use and/or disclose Protected Health Information other than as permitted or required by the Business Relationship or this BA Agreement or as Required by Law; 4.2 to use appropriate safeguards to prevent the use and/or disclosure of Protected Health Information other than as provided for by the Business Relationship or this BA Agreement; 4.3 to protect any Protected Health Information taken off-site from COUNTY from disclosure to others, and to return all Protected Health Information in any form to COUNTY or destroy such Protected Health Information in a manner that renders it unreadable and unusable by anyone else, if COUNTY agrees to the destruction; 4.4 to comply with the Security Rule provisions set forth in 45 CFR Part 164, Subpart C, including provisions relating to Security Standards General Rules (45 CFR § 164.306), Administrative Safeguards (45 CFR § 164.308), Physical Safeguards (45 CFR § 164.310), Technical Safeguards (45 CFR § 164.312), Organizational Requirements (45 CFR § 164.314) and Policies and Documentation (45 CFR § 164.316), and to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information Business Associate creates, receives, maintains, or transmits on behalf of COUNTY. 4.5 to report to COUNTY any Security Incident of which it becomes aware within 2 business days, and to report any potential Breach of Unsecured Protected Health Information within 2 business days of discovery. Any such report shall include the identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been accessed, acquired, used or disclosed during any such Security Incident or potential Breach. Any such report shall also include all other information known to Business Associate at the time of the report (such as the type of Protected Health Information involved in the event, the nature of the information, etc.) or promptly thereafter as such other information becomes available; 4.6 to notify COUNTY in writing within 2 business days of any use and/or disclosure of Protected Health Information that is not provided for by the Business Relationship or this BA Agreement; 4.7 to mitigate, to the extent practicable, any harmful effect that is ...

Responsibilities of Business Associate. The Business Associate agrees to comply with all applicable requirements of HIPAA's Privacy and Security Rules, Health Information Technology for Economic and Clinical Health Act HITECH Act and 2013 Omnibus Rule. With regard to its use and disclosure of PHI, the Business Associate agrees to do the following: a. Use and/or disclose the PHI only as permitted or required by this Agreement or as otherwise required by law; b. Report to the designated privacy officer of the Covered Entity, by fax or electronic mail, any use or disclosure or security incident with PHI (electronic or other format) that is not permitted or required by the Privacy Rule or this Agreement. Notification by the Business Associate to the covered Entity must be made as soon as possible, but not more than 60 calendar days from the discovery of a breach by the Business Associate. If available, information regarding the breach shall include: i. A brief description of what happened, including the date of the breach (if known) and the date of discovery of the breach; ii. A description of the types of unsecured PHI that were involved in the breach (i.e., full name, social security number, date of birth, home address, account number, diagnosis, disability code, and other types of PHI). Note: list only the types of PHI, not the actual individual's information; iii. Any steps an individual should take to protect themselves from potential harm resulting from the breach (i.e.recommendations for an individual to contact credit bureaus, and how to make contact if credit card i nformation was involved); iv. A brief description of what the Business Associate is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches, including the imposition of employee sanctions, if appropriate; and v. Business Associate contact information for the practice's compliance officer to ask questions or learn additional information; vi. Required breach notifications will be sent to affected individuals by the Covered Entity. c. Use commercially reasonable efforts to maintain the security of PHI and to prevent unauthorized use and/or disclosure of such information, including the implementation of administrative, physical, and technical safeguards to protect EPHI, and must require subcontractors to implement reasonable and appropriate safeguards to protect EPHI; d. Require all of its employees, representatives, subcontractors, or agents that receive or use or have access to...

Responsibilities of Business Associate. Regarding the use or disclosure of PHI and PI, Business Associate agrees to: 4.2.1 Only use or further disclose the PHI and PI as allowable under this Agreement or applicable law. 4.2.2 Only use or further disclosure PHI and PI in a manner that would not violate the HIPAA Privacy and Security Rules if done so by the Covered Entity. 4.2.3 Establish and implement appropriate procedures, physical, and technical safeguards to prevent improper access, uses, transmissions, or disclosures of PHI and PI for mitigating to the greatest extents possible under the circumstances any deleterious effects from any improper access, use, or disclosure of PHI and PI that Business Associate reports to Covered Entity. Safeguards shall include, but are not limited to, the implementation and use of electronic security measures to safeguard electronic data, requiring employees to agree to access, use, or disclose PHI and PI only as permitted or required by this Agreement and taking related disciplinary action for inappropriate access, use or disclosure as necessary. 4.2.4 Report to Covered Entity’s Privacy Officer, in writing, any suspected or confirmed access, use or disclosure of PHI or PI, regardless of form, not permitted or required by this Agreement of which Business Associate becomes aware within two (2) days of Business Associate’s discovery of such unauthorized use or disclosure. 4.2.5 Ensure that Business Associate’s subcontractors or agents to whom Business Associate provides PHI or PI, received from, created, or received by the Business Associate on behalf of the Covered Entity, agree to the same restrictions and conditions that apply to the Business Associate with respect to PHI and PI, and ensure that its subcontractors or agents agree to establish and implement reasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of all PHI and PI that it creates receives, maintains, or transmits on behalf of Covered Entity. 4.2.6 The Business Associate must make its records, books, accounts, agreements, policies, and procedures available to the Secretary of HHS for determining the Covered Entity’s compliance with the HIPAA Privacy and Security Rules. 4.2.7 Use or disclose to its subcontractors, agents, other third parties, and Covered Entity, only the minimum PHI and PI necessary to perform or fulfill a specific function required or permitted hereunder. 4.2.8 Provide information to Covered Entity to permit Covered Entity to respond to a...

Responsibilities of Business Associate. Business Associate agrees: a. to use appropriate safeguards, and to comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement. b. to report to Covered Entity promptly, but in no case longer than fifteen (15) business days, any use or disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware, including a Breach of Unsecured PHI as required by 45 C.F.R. § 164.410, and any successful Security Incident of which it becomes aware. The Parties acknowledge and agree that this section 4.b. constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required. “Unsuccessful Security Incidents” means, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, or disclosure of PHI. The contact information for the Business Associate and Covered Entity employees to whom reports of unauthorized use or disclosure of PHI, Breaches of Unsecured PHI and successful Security Incidents under this Section shall be made as provided below (as such information may be updated from time to time between the parties). Notification shall be made using the methods as provided in the relevant Underlying Agreement. Business Associate: Xxxxx Xxxxxxxx, Chief Legal & Compliance Officer DeliverHealth Solutions, LLC 0000 Xxxxxxx Xx., Xxxxx 000 Xxxxxxx, XX 00000 Email: xxxxxxxxxx@xxxxxxxxxxxxx.xxx Covered Entity: [Employee Name and Title] [Company Name] [Street Address] [City, State, Zip] [Phone] [Email]

Responsibilities of Business Associate. The Business Associate hereby agrees to do the following: Use and Disclosure: Use and/or disclose PHI only as permitted or required by this Agreement, Health Insurance Portability and Accountability Act (HIPAA), and the Health Information Technology for Economic and Clinical Health Act (HITECH) (Division A, Title XIII of the American Recovery and Reinvestment Act of 2009, Pub. Law 111-5, 2009 HR 1). The Business Associate shall use and disclose PHI only if such use or disclosure, respectively, is in compliance with each applicable requirement of 45 CFR §164.504(e). The Business Associate is directly responsible for full compliance with the privacy provisions of HIPAA and HITECH that apply to the Business Associate to the same extent as the Covered Entity.

Responsibilities of Business Associate a. Business Associate shall not use or disclose any Protected Health Information except as permitted or required by the Agreement, as permitted or required by law, or as otherwise authorized in writing by the Covered Entity, if done by the Covered Entity. Unless otherwise limited herein, Business Associate may use or disclose Protected Health Information for Business Associate’s proper management and administrative services, to carry out legal responsibilities of Business Associate, and to provide data aggregation services relating to health care operations of the Covered Entity if required under the Agreement. b. Business Associate shall not request, use, or disclose more than the minimum amount of Protected Health Information necessary to accomplish the purpose of the use or disclosure. c. Business Associate shall inform the Covered Entity if it or its subcontractors will perform any work outside the U.S. that involves access to, or the disclosure of, Protected Health Information.