Common use of RESPONSIBILITIES OF THE PARTIES WITH RESPECT TO PROTECTED HEALTH INFORMATION Clause in Contracts

RESPONSIBILITIES OF THE PARTIES WITH RESPECT TO PROTECTED HEALTH INFORMATION. 2.1 Responsibilities of the Business Associate: With regard to its use and/or disclosure of Protected Health Information, the Business Associate hereby agrees to abide by all applicable state and federal laws regarding the privacy and security of individually identifiable health information, including without limitation Protected Health Information, and to do the following: a. use and/or disclose the Protected Health Information only as permitted or required by this Agreement or as otherwise required by law; b. use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic protected health information, in putting systems in place to secure and prevent use or disclosure of protected health information other than as provided by the Agreement; c. report to the Designated Privacy Officer (as defined under 45 C.F.R. 164.530(a)(1)) of the Covered Entity, in writing, any use and/or disclosure of the Protected Health Information that is not permitted or required by this Agreement of which the Business Associate becomes aware within 5 (five) days of the Business Associate’s discovery of such unauthorized use and/or disclosure; d. report to the Covered Entity within ten (10) days of a request by the Covered Entity, all disclosures of Protected Health Information to a third party for a purpose other than Treatment, Health Care Operations or Payment (each as defined in the Standards). The report will identify (i) the subject of the Protected Health Information (i.e., the patient name or identifier); (ii) the Protected Health Information disclosed; and (iii) the purpose of the disclosure in accordance with the accounting requirements of 45 C.F.R. 164.528. e. establish procedures for mitigating any deleterious effects from any improper use and/or disclosure of Protected Health Information that the Business Associate reports to the Covered Entity; f. use commercially reasonable efforts to maintain the security of Protected Health Information and to prevent unauthorized use and/or disclosure of such Protected Health Information; g. require all of its subcontractors and agents that receive, use or have access to Protected Health Information under this Agreement to agree in writing to adhere to the same restrictions and conditions on the use and/or disclosure of Protected Health Information that apply to the Business Associate; h. make available all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to the Secretary of the Department of Health and Human Services (“DHHS”) for purposes of determining the Covered Entity’s compliance with the privacy regulation, subject to attorney-client and other applicable privileges; i. Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 C.F.R. 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 C.F.R. 164.526; j. upon prior written request, make available during normal business hours at Business Associate’s offices all records, books, agreements, policies and procedures related to the use and/or disclosure of Protected Health Information to the Covered Entity within 15 days for purposes of enabling the Covered Entity to determine the Business Associate’s compliance with the terms of this Agreement; k. within 45 days of receiving a written request from the Covered Entity, provide to the Covered Entity such information as requested to permit the Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual’s Protected Health Information in accordance with 45 C.F.R. 164.528; and l. disclose to its subcontractors, agents or other third parties, and request from Covered Entity, only the minimum Protected Health Information necessary to perform or fulfill a specific function required or permitted hereunder.