Permitted Uses and Disclosures of PHI and the third party notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
Permitted Uses and Disclosures i. Business Associate shall use and disclose PHI only to accomplish Business Associate’s obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements of Subpart E that apply to Covered Entity in the performance of such obligation.
ii. Business Associate may disclose PHI to carry out the legal responsibilities of Business Associate, provided, that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required by Law or for the purpose for which Business Associate originally disclosed the information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity. Business Associate may de-identify any or all PHI created or received by Business Associate under this Agreement, provided the de-identification conforms to the requirements of the HIPAA Rules.
Permitted Uses and Disclosures of Phi by Business Associate Except as otherwise indicated in this Agreement, Business Associate may use or disclose PHI, inclusive of de-identified data derived from such PHI, only to perform functions, activities or services specified in this Agreement on behalf of DHCS, provided that such use or disclosure would not violate HIPAA or other applicable laws if done by DHCS.
Permitted Uses and Disclosures by Business Associate Except as otherwise limited by this Agreement, Business Associate may make any uses and disclosures of Protected Health Information necessary to perform its services to Covered Entity and otherwise meet its obligations under this Agreement, if such use or disclosure would not violate the Privacy Rule if done by Covered Entity. All other uses or disclosures by Business Associate not authorized by this Agreement or by specific instruction of Covered Entity are prohibited.
Prohibited Uses and Disclosures BA shall not use or disclose PHI other than as permitted or required by the Contract and Addendum, or as required by law. BA shall not use or disclose Protected Information for fundraising or marketing purposes. BA shall not disclose Protected Information to a health plan for payment or health care operation purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates [42 U.S.C. Section 17935(a) and 45 C.F.R. Section 164.522(a)(vi)]. BA shall not directly or indirectly receive remuneration in exchange for Protected Information, except with the prior written consent of CE and as permitted by the HITECH Act, 42 U.S.C. Section 17935(d)(2), and the HIPAA regulations, 45 C.F.R. Section 164.502(a)(5)(ii); however, this prohibition shall not affect payment by CE to BA for services provided pursuant to the Contract.
Records Audit and Disclosure 5.01 Access to records, books, and documents
5.02 Response/compliance with audit or inspection findings
A. At Performing Agency's sole expense, Performing Agency must take action to ensure its or a Subcontractor’s compliance with a correction of any finding of noncompliance with any law, regulation, audit requirement, or generally accepted accounting principle relating to the Services and Deliverables or any other deficiency contained in any audit, review, or inspection conducted under the Contract. Whether Performing Agency's action corrects the noncompliance shall be solely the decision of the System Agency.
B. As part of the Services, Performing Agency must provide to HHSC upon request a copy of those portions of Performing Agency's and its Subcontractors' internal audit reports relating to the Services and Deliverables provided to the State under the Contract.
Permitted Uses and Disclosure by Business Associate (1) General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
PERMITTED USES AND DISCLOSURES BY CONTRACTOR Except as otherwise limited in this Schedule, Contractor may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, County as specified in the Agreement; provided that such use or disclosure would not violate the Privacy Rule if done by County.
General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
Use and Disclosure All Confidential Information of a party will be held in confidence by the other party with at least the same degree of care as such party protects its own confidential or proprietary information of like kind and import, but not less than a reasonable degree of care. Neither party will disclose in any manner Confidential Information of the other party in any form to any person or entity without the other party’s prior consent. However, each party may disclose relevant aspects of the other party’s Confidential Information to its officers, affiliates, agents, subcontractors and employees to the extent reasonably necessary to perform its duties and obligations under this Agreement and such disclosure is not prohibited by applicable law. Without limiting the foregoing, each party will implement physical and other security measures and controls designed to protect (a) the security and confidentiality of Confidential Information; (b) against any threats or hazards to the security and integrity of Confidential Information; and (c) against any unauthorized access to or use of Confidential Information. To the extent that a party delegates any duties and responsibilities under this Agreement to an agent or other subcontractor, the party ensures that such agent and subcontractor are contractually bound to confidentiality terms consistent with the terms of this Section 11.
