Common use of Security of Protected Health Information Clause in Contracts

Security of Protected Health Information. (a) Business Associate has implemented policies and procedures to ensure that its receipt, maintenance, or transmission of all PHI, either electronic or otherwise, on behalf of Covered Entity complies with the applicable administrative, physical, and technical safeguards required protecting the confidentiality, availability and integrity of PHI as required by the HIPAA Privacy Rules and Security Standards. (b) Business Associate agrees that it will ensure that agents or subcontractors agree to implement the applicable administrative, physical, and technical safeguards required to protect the confidentiality, availability and integrity of PHI as required by HIPAA Privacy Rules and Security Standards. (c) Business Associate agrees to report to Covered Entity any Security Incident (as defined 45 C.F.R. Part 164.304) of which it becomes aware. Business Associate agrees to report the Security Incident to the Covered Entity as soon as reasonably practicable, but not later than 10 business days from the date the Business Associate becomes aware of the incident. (d) Business Associate agrees to establish procedures to mitigate, to the extent possible, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Agreement. (e) Business Associate agrees to immediately notify Covered Entity upon discovery of any Breach of Unsecured Protected Health Information (as defined in 45 C.F.R. §§ 164.402 and 164.410) and provide to Covered Entity, to the extent available to Business Associate, all information required to permit Covered Entity to comply with the requirements of 45 C.F.R. Part 164 Subpart D. (f) Covered Entity agrees and understands that the Covered Entity is independently responsible for the security of all PHI in its possession (electronic or otherwise), including all PHI that it receives from outside sources including the Business Associate.

Security of Protected Health Information. (a) Business Associate has implemented policies and procedures to ensure that its receipt, maintenance, or transmission of all PHI, either electronic or otherwise, on behalf of Covered Entity complies with the applicable administrative, physical, and technical safeguards required protecting the confidentiality, availability and integrity of PHI as required by the HIPAA Privacy Rules and Security Standards. (b) Business Associate agrees that it will ensure that agents or subcontractors agree to implement the applicable administrative, physical, and technical safeguards required to protect the confidentiality, availability and integrity of PHI as required by HIPAA Privacy Rules and Security Standards. (c) Business Associate agrees to report to Covered Entity any Security Incident (as defined 45 C.F.R. Part 164.304) of which it becomes aware. Business Associate agrees to report the Security Incident to the Covered Entity as soon as reasonably practicable, but not later than 10 business days from the date the Business Associate becomes aware of the incident.. DocuSign Envelope ID: D3E860D5-63F6-4597-9798-F40AE0C30967 (d) Business Associate agrees to establish procedures to mitigate, to the extent possible, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Agreement. (e) Business Associate agrees to immediately notify Covered Entity upon discovery of any Breach of Unsecured Protected Health Information (as defined in 45 C.F.R. §§ 164.402 and 164.410) and provide to Covered Entity, to the extent available to Business Associate, all information required to permit Covered Entity to comply with the requirements of 45 C.F.R. Part 164 Subpart D. (f) Covered Entity agrees and understands that the Covered Entity is independently responsible for the security of all PHI in its possession (electronic or otherwise), including all PHI that it receives from outside sources including the Business Associate.