Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Obligations and Activities of Business Associate Business Associate agrees to:
a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law;
b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA;
c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware;
d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information;
e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
Power Supply Information and Access to Information POWER SUPPLY INFORMATION
Master Servicer’s Financial Statements and Related Information For each year this Agreement is in effect, the Master Servicer shall submit to the Trustee, any NIMS Insurer, each Rating Agency and the Depositor a copy of its annual unaudited financial statements on or prior to March 15 of each year, beginning March 15, 2006. Such financial statements shall include a balance sheet, income statement, statement of retained earnings, statement of additional paid-in capital, statement of changes in financial position and all related notes and schedules and shall be in comparative form, certified by a nationally recognized firm of Independent Accountants to the effect that such statements were examined and prepared in accordance with generally accepted accounting principles applied on a basis consistent with that of the preceding year.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
How Do I Get More Information? This Notice summarizes the Action, the terms of the Settlements, and your rights and options in connection with the Settlements. More details are in the Settlement Agreements, which are available for your review at xxx.XxxxxxxxxXxxXxxxxxxxxXxxxxxxxxx.xxx. The Settlement Website also has the Second Amended Complaint and other documents relating to the Settlements. You may also call toll-free 0-000-000-0000 or write the Claims Administrator at: Financial Aid Antitrust Settlements, c/o Claims Administrator, 0000 Xxxx Xxxxxx, Xxxxx 0000, Xxxxxxxxxxxx, XX 00000. To: Settlement Class Member Email Address From: Claims Administrator Subject: Notice of Proposed Class Action Settlement – Xxxxx, et al. x. Xxxxx University, et al. Please visit xxx.XxxxxxxxxXxxXxxxxxxxxXxxxxxxxxx.xxx for more information. • The Court has preliminarily approved proposed settlements (“Settlements”) with the following ten schools: Brown University, the University of Chicago, the Trustees of Columbia University in the City of New York, Trustees of Dartmouth College, Duke University, Emory University, Northwestern University, Xxxxxxx Xxxxx Xxxx University, Vanderbilt University, and Yale University (collectively the “Settling Universities”). • The Court has also preliminarily approved a class of students who attended one or more of the Settling Universities during certain time periods. This is referred to as the “Settlement Class,” which is defined in more detail below.
Excluded Information For purposes of this Agreement, the term “confidential and proprietary information” shall not include (i) information already known or independently developed by the recipient without the use of any confidential and proprietary information, or (ii) information known to the public through no wrongful act of the recipient.
Access to Information; Independent Investigation Prior to the execution of this Agreement, the Subscriber has had the opportunity to ask questions of and receive answers from representatives of the Company concerning an investment in the Company, as well as the finances, operations, business and prospects of the Company, and the opportunity to obtain additional information to verify the accuracy of all information so obtained. In determining whether to make this investment, Subscriber has relied solely on Subscriber’s own knowledge and understanding of the Company and its business based upon Subscriber’s own due diligence investigation and the information furnished pursuant to this paragraph. Subscriber understands that no person has been authorized to give any information or to make any representations which were not furnished pursuant to this Section 2 and Subscriber has not relied on any other representations or information in making its investment decision, whether written or oral, relating to the Company, its operations and/or its prospects.
REPORTS AND ACCESS The Advisor agrees to supply such information to the Fund's administrator and to permit such compliance inspections by the Fund's administrator as shall be reasonably necessary to permit the administrator to satisfy its obligations and respond to the reasonable requests of the Trustees.
Information and Access (a) The Company and Parent each shall (and shall cause its Subsidiaries to, and shall use its commercially reasonable efforts to cause, its and their respective Representatives to), upon the reasonable request by the other, furnish to the other, as promptly as practicable, with all information concerning itself, its Representatives and such other matters as may be necessary or advisable in connection with the Schedule 14D-9 or Schedule TO (including with respect to Parent, information concerning the Investors) and any information or documentation to effect the expiration of all waiting periods under applicable Antitrust Laws and all filings, notices, reports, consents, registrations, approvals, permits and authorizations, made or sought by or on behalf of Parent, the Company or any of their respective Affiliates to or from any third party, including any Governmental Entity, in each case necessary or advisable in connection with the Transactions and, with respect to the information supplied in writing by or on behalf of Parent, its Affiliates or its or their respective Representatives for inclusion in or incorporation by reference into the Schedule 14D-9, including with respect to the Investors. Each of Parent and the Company acknowledges and agrees that such information supplied by it pursuant to this Section 7.8(a) (as applicable) will be correct and complete in all material respects at the time so supplied.
(b) In addition to and without limiting the rights and obligations set forth in Section 7.8(a), the Company shall (and shall cause its Subsidiaries to), upon reasonable prior notice, afford Parent and its Representatives reasonable access, during normal business hours, from the date of this Agreement and continuing until the earlier of the Effective Time and the termination of this Agreement pursuant to Article IX, to the Company Employees, agents, properties, offices and other facilities, Contracts, books and records, and, during such period, the Company shall (and shall cause its Subsidiaries to) furnish promptly to Parent all other information and documents concerning or regarding its businesses, properties and assets and personnel as may reasonably be requested by or on behalf of Parent; provided, however, that, subject to compliance with the obligations set forth in Section 7.8(c): (i) neither the Company nor any of its Subsidiaries shall be required to provide such access or furnish such information or documents to the extent doing so would, in the reasonable opinion of the Company’s outside legal counsel result in (A) a violation of applicable Law, (B) the breach of any contractual confidentiality obligations in any Contract with a third party entered into prior to the date of this Agreement or following the date of this Agreement in compliance with Section 7.1 and Section 7.2; (C) waive the protection of any attorney-client privilege or protection (including attorney-client privilege, attorney work-product protections and confidentiality protections) or any other applicable privilege or protection concerning pending or threatened Proceedings, in any material respect; or (D) such information or documents are reasonably pertinent to any adverse Proceeding between the Company and its Affiliates, on the one hand, and Parent and its Affiliates, on the other hand (subject to any rules or guidelines of discovery applicable to such adverse Proceeding); and (ii) in no event shall the work papers of the Company’s and its Subsidiaries’ independent accountants and auditors be accessible to Parent or any of its Representative unless and until such accountants and auditors have provided a consent related thereto in form and substance reasonably acceptable to such auditors or independent accountants. Any investigation conducted pursuant to the access contemplated by this Section 7.8(b) will be conducted in a manner that does not unreasonably interfere with the conduct of the business of the Company and its Subsidiaries and that would not reasonably be expected to create a risk of damage or destruction to any property or assets of the Company or its Subsidiaries. Any access to the properties of the Company and its Subsidiaries shall be subject to the Company’s reasonable security measures and insurance requirements and shall not include the right to perform any “invasive” testing or soil, air or groundwater sampling, including any Phase II environmental assessments. All requests for such access or information made pursuant to this Section 7.8(b) shall be initially directed to the Person set forth on Section 7.8(b) of the Company Disclosure Schedule, which Person may be replaced by the Company at any time by providing written notice to Parent, and any access granted in connection with a request made pursuant to this Section 7.8(b) shall be supervised by such Persons.
(c) In the event that the Company objects to any request submitted pursuant to Section 7.8(b) on the basis of one or more of the matters set forth in clause (i) of Section 7.8(b), it must do so by providing Parent, in reasonable detail, the nature of what is being prevented and/or withheld and the reasons and reasonable support therefor, and prior to preventing such access or withholding such information or documents from Parent and its Representatives, the Company shall cooperate with Parent to make appropriate substitute arrangements to permit reasonable disclosure that does not suffer from any of the impediments expressly set forth in clause (i) of Section 7.8(b) (other than clause (D)) including through the use of commercially reasonable efforts to take such actions and implement appropriate and mutually agreeable measures to as promptly as practicable permit such access and the furnishing of such information and documents in a manner to remove the basis for the objection, including by arrangement of appropriate “counsel-to-counsel” disclosure, clean room procedures, redaction and other customary procedures, entry into a customary joint defense agreement and, with respect to the contractual confidentiality obligations contemplated by clause (i)(B) of Section 7.8(b), obtaining a waiver with respect to or consent under such contractual confidentiality obligations.
(d) Without limiting the generality of the other provisions of this Section 7.8, the Company and Parent, as each deems advisable and necessary, after consultation with their respective outside legal counsel, may reasonably designate competitively sensitive information and documents (including those that relate to valuation of the Company or Parent (as the case may be)) as “Outside Counsel Only Information.” Such information and documents shall only be provided to the outside legal counsel of the Company or Parent (as the case may be), or subject to such other similar restrictions mutually agreed to by the Company and Parent, and subject to any amendment, supplement or other modification to the Confidentiality Agreement or additional confidentiality or joint defense agreement between or among the Company and Parent; provided, however, that, subject to any applicable Laws relating to the exchange of information, the outside legal counsel receiving such information and documents may prepare one or more reports summarizing the results of any analysis of any such shared information and documents, and disclose such reports, other summaries or aggregated information derived from such shared information and documents to Representatives of such outside legal counsel’s client.
(e) No access or information provided to Parent or any of its Representatives or to the Company or any of its Representatives following the date of this Agreement, whether pursuant to this Section 7.8 or otherwise, shall affect or be deemed to affect, modify or waive the representations and warranties of the Parties set forth in this Agreement and, for the avoidance of doubt, all information and documents disclosed or otherwise made available pursuant to Section 7.5, Section 7.6, this Section 7.8 or otherwise in connection with this Agreement and the Transactions shall be governed by the terms and conditions of the Confidentiality Agreement mutatis mutandis as if Parent were Counterparty (as defined in the Confidentiality Agreement) and subject to applicable Laws relating to the exchange or sharing of information and any restrictions or requirements imposed by any Governmental Entity; provided, that, in the event of a conflict, the provisions of Section 7.13 shall override any conflicting provisions of the Confidentiality Agreement, and any Person who is a potential source of, or may provide, equity, debt or any other type of financing to Parent or any of its Representatives in connection with the Transactions shall be deemed a “Representative” for purposes of the Confidentiality Agreement without the prior written consent of the Company.
