OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Obligations and Activities of Business Associate Business Associate agrees to:
a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law;
b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA;
c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware;
d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information;
e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
Servicers to Service Mortgage Loans For and on behalf of the Certificateholders, the NMC Servicer shall service and administer the NMC Mortgage Loans, the BAFSB Servicer shall service and administer the BAFSB Mortgage Loans and the BANA Servicer shall service and administer the BAFSB Mortgage Loans, all in accordance with the terms of this Agreement, Customary Servicing Procedures, applicable law and the terms of the Mortgage Notes and Mortgages. In connection with such servicing and administration, each Servicer shall have full power and authority, acting alone and/or through Subservicers as provided in Section 3.02, to do or cause to be done any and all things that it may deem necessary or desirable in connection with such servicing and administration including, but not limited to, the power and authority, subject to the terms hereof, (a) to execute and deliver, on behalf of the Certificateholders and the Trustee, customary consents or waivers and other instruments and documents, (b) to consent, with respect to the Mortgage Loans it services, to transfers of any Mortgaged Property and assumptions of the Mortgage Notes and related Mortgages (but only in the manner provided in this Agreement), (c) to collect any Insurance Proceeds and other Liquidation Proceeds relating to the Mortgage Loans it services, and (d) to effectuate foreclosure or other conversion of the ownership of the Mortgaged Property securing any Mortgage Loan it services. Each Servicer shall represent and protect the interests of the Trust in the same manner as it protects its own interests in mortgage loans in its own portfolio in any claim, proceeding or litigation regarding a Mortgage Loan and shall not make or permit any modification, waiver or amendment of any term of any Mortgage Loan, except as provided pursuant to Section 3.21. Without limiting the generality of the foregoing, each Servicer, in its own name or in the name of any Subservicer or the Depositor and the Trustee, is hereby authorized and empowered by the Depositor and the Trustee, when such Servicer or any Subservicer, as the case may be, believes it appropriate in its reasonable judgment, to execute and deliver, on behalf of the Trustee, the Depositor, the Certificateholders or any of them, any and all instruments of satisfaction or cancellation, or of partial or full release or discharge, and all other comparable instruments, with respect to the Mortgage Loans it services, and with respect to the related Mortgaged Properties held for the benefit of the Certificateholders. Each Servicer shall prepare and deliver to the Depositor and/or the Trustee such documents requiring execution and delivery by either or both of them as are necessary or appropriate to enable such Servicer to service and administer the Mortgage Loans it services to the extent that such Servicer is not permitted to execute and deliver such documents pursuant to the preceding sentence. Upon receipt of such documents, the Depositor and/or the Trustee, upon the direction of the related Servicer, shall promptly execute such documents and deliver them to the related Servicer. In accordance with the standards of the preceding paragraph, each Servicer shall advance or cause to be advanced funds as necessary for the purpose of effecting the payment of taxes and assessments on the Mortgaged Properties relating to the Mortgage Loans it services, which Servicing Advances shall be reimbursable in the first instance from related collections from the Mortgagors pursuant to Section 3.09, and further as provided in Section 3.11. The costs incurred by the Servicers, if any, in effecting the timely payments of taxes and assessments on the Mortgaged Properties and related insurance premiums shall not, for the purpose of calculating monthly distributions to the Certificateholders, be added to the Stated Principal Balances of the related Mortgage Loans, notwithstanding that the terms of such Mortgage Loans so permit. The relationship of each Servicer (and of any successor to any Servicer as servicer under this Agreement) to the Trustee under this Agreement is intended by the parties to be that of an independent contractor and not that of a joint venturer, partner or agent.
Sub-Advisor Compliance Policies and Procedures The Sub-Advisor shall promptly provide the Trust CCO with copies of: (i) the Sub-Advisor’s policies and procedures for compliance by the Sub-Advisor with the Federal Securities Laws (together, the “Sub-Advisor Compliance Procedures”), and (ii) any material changes to the Sub-Advisor Compliance Procedures. The Sub-Advisor shall cooperate fully with the Trust CCO so as to facilitate the Trust CCO’s performance of the Trust CCO’s responsibilities under Rule 38a-1 to review, evaluate and report to the Trust’s Board of Trustees on the operation of the Sub-Advisor Compliance Procedures, and shall promptly report to the Trust CCO any Material Compliance Matter arising under the Sub-Advisor Compliance Procedures involving the Sub-Advisor Assets. The Sub-Advisor shall provide to the Trust CCO: (i) quarterly reports confirming the Sub-Advisor’s compliance with the Sub-Advisor Compliance Procedures in managing the Sub-Advisor Assets, and (ii) certifications that there were no Material Compliance Matters involving the Sub-Advisor that arose under the Sub-Advisor Compliance Procedures that affected the Sub-Advisor Assets. At least annually, the Sub-Advisor shall provide a certification to the Trust CCO to the effect that the Sub-Advisor has in place and has implemented policies and procedures that are reasonably designed to ensure compliance by the Sub-Advisor with the Federal Securities Laws.
STUDENT TUITION RECOVERY FUND You must pay the state-imposed assessment for the Student Tuition Recovery Fund (STRF) if the following applies to you:
1. You are a student in an educational program, who is a California resident, or are enrolled in a residency program, and prepay all of part of your tuition either by cash, guaranteed student loans, or personal loans, and
2. Your total charges are not paid by any third-party payer such as an employer, government program or other payer unless you have a separate agreement to repay the third party. You are not eligible for protection from the STRF and you are not required to pay the STRF assessment if either of the following applies:
1. You are not a California resident, or are not enrolled in a residency program, or
2. Your total charges are paid by a third party, such as an employer, government program or other payer, and you have no separate agreement to repay the third party. The State of California created the Student Tuition Recovery Fund (STRF) to relieve or mitigate economic losses suffered by students in educational programs who are California residents, or are enrolled in a residency programs attending certain schools regulated by the Bureau for Private Postsecondary and Vocational Education. You may be eligible for STRF if you are a California resident or are enrolled in a residency program, prepaid tuition, paid the STRF assessment, and suffered an economic loss as a result of any of the following:
1. The school closed before the course of instruction was completed.
2. The school’s failure to pay refunds or charges on behalf of a student to a third party for license fees or any other purpose, or to provide equipment or materials for which a charge was collected within 180 days before the closure of the school.
3. The school’s failure to pay or reimburse loan proceeds under a federally guaranteed student loan program as required by law or to pay or reimburse proceeds received by the school prior to closure in excess of tuition and other costs.
4. There was a material failure to comply with the Act or this Division within 30 days before the school closed or, if the material failure began earlier than 30 days prior to closure, the period determined by the Bureau.
5. An inability after diligent efforts to prosecute, prove, and collect on a judgment against the institution for a violation of the Act.
Disaster Recovery and Business Continuity The Parties shall comply with the provisions of Schedule 5 (Disaster Recovery and Business Continuity).
Course Curriculum, Instruction, and Grading X. Xxxx College courses offered as dual credit, regardless of where they are taught, follow the same syllabus, course outline, textbook, grading method, and other academic policies as the courses outlined in the Hill College catalog.
B. Approved courses being taught for dual credit must follow the approved master syllabus of the discipline and of Hill College.
C. Textbooks should be identical to those approved for use by Hill College. Should an instructor propose an alternative textbook, the textbook must be approved in advance by the appropriate instructional department of Hill College and the Vice President of Instruction. Other instructional materials for dual credit/concurrent courses must be identical or at an equivalent level to materials used by Hill College.
D. Courses which result in college‐level credit will follow the standard grading practices of Hill College, as identified by college policy and as identified in the appropriately approved course syllabus. The grades used in college records are A (excellent), B (above average), C (average), D (below average), F (failure), I (incomplete), W (withdrawn), WC (withdrawn COVID). The lowest passing grade is D. Grade point averages are computed by assigning values to each grade as follows: A = 4 points, B = 3 points, C = 2 points, D = 1 point, and F = 0 points. Grading criteria may be devised by Hill College and the ISD to allow faculty the opportunity to award high school credit only or high school and college credit depending upon student performance.
E. Faculty, who are responsible for teaching dual credit/concurrent classes, are responsible for keeping appropriate records, certifying census date rosters, providing interim grade reports, certifying final grade reports at the end of the semester, certifying attendance, and providing other reports and information as may be required by Hill College and/or the School District.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Emergency Mode Operation Plan Contractor must establish a documented plan to enable continuation of critical business processes and protection of the security of electronic County PHI or PI in the event of an emergency. Emergency means any circumstance or situation that causes normal computer operations to become unavailable for use in performing the work required under this Agreement for more than twenty-four (24) hours.
Responsibilities of Business Associate Business Associate agrees:
