Common use of Use and Disclosure of PHI Clause in Contracts

Use and Disclosure of PHI. Business Associate agrees not to use or disclose PHI other than as permitted or required by this BA Agreement or as Required by Law. Business Associate may: (a) use or disclose PHI to perform the Services for, or on behalf of, Covered Entity, provided that such use or disclosure would not violate the HIPAA Privacy Rule if done by Covered Entity; (b) use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate and disclose PHI for the proper management and administration of Business Associate, provided that disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; (c) use PHI to provide Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B); and (d) use PHI to report violations of law or certain other conduct to appropriate federal and state authorities or other designated officials in a manner consistent with 45 CFR § 164.502(j)(1).

Use and Disclosure of PHI. Business Associate Service Provider agrees not to use or disclose PHI other than as permitted or required by this BA Agreement or as Required by Law. Business Associate Service Provider may: (a) use or disclose PHI to perform the Services for, for or on behalf of, Covered Entityof Company, provided that such use or disclosure would not violate the HIPAA Privacy Rule if done by Covered EntityCompany or Company’s Customers; (b) use PHI for the proper management and administration of Business Associate Service Provider or to carry out the legal responsibilities of Business Associate Service Provider and disclose PHI for the proper management and administration of Business AssociateAssociate Service Provider, provided that disclosures are Required by Law, or Business Associate Service Provider obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate Service Provider of any instances of which it is aware in which the confidentiality of the information has been breached; (c) use PHI to provide Data Aggregation services to Covered Entity Company as permitted by 45 CFR § 164.504(e)(2)(i)(B); and (d) use PHI to report violations of law or certain other conduct to appropriate federal and state authorities or other designated officials in a manner consistent with 45 CFR § 164.502(j)(1).

Use and Disclosure of PHI. 2.1. Business Associate agrees to not to use or disclose PHI other than as permitted or required by this BA Agreement or as Required by By Law. 2.2. Business Associate may: (a) a. use or disclose PHI to perform the Services functions, activities, or services for, or on behalf of, Covered EntityEntity as specified in the Service Agreement, provided that such use or disclosure would not violate the HIPAA Privacy Rule if done by Covered Entity; (b) b. use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate and disclose PHI for the proper management and administration of Business Associate, provided that disclosures are Required by By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by By Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached; (c) c. use PHI to provide Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B); and (d) d. use PHI to report violations of law or certain other conduct to appropriate federal and state authorities or other designated officials in a manner authorities, consistent with 45 CFR § 164.502(j)(1).