Common use of Use and Disclosure of PHI Clause in Contracts

Use and Disclosure of PHI. Subcontractor may use and disclose PHI as permitted or required under this Agreement or as Required by Law, but shall not otherwise use or disclose any PHI. Subcontractor shall not use or disclose PHI in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Covered Entities (except as set forth in Sections 2.1(a), (b) and (c) of this Agreement). To the extent Subcontractor carries out any of Business Associate’s or the Covered Entities’ obligations under the HIPAA privacy standards, Subcontractor shall comply with the requirements of the HIPAA privacy standards that apply to the Service Company or the Covered Entities (as applicable) in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor is permitted to use or disclose PHI as set forth below: (a) Subcontractor may use PHI internally for Subcontractor’s proper management and administrative services or to carry out its legal responsibilities; (b) Subcontractor may disclose PHI to a third party for the Subcontractor’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it was disclosed to the third party and (3) notify the Service Company of any instances of which the third party is aware in which the confidentiality of the PHI has been breached; (c) Subcontractor may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Covered Entities if required or permitted under this Agreement; (d) Subcontractor may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor may disclose de-identified health information for any purpose permitted by law; and (e) Subcontractor may use PHI about an Individual to request the Individual’s authorization to use or disclose PHI.

Use and Disclosure of PHI. Subcontractor Cue may use and disclose PHI as permitted or required under this Agreement these Terms or as Required by Law, Law but shall not otherwise use or disclose any PHI. Subcontractor Cue shall not use or disclose PHI received from Your Covered Entity in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Your Covered Entities Entity (except as set forth in Sections 2.1(a), (b) and (c) of this Agreementthese BA Terms). To the extent Subcontractor Cue carries out any of Business AssociateYour Covered Entity’s or the Covered Entities’ obligations under the HIPAA privacy standards, Subcontractor Cue shall comply with the requirements of the HIPAA privacy standards that apply to the Service Company or the Your Covered Entities (as applicable) Entity in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor Cue is permitted to use or disclose PHI as set forth below: (a) Subcontractor i. Cue may use PHI internally for SubcontractorCue’s proper management and administrative services or to carry out its legal responsibilities;administration or (b) Subcontractor ii. Cue may disclose PHI to a third party for the SubcontractorXxx’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor Cue obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it the PHI was disclosed to the third party and (3) notify the Service Company Your Covered Entity of any instances of which the third party is aware in which the confidentiality of the PHI has been breached; (c) Subcontractor iii. Cue may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Your Covered Entities Entity if required or permitted under this Agreementthese Terms; (d) Subcontractor iv. Cue may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor Cue may use or disclose de-identified health information for any purpose permitted by law; v. Cue may submit PHI for reporting to federal, state, or local public health authorities when permitted or required; vi. Cue may use and disclose PHI to request an authorization, consent or other form of permission from an Individual and may use and disclose PHI in accordance with any such permission obtained from an Individual; and (e) Subcontractor vii. Cue may use and disclose PHI about an Individual to request the Individual’s authorization to use or disclose PHI(including, without limitation, a Limited Data Set) for Research as permitted by HIPAA and other applicable law.

Use and Disclosure of PHI. Subcontractor Company may use and disclose PHI as permitted or required under this Agreement (including this Addendum) or as Required by Law, but shall not otherwise use or disclose any PHI. Subcontractor Company shall not use or disclose PHI received from Covered Entity in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Covered Entities Entity (except as set forth in Sections 2.1(a), (b) and (c) of this AgreementAddendum). To the extent Subcontractor Company carries out any of Business AssociateCovered Entity’s or the Covered Entities’ obligations under the HIPAA privacy standardsPrivacy Rule, Subcontractor Company shall comply with the requirements of the HIPAA privacy standards PrivacyRule that apply to the Service Company or the Covered Entities (as applicable) Entity in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor Company is permitted to use or disclose PHI as set forth below: (a) Subcontractor Company may use PHI internally for SubcontractorCompany’s proper management and administrative services administration or to carry out its legal responsibilities;. (b) Subcontractor Company may disclose PHI to a third party for the SubcontractorCompany’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor Company obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality confidentially of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it the PHI was disclosed to the third party and (3) notify the Service Company of any instances of which the third party person is aware in which the confidentiality of the PHI has been breached;. (c) Subcontractor Company may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Covered Entities Entity if required or permitted under this Agreement;. (d) Subcontractor Business Associate may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor Business Associate may disclose de-identified health information for any purpose permitted by law; and (e) Subcontractor may use PHI about an Individual to request the Individual’s authorization to use or disclose PHI.

Use and Disclosure of PHI. Subcontractor AASM may use and disclose PHI as permitted or required under this Agreement (including this Addendum) or as Required by Law, but shall not otherwise use or disclose any PHI. Subcontractor AASM shall not use or disclose PHI received from User in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Covered Entities User (except as set forth in Sections 2.1(a), (b) and (c) of this AgreementAddendum). To the extent Subcontractor AASM carries out any of Business AssociateUser’s or the Covered Entities’ obligations under the HIPAA privacy standards, Subcontractor AASM shall comply with the requirements of the HIPAA privacy standards that apply to the Service Company or the Covered Entities (as applicable) User in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor AASM is permitted to use or disclose PHI as set forth below: (a) Subcontractor AASM may use PHI internally for SubcontractorAASM’s proper management and administrative services administration or to carry out its legal responsibilities;. (b) Subcontractor AASM may disclose PHI to a third party for the SubcontractorAASM’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor AASM obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it the PHI was disclosed to the third party and (3) notify the Service Company AASM of any instances of which the third party is aware in which the confidentiality of the PHI has been breached;. (c) Subcontractor AASM may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Covered Entities User if required or permitted under this Agreement;. (d) Subcontractor Business Associate may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor Business Associate may disclose de-identified health information for any purpose permitted by law; and (e) Subcontractor may use PHI about an Individual to request the Individual’s authorization to use or disclose PHI.

Use and Disclosure of PHI. Subcontractor gMed may use and disclose PHI as permitted or required under this Agreement (including this Addendum) or as Required by Law, but shall not otherwise use or disclose any PHI. Subcontractor gMed shall not use or disclose PHI received from the Client in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Covered Entities Client (except as set forth in Sections 2.1(a), (b) and (c) of this AgreementAddendum). To the extent Subcontractor gMed carries out any of Business Associatethe Client’s or the Covered Entities’ obligations under the HIPAA privacy standardsPrivacy Rule, Subcontractor gMed shall comply with the requirements of the HIPAA privacy standards Privacy Rule that apply to the Service Company or the Covered Entities (as applicable) Client in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor gMed is permitted to use or disclose PHI as set forth below: (a) Subcontractor gMed may use PHI internally for SubcontractorgMed’s proper management and administrative services or to carry out its legal responsibilities; (b) Subcontractor gMed may disclose PHI to a third party for the SubcontractorgMed’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor gMed obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will will (1) protect the confidentiality confidentially of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it the PHI was disclosed to the third party and (3) notify the Service Company gMed of any instances of which the third party person is aware in which the confidentiality of the PHI has been breached; (c) Subcontractor gMed may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Covered Entities if required or permitted under this Agreement;as defined by HIPAA; and (d) Subcontractor gMed may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor Without limiting any other rights of gMed under this Agreement, gMed may use, create, sell, disclose to third parties and otherwise exploit de- identified health information for any purposes not prohibited by law. gMed owns all right, title and interest in such de-identified health information for and any purpose permitted data, information and material created by law; and (egMed with such de-identified health information. For the avoidance of doubt, the second and third sentences of this Section 2.1(d) Subcontractor may use PHI about an Individual to request shall survive the Individual’s authorization to use expiration or disclose PHIearlier termination of this Agreement.

Use and Disclosure of PHI. Subcontractor MMBS may use and disclose PHI as permitted or required under this Agreement (including this Addendum) or as Required by Law, but shall not otherwise use or disclose any PHI. Subcontractor MMBS shall not use or disclose PHI received from the Medical Practice in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Covered Entities Medical Practice (except as set forth in Sections 2.1(a), (b) and (c) of this AgreementAddendum). To the extent Subcontractor MMBS carries out any of Business Associatethe Medical Practice’s or the Covered Entities’ obligations under the HIPAA privacy standardsPrivacy Rule, Subcontractor MMBS shall comply with the requirements of the HIPAA privacy standards Privacy Rule that apply to the Service Company or the Covered Entities (as applicable) Medical Practice in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor MMBS is permitted to use or disclose PHI as set forth below: (a) Subcontractor MMBS may use PHI internally for SubcontractorMMBS’s proper management and administrative services or to carry out its legal responsibilities; (b) Subcontractor MMBS may disclose PHI to a third party for the SubcontractorMMBS’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor MMBS obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality confidentially of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it the PHI was disclosed to the third party and (3) notify the Service Company MMBS of any instances of which the third party person is aware in which the confidentiality of the PHI has been breached; (c) Subcontractor MMBS may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Covered Entities if required or permitted under this Agreement;as defined by HIPAA; and (d) Subcontractor MMBS may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor Without limiting any other rights of MMBS under this Agreement, MMBS may use, create, sell, disclose to third parties and otherwise exploit de-identified health information for any purpose permitted purposes not prohibited by law; and (e. MMBS owns all right, title and interest in such de-identified health information and any data, information and material created by MMBS with such de-identified health information. For the avoidance of doubt, the second and third sentences of this Section 2.1(d) Subcontractor may use PHI about an Individual to request shall survive the Individual’s authorization to use expiration or disclose PHIearlier termination of this Agreement.

Use and Disclosure of PHI. Subcontractor Business Associate may use and disclose PHI as permitted or required under the Terms of Use, this Agreement or BAA and as Required by Law, but shall not otherwise use or disclose any PHI. Subcontractor Business Associate shall not use or disclose PHI received from Covered Entity in any manner that would constitute a violation of HIPAA if so used or disclosed by the Service Company or the Covered Entities Entity (except as set forth in Sections 2.1(a), (b) and (c) of this AgreementBAA). To the extent Subcontractor Business Associate carries out any of Business AssociateCovered Entity’s or the Covered Entities’ obligations under the HIPAA privacy standards, Subcontractor Business Associate shall comply with the requirements of the HIPAA privacy standards that apply to the Service Company or the Covered Entities (as applicable) Entity in the performance of such obligations. Without limiting the generality of the foregoing, Subcontractor Business Associate is permitted to use or disclose PHI as set forth below: (a) Subcontractor Business Associate may use PHI internally for Subcontractor’s its proper management and administrative services or to carry out its legal responsibilities; (b) Subcontractor Business Associate may disclose PHI to a third party for the SubcontractorBusiness Associate’s proper management and administration, provided that the disclosure is Required by Law or Subcontractor Business Associate obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will will (1) protect the confidentiality of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which it the PHI was disclosed to the third party and (3) notify the Service Company Business Associate of any instances of which the third party person is aware in which the confidentiality of the PHI has been breached;; and (c) Subcontractor Business Associate may use PHI to provide Data Aggregation services relating to the Health Care Operations of the Service Company or the Covered Entities if required or permitted under this Agreement; (d) Subcontractor may use PHI as defined by HIPAA and to create de-identified health information in accordance with the HIPAA de-identification requirements. Subcontractor may disclose de-identified health information for any purpose permitted by law; and (e) Subcontractor may use PHI about an Individual to request the Individual’s authorization to use or disclose PHI.