Use and Disclosure of Protected Health Information. Business Associate may use and disclose Protected Health Information as permitted or required under this BA Agreement, the Service Agreement, and as Required by Law, but Business Associate shall not otherwise use or disclose any Protected Health Information. Business Associate shall not use or disclose Protected Health Information received from Covered Entity in any manner that would constitute a violation of the HIPAA Rules if so used or disclosed by Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, Business Associate is permitted to use or disclose Protected Health Information as set forth below: (a) Business Associate may use Protected Health Information internally for Business Associate’s proper management and administrative services or to carry out its legal responsibilities. (b) Business Associate may disclose Protected Health Information to a third-party for Business Associate’s proper management and administration, provided that: (i) the disclosure is Required by Law; (ii) Business Associate makes the disclosure pursuant to an agreement consistent with Section 6 of this BA Agreement; or (iii) Business Associate makes the disclosure pursuant to a written confidentiality agreement under which the third-party is required to: (A) protect the confidentiality of the Protected Health Information; (B) only use or further disclose the Protected Health Information as Required by Law or for the purpose for which it was disclosed to the third-party; and (C) notify Covered Entity of any acquisition, access, use, or disclosure of Protected Health Information in a manner not permitted by the confidentiality agreement. (c) Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under the Service Agreement. (d) Business Associate may de-identify any and all Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any location, and use such de-identified data, all in accordance with the de-identification requirements of the Privacy Rule.
Appears in 2 contracts
Samples: Surgeryplus Services Agreement, Surgeryplus Services Agreement
Use and Disclosure of Protected Health Information. The Business Associate may agrees that it and its employees, officers, and directors (collectively, its “Employees”) will not use and or disclose the Protected Health Information provided to it by the Covered Entity under the Loan Agreement except as permitted or required under this BA Agreement, by the Service Agreement, and Loan Agreement or as otherwise Required by Law, but Business Associate shall not otherwise use or disclose any Protected Health Information. Business Associate shall not use or disclose and will require that each of its agents, including subcontractors (collectively, its “Agents”), to whom it provides Protected Health Information received from from, or created or received by the Business Associate on behalf of, the Covered Entity agrees in any manner that would constitute a violation of writing to the HIPAA Rules if so used or disclosed by Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA same restrictions and conditions that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, Business Associate is permitted throughout this Exhibit E with respect to use or disclose such information. Further, the Business Associate may:
a. Use the Protected Health Information as set forth below:
(a) received by the Business Associate may use Protected Health Information internally in its capacity as the Business Associate if necessary for the proper management and administration of the Business Associate’s proper management and administrative services business or to carry out its legal responsibilities.; or,
(b) Business Associate may disclose b. Disclose the Protected Health Information to a third-party for received by the Business Associate’s proper management and administration, provided thatAssociate in its capacity as the Business Associate if:
(i) the disclosure is Required by Law;; or,
(ii) the Business Associate makes obtains reasonable assurances from the disclosure pursuant person to an agreement consistent with Section 6 of this BA Agreement; or
(iii) Business Associate makes the disclosure pursuant to a written confidentiality agreement under which the third-party is required to: (A) protect the confidentiality of the Protected Health Information; (B) only use or further disclose whom the Protected Health Information is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the third-party; person, and (C) the person agrees in writing to notify Covered Entity the Business Associate of any acquisitioninstances of which it is aware in which the confidentiality of the Protected Health Information has been breached; or,
c. De-identify Protected Health Information and may aggregate, accessmanipulate, use, or disclosure of Protected Health Information in a manner not permitted by the confidentiality agreement.
(c) Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under the Service Agreement.
(d) Business Associate may de-identify any disclose, sell, publish and all Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any location, and use distribute such de-identified data, all information and data provided that such de-identification is in accordance with HIPAA; or
d. Except as otherwise limited in this Exhibit E, use or disclose the de-identification requirements Protected Health Information for the purpose of exercising any of its rights or obligations under the Loan Documents, provided that such use or disclosure would not violate the Privacy RuleRule or the Security Rule if done by the Covered Entity.
Appears in 2 contracts
Samples: Loan and Security Agreement (Lawton Surgery Investment Company, LLC), Loan and Security Agreement (NPMC Holdings, LLC)
Use and Disclosure of Protected Health Information. Business Associate may use and disclose Protected Health Information as permitted or required under this BA Agreement, the Service Agreement, and as Required by Law, but Business Associate shall not otherwise use or disclose any Protected Health Information. Business Associate shall not use or disclose Protected Health Information (as defined in the Privacy Rule), received from Covered Entity in any manner that would constitute a violation of the HIPAA Rules if so used from, or disclosed by received or created on behalf of, Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, except as follows:
(a) Business Associate is permitted to use or disclose Protected Health Information as set forth below:
(a) Business Associate may use Protected Health Information internally for Business Associate’s proper management and administrative services permitted or to carry out its legal responsibilitiesrequired by this Agreement or as required by law.
(b) Business Associate may is permitted to use or disclose Protected Health Information to a third-party perform functions, activities and services for, or on behalf of, Covered Entity pursuant to an Applicable Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity.
(c) Business Associate is permitted to use Protected Health Information for Business Associate’s the proper management and administrationadministration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(d) Business Associate is permitted to disclose Protected Health Information for the proper management and administration of the Business Associate, provided that:
that (i) the such disclosure is Required required by Law;
law or (ii) Business Associate makes obtains reasonable assurance from the disclosure pursuant person or entity to an agreement consistent with Section 6 of this BA Agreement; or
(iii) Business Associate makes the disclosure pursuant to a written confidentiality agreement under which the third-party is required to: (A) protect the confidentiality of the Protected Health Information; (B) only use or further disclose whom the Protected Health Information as Required by Law will be disclosed that it will remain confidential and be used or further disclosed only for the specific purpose for which Business Associate disclosed it was disclosed to the third-party; person or organization or as required by law, and (C) the person or entity will notify Covered Entity Business Associate of any acquisition, access, use, instance of which the person or disclosure organization becomes aware in which the confidentiality of such Protected Health Information was breached.
(e) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an individual for an accounting of disclosures o Protected health information in a manner not permitted by the confidentiality agreementaccordance with 45 C.F.R. § 164.528.
(cf) Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or as permitted under the Service Agreementby 45 C.F.R. § 164.504(e)(2)(i)(B).
(dg) Business Associate may de-identify any use Protected health Information to report violations of law to appropriate Federal and all Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any locationstate authorities, and use such de-identified data, all in accordance consistent with the de-identification requirements of the Privacy Rule§ 164.502(j)(1).
Appears in 2 contracts
Samples: Business Associate Agreement, Business Associate Agreement
Use and Disclosure of Protected Health Information. The Business Associate may agrees that it and its employees, officers, and directors (collectively, its “Employees”) will not use and or disclose the Protected Health Information provided to it by the Covered Entity under the Loan Agreement except as permitted or required under this BA by the Loan Agreement, provided such use or disclosure would not violate HIPAA if done by the Service AgreementCovered Entity, and or as otherwise Required by Law, but Business Associate shall not otherwise use or disclose any Protected Health Information. Business Associate shall not use or disclose and will require that each of its agents, including subcontractors (collectively, its “Agents”), to whom it provides Protected Health Information received from from, or created or received by the Business Associate on behalf of, the Covered Entity agrees in any manner that would constitute a violation of writing to the HIPAA Rules if so used or disclosed by Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA same restrictions and conditions that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, Business Associate is permitted throughout this Exhibit E with respect to use or disclose such information. Further, the Business Associate may:
a. Use the Protected Health Information as set forth below:
(a) received by the Business Associate may use Protected Health Information internally in its capacity as the Business Associate if necessary for the proper management and administration of the Business Associate’s proper management and administrative services business or to carry out its legal responsibilities.; or,
(b) Business Associate may disclose b. Disclose the Protected Health Information to a third-party for received by the Business Associate’s proper management and administration, provided thatAssociate in its capacity as the Business Associate if:
(i) the disclosure is Required by Law;; or,
(ii) the Business Associate makes obtains reasonable assurances from the disclosure pursuant person to an agreement consistent with Section 6 of this BA Agreement; or
(iii) Business Associate makes the disclosure pursuant to a written confidentiality agreement under which the third-party is required to: (A) protect the confidentiality of the Protected Health Information; (B) only use or further disclose whom the Protected Health Information is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the third-party; person, and (C) the person agrees in writing to notify Covered Entity the Business Associate of any acquisitioninstances of which it is aware in which the confidentiality of the Protected Health Information has been breached; or,
c. De-identify Protected Health Information and may aggregate, accessmanipulate, use, or disclosure of Protected Health Information in a manner not permitted by the confidentiality agreement.
(c) Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under the Service Agreement.
(d) Business Associate may de-identify any disclose, sell, publish and all Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any location, and use distribute such de-identified data, all information and data provided that such de-identification is in accordance with HIPAA; or
d. Except as otherwise limited in this Exhibit E, use or disclose the de-identification requirements Protected Health Information for the purpose of exercising any of its rights or obligations under the Loan Documents, provided that such use or disclosure would not violate the Privacy RuleRule or the Security Rule if done by the Covered Entity.
Appears in 1 contract
Use and Disclosure of Protected Health Information. Business Associate may use and disclose Protected Health Information as permitted or required under this BA Agreement, the Service Agreement, and as Required by Law, but Business Associate shall not otherwise use or disclose any Protected Health Information. Business Associate shall not use or disclose Protected Health Information (as defined in the Privacy Rule), received from Covered Entity in any manner that would constitute a violation of the HIPAA Rules if so used from, or disclosed by received or created on behalf of, Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, except as follows:
(a) Business Associate is permitted to use or disclose Protected Health Information as set forth below:
(a) Business Associate may use Protected Health Information internally for Business Associate’s proper management and administrative services permitted or to carry out its legal responsibilitiesrequired by this Agreement or as required by law.
(b) Business Associate may is permitted to use or disclose Protected Health Information to a third-party perform functions, activities and services for, or on behalf of, Covered Entity pursuant to an Applicable Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity.
(c) Business Associate is permitted to use Protected Health Information for Business Associate’s the proper management and administrationadministration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(d) Business Associate is permitted to disclose Protected Health Information for the proper management and administration of the Business Associate, provided that:
that (i) the such disclosure is Required required by Law;
law or (ii) Business Associate makes obtains reasonable assurance from the disclosure pursuant person or entity to an agreement consistent with Section 6 of this BA Agreement; or
(iii) Business Associate makes the disclosure pursuant to a written confidentiality agreement under which the third-party is required to: (A) protect the confidentiality of the Protected Health Information; (B) only use or further disclose whom the Protected Health Information as Required by Law will be disclosed that it will remain confidential and be used or further disclosed only for the specific purpose for which Business Associate disclosed it was disclosed to the third-party; person or organization or as required by law, and the person or entity will notify Business Associate of any instance of which the person or organization becomes aware in which the confidentiality of such Protected Health Information was breached.
(Ce) notify Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an individual for an accounting of any acquisition, access, use, or disclosure disclosures of Protected Health Information in a manner not permitted by the confidentiality agreementaccordance with 45 C.F.R. § 164.528.
(cf) Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or as permitted under the Service Agreementby 45 C.F.R. § 164.504(e)(2)(i)(B).
(dg) Business Associate may de-identify any and all use Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any locationto report violations of law to appropriate Federal and state authorities, and use such de-identified data, all in accordance consistent with the de-identification requirements of the Privacy Rule§ 164.502(j)(1).
Appears in 1 contract
Samples: Business Associate Agreement
Use and Disclosure of Protected Health Information. Business Associate may may:
1. request the Minimum Necessary Protected Health Information on PHPNI’s behalf, and use and disclose the Minimum Necessary Protected Health Information it creates, transmits or receives for or from PHPNI as permitted or required under by the agreement between the parties, subject to the limitations of this BA Agreement, the Service Agreement, and as Required by Law, but Business Associate shall not otherwise for the following purpose(s):
2. use or disclose any Protected Health Information. Business Associate shall not use or disclose the Minimum Necessary Protected Health Information received it creates, transmits or receives for or from Covered Entity in any manner that would constitute a violation of the HIPAA Rules if so used or disclosed by Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, Business Associate is permitted to use or disclose Protected Health Information PHPNI as set forth below:
(a) Business Associate may use Protected Health Information internally necessary for Business Associate’s proper management and administrative services administration or to carry out its legal responsibilities.as Required by Law;
(b) Business Associate may 3. disclose the Minimum Necessary Protected Health Information to a third-party as necessary for Business Associate’s proper management and administration, provided that:
(ia) the disclosure is Required by Law, including under 45 CRF 164.502(c)(4); or
b) Business Associate enters into a written contract with any person or organization to which Business Associate will disclose such Protected Health Information that the person or organization will:
(i) hold such Protected Health Information in confidence and use or further disclose it only for the purpose for which Business Associate disclosed it to the person or organization or as Required by Law;
(ii) agree to comply with the same privacy and security obligations and restrictions that apply to Business Associate makes the disclosure pursuant with respect to an agreement consistent with Section 6 of such Protected Health Information as set forth in this BA AgreementAgreement or otherwise required by law; orand
(iii) immediately notify Business Associate makes the disclosure pursuant to a written confidentiality agreement under (who will in turn immediately notify PHPNI) of any instance of which the thirdperson or organization becomes aware of or suspects a Privacy Incident or Security Incident. Business Associate shall require the person or organization to make such report to Business Associate no later than twenty-party is required to: four (A24) protect hours after learning of or otherwise suspecting such Privacy or Security Incident.
4. Except as stated herein, Business Associate shall not use any genetic information for purposes of underwriting.
5. To the confidentiality extent Business Associate assists PHPNI, Business Associate must support PHPNI in providing, upon request of an individual , an accounting of disclosures electronic health record within prior 3 years, as well as an electronic copy of the Protected Health Information; (B) only use or further disclose the Protected Health Information PHI that is on electronic record.
6. Make available PHI in a designated record set for PHPNI as Required by Law or for the purpose for which it was disclosed necessary to satisfy PHP’s obligation under 45 CFR § 164.524.
7. Make its internal practices, books and records available to the third-party; and Secretary (Cof HHS) notify Covered Entity for purposes of any acquisition, access, use, or disclosure of Protected Health Information in a manner not permitted by the confidentiality agreementdetermining compliance with HIPAA.
(c) Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under the Service Agreement.
(d) Business Associate may de-identify any and all Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any location, and use such de-identified data, all in accordance with the de-identification requirements of the Privacy Rule.
Appears in 1 contract
Samples: Brokerage Agreement
Use and Disclosure of Protected Health Information. Business Associate may use and disclose Protected Health Information as permitted or required under this BA Agreement, the Service Agreement, and as Required by Law, but Business Associate shall not otherwise use or disclose any Protected Health Information. Business Associate shall not use or disclose “Protected Health Information Information” (as defined in the Privacy Rule), received from Covered Entity in any manner that would constitute a violation of the HIPAA Rules if so used from, or disclosed by received or created on behalf of, Covered Entity. To the extent Business Associate carries out any of Covered Entity’s obligations under HIPAA, Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, except as follows:
(i) Business Associate is permitted to use or disclose Protected Health Information as set forth below:
(a) Business Associate may use Protected Health Information internally for Business Associate’s proper management and administrative services permitted or to carry out its legal responsibilitiesrequired by this Agreement or as required by law.
(b) Business Associate may disclose Protected Health Information to a third-party for Business Associate’s proper management and administration, provided that:
(i) the disclosure is Required by Law;
(ii) Business Associate makes the disclosure is permitted to use or disclose Protected Health Information to perform functions, activities and services for, or on behalf of, Covered Entity pursuant to an agreement consistent with Section 6 of this BA Applicable Agreement; or, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity.
(iii) Business Associate makes the disclosure pursuant is permitted to a written confidentiality agreement under which the third-party is required to: (A) protect the confidentiality of the Protected Health Information; (B) only use or further disclose the Protected Health Information as Required by Law or for business planning and development (a health care operations function) on behalf of the Covered Entity.
(iv) Business Associate is permitted to use Protected Health Information for the purpose proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(v) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for which it was disclosed to the third-party; and (C) notify Covered Entity to respond to a request by an individual for an accounting of any acquisition, access, use, or disclosure disclosures of Protected Health Information in a manner not permitted by the confidentiality agreementaccordance with 45 C.F.R. § 164.528.
(cvi) Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or as permitted under the Service Agreementby 45 C.F.R. § 164.504(e)(2)(i)(B).
(dvii) Business Associate may de-identify any and all use Protected Health Information obtained by Business Associate under this BA Agreement or the Service Agreement at any locationto report violations of law to appropriate Federal and state authorities, and use such de-identified data, all in accordance consistent with the de-identification requirements of the Privacy Rule§ 164.502(j)(1).
Appears in 1 contract
Samples: Practitioner Terms and Conditions
