Common use of Use or Disclosure of PHI Clause in Contracts

Use or Disclosure of PHI. Outside Entity shall not use or disclose PHI received from Connecticut Children’s in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA. Outside Entity shall require that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of Connecticut Children’s only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed through the System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other patient care records, or as required by state and federal law. A. Outside Entity agrees to implement and utilize the System and shall provide Connecticut Children’s with access to a patient’s EHR that are created, maintained, transmitted, or received using the System when such patient is also a patient of Connecticut Children’s solely for the purposes of treatment, payment, or health care operations to the extent permitted without patient authorization by HIPAA. Outside Entity shall use the System in accordance with any applicable network security policies issued by Connecticut Children’s from time to time. Connecticut Children’s will provide Outside Entity with such policies upon request and will notify Outside Entity of any material changes to such policies. B. Connecticut Children’s and Outside Entity shall comply in all material respects with the standards for privacy of individually identifiable health information of the Administrative Simplification subtitle of HIPAA. Connecticut Children’s and Outside Entity recognize their status as “covered entities” under HIPAA and agree to carry out their responsibilities under this Agreement in accordance with such status. Additionally, the Outside Entity shall not redisclose Connecticut Children’s records except for the purpose of treatment, payment or healthcare operations, or as permitted by applicable law.

Use or Disclosure of PHI. Outside Entity shall not use or disclose PHI received from Connecticut Children’s in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA. Outside Entity shall require ensure that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of Connecticut Children’s only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed through the System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other patient care records, or as required by state and federal law. A. Outside Entity agrees to implement and utilize the System and shall provide Connecticut Children’s with access to a patient’s EHR that are created, maintained, transmitted, or received using the System when such patient is also a patient of Connecticut Children’s solely for the purposes of treatment, payment, or health care operations to the extent permitted without patient authorization by HIPAA. Outside Entity shall use the System in accordance with any applicable network security policies issued by Connecticut Children’s from time to time. Connecticut Children’s will provide Outside Entity with such policies upon request and will notify Outside Entity of any material changes to such policies. B. Connecticut Children’s and Outside Entity shall comply in all material respects with the standards for privacy of individually identifiable health information of the Administrative Simplification subtitle of HIPAA. Connecticut Children’s and Outside Entity recognize their status as “covered entities” under HIPAA and agree to carry out their responsibilities under this Agreement in accordance with such status. Additionally, the Outside Entity shall not redisclose Connecticut Children’s records except for the purpose of treatment, payment or healthcare operations, or as permitted by applicable law.

Use or Disclosure of PHI. A. Outside Entity shall not use or disclose PHI received from Connecticut Children’s ESSENTIA HEALTH in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA. Outside Entity shall require ensure that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of Connecticut Children’s ESSENTIA HEALTH only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed through the System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other patient care records, or as required by state and federal law. A. B. Outside Entity agrees to implement and utilize the System and shall provide Connecticut Children’s ESSENTIA HEALTH with access to a patient’s EHR that are is created, maintained, transmitted, or received using the System when such patient is also a patient of Connecticut Children’s ESSENTIA HEALTH solely for the purposes of treatment, payment, or health care operations to the extent permitted without patient authorization by HIPAA. Outside Entity shall use the System in accordance with any applicable network security policies issued by Connecticut Children’s ESSENTIA HEALTH from time to time. Connecticut Children’s will provide Outside Entity with such policies upon request and will notify Outside Entity of any material changes to such policies. B. Connecticut Children’s C. ESSENTIA HEALTH and Outside Entity shall comply in all material respects with the standards for privacy of individually identifiable health information of the Administrative Simplification subtitle of HIPAA. Connecticut Children’s ESSENTIA HEALTH and Outside Entity recognize their status as “covered entities” under HIPAA and agree to carry out their responsibilities under this Agreement in accordance with such status. Additionally, the Outside Entity shall not redisclose Connecticut Children’s records except for the purpose of treatment, payment or healthcare operations, or as permitted by applicable law.

Use or Disclosure of PHI. A. Outside Entity shall not use or disclose PHI received from Connecticut Children’s Cone Health in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA. Outside Entity shall require ensure that only its directors, officers, employees, contractors, and agents Authorized Users use or disclose PHI received from, or created or received on behalf of Connecticut Children’s of, Cone Health only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed accessed, viewed, or downloaded through the System will be maintained in the strictest confidentiality confidence and, at a minimum, as required by state and federal law. In the event that the privacy and security standards employed by Outside Entity exceed state and federal requirements, Outside Entity shall protect such data in the same manner as Outside Entity safeguards the confidentiality of other patient care records, . Outside Entity further agrees that it will implement all appropriate safeguards to prevent unauthorized use or as required by state and federal lawdisclosure of PHI or intrusion to Cone Health systems. A. B. Outside Entity agrees to implement and utilize the System and shall provide Connecticut Children’s Cone Health with access to a patient’s and/or member’s EHR located on any system implemented or utilized by Outside Entity that are created, maintained, transmitted, or received using the System when such patient and/or member is also a patient of Connecticut Children’s Cone Health. Cone Health agrees that such EHR shall be used solely for the purposes of treatment, payment, or health care operations to the extent permitted without patient authorization by HIPAA. Such access to the EHR shall be granted by Outside Entity to Cone Health only to the extent that Cone Health needs access to the information contained in the EHR for treatment, payment, and certain healthcare operations purposes. Further, such access shall be subject to Cone Health's agreement to a separate data access agreement with terms that are similar to the ones contained in this Agreement. Outside Entity shall use the System in accordance with any applicable network security policies issued by Connecticut Children’s Cone Health from time to time. Connecticut Children’s will provide Outside Entity with such policies upon request and will notify Outside Entity of any material changes to such policies. B. Connecticut Children’s X. Xxxx Health and Outside Entity shall comply in all material respects with the standards for privacy of individually identifiable health information of the Administrative Simplification subtitle of HIPAAHIPAA and state law, as applicable. Connecticut Children’s and If applicable, Outside Entity recognize their recognizes its status as a “covered entitiesentity” under HIPAA and agree agrees to carry out their its responsibilities under this Agreement in accordance with such status. Additionally, the Outside Entity shall not redisclose Connecticut Children’s records except for the purpose of treatment, payment or healthcare operations, or as permitted by applicable law.