Obligations and Activities of Business Associate Sample Clauses

Obligations and Activities of Business Associate. Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
Sample 1Sample 2Sample 3See All (223)
AutoNDA by SimpleDocs
Obligations and Activities of Business Associate a. Business Associate agrees to not Use or Disclose PHI other than as permitted or required by the Service Agreement or as Required by Law. b. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI (ePHI) to prevent Use or Disclosure of PHI other than as provided for by this Agreement. c. Business Associate agrees to notify DOM without unreasonable delay and no later than seventy-two (72) hours after discovery, of any Use or Disclosure of PHI not provided for by this Agreement of which it becomes aware, and any Security Incident of which it becomes aware. d. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in Violation of the requirements of this Agreement and take prompt steps to prevent the recurrence of any Incident, including any action required by applicable federal and state laws and regulations. e. Business Associate agrees to notify DOM without unreasonable delay, and no later than seventy-two (72) hours after discovery of any actual or suspected Breach of Unsecured PHI, all in accordance with 45 C.F.R. § 164.410. The notification shall include, to the extent possible and subsequently as the information becomes available, the identification of all Individuals whose Unsecured PHI is reasonably believed by Business Associate to have been Breached along with any other available information that is required to be included in the notification to the Individual, HHS, and/or the media, all in accordance with the data Breach notification requirements set forth in 45 C.F.R.§ 164.410. f. Once an actual or suspected Breach is reported to DOM, Business Associate agrees to provide a written assessment to determine whether the incident is reportable within ten (10) working days. An impermissible Use or Disclosure of protected health information is presumed to be a Breach unless the DOM or Business Associate, as applicable, demonstrates there is a low probability the PHI has been compromised or one of the exceptions to the definition of Breach applies, all in accordance with 45 C.F.R. § 164.410. g. Business Associate agrees to fully cooperate, coordinate with, and assist XXX in gathering information necessary to notify the affected individuals and government agencies following an Incident to ensure that any notices sent in connection with the Incident are, subject to...
Sample 1Sample 2Sample 3See All (124)
Obligations and Activities of Business Associate. Business Associate agrees to:
Sample 1Sample 2Sample 3See All (101)
Obligations and Activities of Business Associate. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Contract or another duly executed agreement with Covered Entity, or as Required by Law. Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Contract and in accordance with HIPAA standards. Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic protected health information that it creates, receives, maintains, or transmits on behalf of Covered Entity. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Contract. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Contract, or any security incident of which it becomes aware. Business Associate agrees, in accordance with 45 C.F.R. §§ 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit protected health information on behalf of Business Associate, agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information. Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of Covered Entity, and in the time and manner designated by Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by Covered Entity to an Individual for such records; the amount permitted by state law; or Business Associate’s actual cost of postage, labor and supplies for complying with the request. Business Associate agrees to make any amendments to PHI in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of Covered Entity, and in the time and manner designated by Covered Entity. Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the u...
Sample 1Sample 2Sample 3See All (89)
Obligations and Activities of Business Associate. Business Associate may use PHI for the following functions, activities, or services for or on behalf of Covered Entity provided that such use would not violate this Agreement, the HIPAA regulations the Privacy Rule, or Notice of Privacy Practices if done by Covered Entity. In the event that this Agreement conflicts and any other written agreement made between the parties, relating to the exchange of PHI, this Agreement shall control. Business Associate's access to and use of the PHI is limited to the provision of services by the Business Associate on behalf the Covered Entity set forth in the contract between the Business Associate and the Covered Entity. Business Associate may further disclose PHI to a subcontractor/person for the proper management and administration of Business Associate, provided that such disclosure is Required by Law, or would not violate this Agreement, the Privacy Rule, or Notice of Privacy Practices if done by Covered Entity, and Business Associate executes an additional business associates agreement as Required by Law or for the purpose for which it was disclosed to the person, and the subcontractor/person notifies Business Associate of any instances of which it is aware in which PHI has been disclosed. In the event that this agreement conflicts with any other agreement relating to the access or use of PHI, this agreement shall control. Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law. In the event that this agreement conflicts with any other agreement relating to the access or use of PHI, this agreement shall control. Business Associate agrees to implement and use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate's operations and the nature and scope of its activities. Business Associate agrees to take prompt corrective action to mitigate any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. Business Associate agrees to notify Covered Entity of any use or disclosure of PHI not provided for by this Agreement, or the Privacy Rule, or of any suspected or actual breach of se...
Sample 1Sample 2Sample 3See All (63)
Obligations and Activities of Business Associate a. Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law. b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. f. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules. g. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an I...
Sample 1Sample 2Sample 3See All (62)
Obligations and Activities of Business Associate a. Business Associate shall implement appropriate safeguards to prevent unauthorized use or disclosure of all PHI in accordance with HIPAA Privacy Rule and Security Rule with regard to electronic PHI, and Part 2, as applicable. b. The Business Associate shall immediately notify the Covered Entity’s Privacy Officer at the following email address, XXXXXxxxxxxXxxxxxx@xxxx.xx.xxx after the Business Associate has determined that any use or disclosure not provided for by its contract, including any known or suspected privacy or security incident or breach has occurred potentially exposing or compromising the PHI. This includes inadvertent or accidental uses or disclosures or breaches of unsecured protected health information. c. In the event of a breach, the Business Associate shall comply with the terms of this Business Associate Agreement, all applicable state and federal laws and regulations and any additional requirements of the Agreement. d. The Business Associate shall perform a risk assessment, based on the information available at the time it becomes aware of any known or suspected privacy or security breach as described above and communicate the risk assessment to the Covered Entity. The risk assessment shall include, but not be limited to: I. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification; II. The unauthorized person who accessed, used, disclosed, or received the protected health information; III. Whether the protected health information was actually acquired or viewed; and IV. How the risk of loss of confidentiality to the protected health information has been mitigated. e. The Business Associate shall complete a risk assessment report at the conclusion of its incident or breach investigation and provide the findings in a written report to the Covered Entity as soon as practicable after the conclusion of the Business Associate’s investigation. f. Business Associate shall make available all of its internal policies and procedures, books and records relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of Covered Entity to the US Secretary of Health and Human Services for purposes of determining the Business Associate’s and the Covered Entity’s compliance with HIPAA and the Privacy and Security Rule, and Part 2, if applicable. g. Business Associate shall require all of its business associates that ...
Sample 1Sample 2Sample 3See All (41)
AutoNDA by SimpleDocs
Obligations and Activities of Business Associate. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
Sample 1Sample 2Sample 3See All (28)
Obligations and Activities of Business Associate a. Business Associate agrees to not use or further disclose PHI other than as permitted or required by this Agreement, as Required by Law or as permitted by law, provided such use or disclosure would also be permissible by law by Covered Entity. b. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement. Business Associate agrees to implement Administrative Safeguards, Physical Safeguards and Technical Safeguards (“Safeguards”) that reasonably and appropriately protect the confidentiality, integrity and availability of PHI as required by the “Security Rule”, including those safeguards required pursuant to 45 C.F.R. §§ 164.308, 164.310, 164.312, 164.314 and 164.316, in the same manner that those requirements apply to Covered Entity pursuant to 45 C.F.R. § 164.504. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity any use or disclosure for the PHI not provided for by this Agreement, including breaches of unsecured PHI as required by 45 C.F.R. § 164.410, and any Security Incident of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor or vendor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information through a contractual arrangement that complies with 45 C.F.R. § 164.314. f. Business Associate agrees to provide paper or electronic access, at the request of Covered Entity and in the time and manner designated by Covered Entity, to PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. If the Individual requests an electronic copy of the information, Business Associate must provide Covered Entity with the information requested in the electronic form and format requested by the Individual and/or Covered Entity if it is readily producible in such form and format; or, if not, in a readable electronic form and format as requested by Covered Entity. g. Business Associate agrees to make any amendment(s) to P...
Sample 1Sample 2See All (24)
Obligations and Activities of Business Associate. 2.1 Business Associate agrees to: 2.1.1 Not use or disclose protected health information other than as permitted or required by this Attachment or as required by law; 2.1.2 Use appropriate administrative safeguards as set forth at 45 CRF164.308, physical safeguards as set forth at 45 CRF164.310, and technical safeguards as set forth at 45 CFR 164.312; including, policies and procedures regarding the protection of PHI and/or ePHI set forth at 45 CRF 164.316 and the provisions of training on such policies and procedures to applicable employees, independent contractors and volunteers, that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI and/or ePHI that the Network Service Provider creates, receives, maintains or transmits on behalf of the Managing Entity and/or the Department; 2.1.3 Acknowledge that (a) the foregoing safeguards, policies and procedures requirements shall apply to the Business Associate in the same manner that such requirements apply to the Managing Entity and/or the Department, and (b) the Business Associates and their Subcontractors are directly liable under the civil and criminal enforcement provisions set forth at Section 13404 of the HITECH Act and 45 CRF 164.500 and 164.502(E) of the Privacy Rule (42 U.S.C. 1320d-5 and 1320d-6), as amended, for failure to comply with the safeguards, policies and procedures requirements and any guidance issued by the Secretary of Health and Human Services with respect to such requirements; 2.1.4 Report to covered entity any use or disclosure of protected health information not provided for by this Attachment of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;
Sample 1Sample 2Sample 3See All (19)
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!