Obligations and Activities of Business Associate Sample Clauses

Obligations and Activities of Business Associate. Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.

Obligations and Activities of Business Associate a. Business Associate agrees to not Use or further Disclose PHI other than as permitted or required by this BAA or as required by law. b. Business Associate agrees to use appropriate safeguards, and comply, as applicable, with Subpart C of 45 CFR §164 with respect to electronic PHI, to prevent Uses or Disclosures of the PHI other than as provided for by this BAA or the Agreement; however, the parties acknowledge and agree it shall be the responsibility of Customer and not Business Associate to comply with requirements under 45 CFR §164.312 to implement encryption or decryption mechanisms for electronic PHI maintained on physical media (e.g. tapes) stored by Customer with Business Associate. c. Business Associate agrees to promptly report to Customer any Security Incident, Breach, or other Use or Disclosure of PHI of which it becomes aware that is not permitted or required by this BAA or the Agreement. In the event of a Breach, such notification shall be made in accordance with and as required of a business associate by the HIPAA Rules, including without limitation pursuant to 45 CFR 164.410, but in no event more than three (3) business days after Business Associate has completed its internal investigation and confirmed a Breach as occurred. Business Associate will provide reasonable assistance and cooperation in the investigation of any such Breach and shall document the specific Deposits which have been compromised, the identity of any unauthorized third party who may have accessed or received the PHI, if known, and any actions that have been taken by Business Associate to mitigate the effects of such Breach. d. Business Associate shall, in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), as applicable, ensure that any business associate that is a subcontractor that creates, receives, maintains, or transmits PHI on behalf of Business Associate for the purpose of assisting in providing services pursuant to the Agreement, agrees to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such PHI through this BAA. e. If Business Associate has custody of PHI in a Designated Record Set with respect to Individuals, and if Customer so requests, Business Associate agrees to provide access to such PHI to Customer by retrieving and delivering such PHI in accordance with the terms and conditions of the Agreement, so that Customer may respond to an Individual in order to meet the requirements of 45 CFR §164.524....

Obligations and Activities of Business Associate. Business Associate agrees to:

Obligations and Activities of Business Associate. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Contract or another duly executed agreement with Covered Entity, or as Required by Law. Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Contract and in accordance with HIPAA standards. Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic protected health information that it creates, receives, maintains, or transmits on behalf of Covered Entity. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Contract. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Contract, or any security incident of which it becomes aware. Business Associate agrees, in accordance with 45 C.F.R. §§ 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit protected health information on behalf of Business Associate, agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information. Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of Covered Entity, and in the time and manner designated by Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by Covered Entity to an Individual for such records; the amount permitted by state law; or Business Associate’s actual cost of postage, labor and supplies for complying with the request. Business Associate agrees to make any amendments to PHI in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of Covered Entity, and in the time and manner designated by Covered Entity. Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the u...

Obligations and Activities of Business Associate. Business Associate may use PHI for the following functions, activities, or services for or on behalf of Covered Entity provided that such use would not violate this Agreement, the HIPAA regulations the Privacy Rule, or Notice of Privacy Practices if done by Covered Entity. In the event that this Agreement conflicts and any other written agreement made between the parties, relating to the exchange of PHI, this Agreement shall control. Business Associate's access to and use of the PHI is limited to the provision of services by the Business Associate on behalf the Covered Entity set forth in the contract between the Business Associate and the Covered Entity. Business Associate may further disclose PHI to a subcontractor/person for the proper management and administration of Business Associate, provided that such disclosure is Required by Law, or would not violate this Agreement, the Privacy Rule, or Notice of Privacy Practices if done by Covered Entity, and Business Associate executes an additional business associates agreement as Required by Law or for the purpose for which it was disclosed to the person, and the subcontractor/person notifies Business Associate of any instances of which it is aware in which PHI has been disclosed. In the event that this agreement conflicts with any other agreement relating to the access or use of PHI, this agreement shall control. Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law. In the event that this agreement conflicts with any other agreement relating to the access or use of PHI, this agreement shall control. Business Associate agrees to implement and use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate's operations and the nature and scope of its activities. Business Associate agrees to take prompt corrective action to mitigate any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. Business Associate agrees to notify Covered Entity of any use or disclosure of PHI not provided for by this Agreement, or the Privacy Rule, or of any suspected or actual breach of se...

Obligations and Activities of Business Associate a. Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law. b. Business Associate agrees to use appropriate safeguards and comply with subpart C of 45 CFR part 164 with respect to electronic protected health information, to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 169.410 and any security incident of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. f. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner (within 30 calendar days following written request from Covered Entity) or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the HIPAA Rules. g. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. h. Business Associate agrees to provide to Covered Entity or an Individual, within 30 calendar days after written request, information collected in accordance with Section 1. g., of this Agreement, to permit Covered Entity to respond to a request by an I...

Obligations and Activities of Business Associate a. Business Associate shall implement appropriate safeguards to prevent unauthorized use or disclosure of all PHI in accordance with HIPAA Privacy Rule and Security Rule with regard to electronic PHI, and Part 2, as applicable. b. The Business Associate shall immediately notify the Covered Entity’s Privacy Officer at the following email address, XXXXXxxxxxxXxxxxxx@xxxx.xx.xxx after the Business Associate has determined that any use or disclosure not provided for by its contract, including any known or suspected privacy or security incident or breach has occurred potentially exposing or compromising the PHI. This includes inadvertent or accidental uses or disclosures or breaches of unsecured protected health information. c. In the event of a breach, the Business Associate shall comply with the terms of this Business Associate Agreement, all applicable state and federal laws and regulations and any additional requirements of the Agreement. d. The Business Associate shall perform a risk assessment, based on the information available at the time it becomes aware of any known or suspected privacy or security breach as described above and communicate the risk assessment to the Covered Entity. The risk assessment shall include, but not be limited to: I. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification; II. The unauthorized person who accessed, used, disclosed, or received the protected health information; III. Whether the protected health information was actually acquired or viewed; and IV. How the risk of loss of confidentiality to the protected health information has been mitigated. e. The Business Associate shall complete a risk assessment report at the conclusion of its incident or breach investigation and provide the findings in a written report to the Covered Entity as soon as practicable after the conclusion of the Business Associate’s investigation. f. Business Associate shall make available all of its internal policies and procedures, books and records relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of Covered Entity to the US Secretary of Health and Human Services for purposes of determining the Business Associate’s and the Covered Entity’s compliance with HIPAA and the Privacy and Security Rule, and Part 2, if applicable. g. Business Associate shall require all of its business associates that ...

Obligations and Activities of Business Associate. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.

Obligations and Activities of Business Associate a. Business Associate agrees to not use or further disclose PHI other than as permitted or required by this Agreement, as Required by Law or as permitted by law, provided such use or disclosure would also be permissible by law by Covered Entity. b. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement. Business Associate agrees to implement Administrative Safeguards, Physical Safeguards and Technical Safeguards (“Safeguards”) that reasonably and appropriately protect the confidentiality, integrity and availability of PHI as required by the “Security Rule”, including those safeguards required pursuant to 45 C.F.R. §§ 164.308, 164.310, 164.312, 164.314 and 164.316, in the same manner that those requirements apply to Covered Entity pursuant to 45 C.F.R. § 164.504. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity any use or disclosure for the PHI not provided for by this Agreement, including breaches of unsecured PHI as required by 45 C.F.R. § 164.410, and any Security Incident of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor or vendor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information through a contractual arrangement that complies with 45 C.F.R. § 164.314. f. Business Associate agrees to provide paper or electronic access, at the request of Covered Entity and in the time and manner designated by Covered Entity, to PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. If the Individual requests an electronic copy of the information, Business Associate must provide Covered Entity with the information requested in the electronic form and format requested by the Individual and/or Covered Entity if it is readily producible in such form and format; or, if not, in a readable electronic form and format as requested by Covered Entity. g. Business Associate agrees to make any amendment(s) to P...

Obligations and Activities of Business Associate. Business Associate agrees to: not use or disclose PHI other than as permitted or required by the this BAA or as Required By Law. use commercially reasonable and appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provide for by this BAA. in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. report, within thirty (30) days of becoming aware, to Covered Entity any use or disclosure of the PHI not provided for by this BAA, any breaches of Unsecured PHI as required at 45 C.F.R. 164.410, and any Security Incident of which it becomes aware. make available PHI in a Designated Record Set to the individual or the individual’s designee as necessary to satisfy Covered Entity’s obligation under 45 C.F.R. § 164.524. Business Associate will, at the request of the Individual or Covered Entity, provide a copy of PHI directly to the Individual or the Individual’s designee. make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under C.F.R. § 164.526. maintain and make available the information required to provide an accounting of disclosures to the Individual as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528. comply with the requirements of Subpart E of 45 C.F.R. Part 164 to the extent Business Associate is to carry out on or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164. make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.