We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content.

For more information visit our privacy policy.

Obligations and Activities of Business Associates Sample Clauses

Obligations and Activities of Business Associates. (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law. (2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards. (3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity. (4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract. (5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware. (6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. (7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request. (8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity. (9) Business Associate agrees to make internal practices, books, and records, inclu...
AutoNDA by SimpleDocs
Obligations and Activities of Business AssociatesBusiness Associate agrees to comply with the provisions applicable tobusiness associates” imposed by HIPAA Rules, including the following:
Obligations and Activities of Business Associates. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law. Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards. Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic protected health information that it creates, receives, maintains, or transmits on behalf of the Covered Entity. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any security incident of which it becomes aware. Business Associate agrees in accordance with 45 C.F.R. § 502(e)(1)(ii) and § 164.308(d)(2), if applicable, to ensure that any subcontractor that creates, receives, maintains or transmits PHI on behalf of the Business Associate agrees to the same restrictions, conditions and requirements that apply to the Business Associate with respect to such information.
Obligations and Activities of Business Associates a. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law. DocuSign Envelope ID: ECA2080F-F2BD-440A-B380-0243D9E67ACE b. Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards. c. Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic protected health information that it creates, receives, maintains, or transmits on behalf of the Covered Entity. d. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract. e. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any security incident of which it becomes aware. f. Business Associate agrees in accordance with 45 C.F.R. § 502(e)(1)(ii) and § 164.308(d)(2), if applicable, to ensure that any subcontractor that creates, receives, maintains or transmits PHI on behalf of the Business Associate agrees to the same restrictions, conditions and requirements that apply to the Business Associate with respect to such information. g. Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request. h. Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity. i. Business Associate agree...
Obligations and Activities of Business Associates. (a) Business Associate acknowledges and agrees that all Protected Health Information that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity’s behalf shall be subject to this Agreement. (b) Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by the Agreement or as required by law. (c) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. (d) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is know to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. (e) Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement. (f) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. (g) Business Associate agrees to make available Protected Health Information to the extent and in the manner required by Section 164.524 of the HIPAA Security and Privacy Rules. (h) Business Associate agrees to make Protected Health Information available for amendment and incorporate any amendments to Protected Health Information in accordance with the requirements of Section 164.526 of the HIPAA Security and Privacy Rules. (i) Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary of Health and Human Services. (j) Business Associate agrees to document any disclosures of and make Protected Health Information available for purposes of accounting of disclosures, as required by Section 164.528 of...
Obligations and Activities of Business Associates. Business Associate: Acknowledges and agrees that all PHI that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity’s behalf shall be subject to this Agreement. In accordance with 45 CFR 164.308(b) and 164.502(e), will ensure that its agents, including a Subcontractor, to whom it provides PHI received from or created by Business Associate on behalf of Covered Entity, agrees to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ or agents’ actions or omissions do not cause Business Associate to breach the terms of this Agreement. Will implement appropriate technical, physical, and administrative safeguards to (1) prevent the use or disclosure of PHI other than as permitted in this Agreement; (2) reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, maintains or transmits on behalf of Covered Entity; and (3comply with the requirements set forth in 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316, as may be amended from time to time. Agrees to report to covered entity as soon as practicable but no later than five (5) business days after any discovery of (1) any use or disclosure of PHI not permitted under this Agreement of which it becomes aware or reasonably should have been aware; and (2) any Security Incident of which Business Associate becomes aware or reasonably should have been aware. The parties acknowledge and agree that notice to the Covered Entity is not required for Unsuccessful Security Incidents. Unsuccessful Security Incident means, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. Agrees, within ten (10) business days of written request from Covered Ent...
Obligations and Activities of Business Associates. Each Business Associate agrees to: (a) Not use or disclose PHI other than as permitted or required by this Agreement, or as required by law. (b) Use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement. (c) Report to Covered Entity any use or disclosure of PHI or EPHI not permitted by this Agreement of which it becomes aware or should have known, including any Security Incidents in which there is a successful unauthorized access, use, disclosure, modification, or destruction of unsecured EPHI. Business Associate will make the report to the Covered Entity’s Privacy Official and Security Officer or to an authorized person in the Covered Entity’s legal department as soon as reasonably practicable. This report will include at least the following information: (a) the nature of the non-permitted or violating use or disclosure; and (b) the PHI and EPHI used or disclosed. (d) Notice is hereby deemed provided by Business Associates to Covered Entity for all unsuccessful attempts of an unauthorized access, disclosure, use, modification or destruction of EPHI. No further notice shall be required by Business Associates for any such unsuccessful attempts. (e) Develop, implement, maintain, and use appropriate safeguards to prevent any use or disclosure of the PHI or EPHI other than as provided by this Agreement, and to implement administrative, physical, and technical safeguards as required by sections 164.308, 164.310, 164.312 and 164.316 of title 45, Code of Federal Regulations and HITECH to protect the confidentiality, integrity, and availability of EPHI or PHI that Business Associate creates, receives, maintains, or transmits, in the same manner that such sections apply to the Covered Entity. See HITECH § 13401. (f) Comply with any additional requirements of Title XIII of HITECH that relate to privacy and security and that are made applicable with respect to covered entities. See HITECH § 13401. (g) Adopt the technology and methodology standards required in any guidance issued by the Secretary pursuant to HITECH §§ 13401-13402. (h) Mitigate any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement and notify Covered Entity of any breach of Unsecured PHI, as required under HITECH § 13402. (i) In the case of a breach of Unsecured PHI, following the discovery of a breach of such information, notify Covered Entity of ...
AutoNDA by SimpleDocs
Obligations and Activities of Business Associates 

Related to Obligations and Activities of Business Associates

  • Obligations and Activities of Business Associate Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.

  • Permitted Uses and Disclosure by Business Associate (1) General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!