Responsibilities of Business Associate Sample Clauses

Responsibilities of Business Associate. Business Associate agrees:

Responsibilities of Business Associate. With regard to its use and/or disclosure of PHI, Business Associate shall: (a) use and/or disclose the PHI only as permitted or required by this Agreement or as otherwise required by law; (b) report to the privacy officer of Covered Entity, in writing, any use and/or disclosure of the PHI that is not permitted or required by this Agreement of which Business Associate becomes aware, within fifteen (15) business days of Business Associate's determination of the occurrence of such unauthorized use and/or disclosure; (c) use commercially reasonable efforts to maintain the security of the PHI and to prevent use and/or disclosure of such PHI other than as provided herein; (d) require all of its subcontractors and agents that receive, use, or have access to, PHI to agree to adhere to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate pursuant to this Agreement; (e) upon fifteen (15) business days' prior written request, make available all internal practices, records, books, agreements, policies and procedures and PHI relating to the use and/or disclosure of PHI to the Secretary for purposes of determining Covered Entity's compliance with the Privacy Rule; (f) document disclosures of PHI and information related to such disclosure and, within fifteen (15) business days of receiving a written request from Covered Entity, provide to Covered Entity such information as is requested by Covered Entity to permit Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual's PHI in accordance with 45 C.F.R. § 164.528; (g) subject to Section 4.4 below, return to Covered Entity within twenty-one (21) business days of the termination of this Agreement, the PHI in its possession and retain no copies, including backup copies; (h) disclose to its subcontractors, agents or other third parties, and request from Covered Entity, only the minimum PHI necessary to perform or fulfill a specific function required or permitted hereunder; and (i) if all or any portion of the PHI is maintained in a Designated Record Set: (i) upon fifteen (15) business days' prior written request from Covered Entity, provide access to the PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, the individual to whom such PHI relates or his or her authorized representative to meet a request by such individual under 45 C.F.R. § 164.524; and (ii) upon fifteen (15) business days' ...

Responsibilities of Business Associate. With regard to its use and/or disclosure of PHI, Business Associate agrees to: 2.1 use and/or disclose PHI only as necessary to provide the Services, as permitted or required by this BAA, and in compliance with each applicable requirement of 45 C.F.R. § 164.504(e) or as otherwise required by law; 2.2 implement and use appropriate administrative, physical and technical safeguards to (i) prevent use or disclosure of PHI other than as permitted or required by this BAA; (ii) reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that Business Associate creates, receives, maintains, or transmits on behalf of the Covered Entity; and (iii) comply with the Security Rule requirements set forth in 45 C.F.R. §§ 164.308, 164.310, 164.312, 164.316 and applicable Federal Information Processing Standards (FIPS) Publication 199 protection levels; 2.3 as required by the State of California, notify Covered Entity (a) immediately by telephone plus e- mail to Covered Entity’s Compliance and Privacy Officer at (000) 000-0000 and XXXXXXxxx@Xxxxxxxxxxxx.xxx, of any suspected breach or security incident involving PHI and/or other confidential information, including, but not limited to those involving SSA data, reasonably believed to have resulted in the unauthorized intrusion, access, acquisition, use, disclosure, or potential loss of such PHI or other confidential information, in violation of this BAA, and (b) within twenty-four (24) hours by e- mail or fax of any other suspected Breach or Security Incident of which it becomes aware; 2.4 with respect to any use or disclosure of Unsecured PHI not permitted by the Privacy Rule, or any other Breach or Security Incident, Business Associate shall, without unreasonable delay, and in any event within twenty-four (24) hours after Discovery, provide Covered Entity with written notification thereof and information regarding the data elements involved, extent of the data involved, and identification of unauthorized persons reasonably believed to have improperly used or disclosed confidential data. Covered Entity has the responsibility for determining whether any such incident is a reportable breach under HIPAA. In the event of a Breach, Business Associate’s notification should include a list of Individuals impacted. Notice shall be made using the current DHCS “Privacy Incident Reporting Form” (“PIR Form”); and shall include all information known at the time the incident is reported. The form is av...

Responsibilities of Business Associate. A. Business Associate shall provide relevant training on HIPAA and the requirements of this agreement to all persons accessing PHI or ePHI. The training materials and records shall be provided to the covered entity upon request. B. Business Associate shall implement and use appropriate Technical, Physical and Administrative Safeguards to reasonably and appropriately protect the Confidentiality, Integrity and Availability of PHI and to prevent Use or Disclosure of PHI, other than as permitted by this BAA. C. Business Associate shall, within the earlier of the Compliance Date or 90-days from the Effective Date, comply with all applicable provisions of the Security Rule. The Business Associate shall conduct a risk assessment to evaluate compliance with the Security Rule and shall, at the request of the Covered Entity, provide a written attestation acknowledging completion and communicating the results of the risk assessment. D. Business Associate shall Encrypt all transmissions of ePHI and all portable media or storage devices on which ePHI may be stored, including laptops, back-up media, CDs, or USB drives. E. Within 30-days after receiving a written request from Covered Entity, make available information necessary for Covered Entity to make an accounting of disclosures of PHI about an Individual, as provided in 45 C.F.R. § 164.528; and in accordance with 42 U.S.C. § 17935(c) and its implementing regulations as of the Compliance Date, make that accounting directly to the Individual if directed to do so by Covered Entity. F. At the request of Covered Entity and in the time, manner, and form designated by Covered Entity, not to exceed 15-days, provide access to PHI in a Designated Record Set to Covered Entity or, if directed by Covered Entity, to an Individual or to a recipient designated by the Individual, in accordance with the requirements of 45 C.F.R. § 164.524. Business Associate shall not charge Covered Entity or any Individual any fee associated with the production of PHI in accordance with this section that exceeds fees described at 45 C.F.R. § 164.524. G. Make available PHI in a Designated Record Set, no more than 30-days following receipt of a written request by Covered Entity, PHI for amendment and incorporate any amendments to the PHI as directed by Covered Entity, all in accordance with 45 C.F.R. § 164.526. H. Business Associate shall notify Covered Entity, in writing, no more than 3-days following Business Associate’s receipt directly from an Ind...

Responsibilities of Business Associate. With regard to the use and/or disclosure of Protected Health Information, Business Associate agrees: 4.1 not to use and/or disclose Protected Health Information other than as permitted or required by the Business Relationship or this BA Agreement or as Required by Law; 4.2 to use appropriate safeguards to prevent the use and/or disclosure of Protected Health Information other than as provided for by the Business Relationship or this BA Agreement; 4.3 to protect any Protected Health Information taken off-site from COUNTY from disclosure to others, and to return all Protected Health Information in any form to COUNTY or destroy such Protected Health Information in a manner that renders it unreadable and unusable by anyone else, if COUNTY agrees to the destruction; 4.4 to comply with the Security Rule provisions set forth in 45 CFR Part 164, Subpart C, including provisions relating to Security Standards General Rules (45 CFR § 164.306), Administrative Safeguards (45 CFR § 164.308), Physical Safeguards (45 CFR § 164.310), Technical Safeguards (45 CFR § 164.312), Organizational Requirements (45 CFR § 164.314) and Policies and Documentation (45 CFR § 164.316), and to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information Business Associate creates, receives, maintains, or transmits on behalf of COUNTY. 4.5 to report to COUNTY any Security Incident of which it becomes aware within 2 business days, and to report any potential Breach of Unsecured Protected Health Information within 2 business days of discovery. Any such report shall include the identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been accessed, acquired, used or disclosed during any such Security Incident or potential Breach. Any such report shall also include all other information known to Business Associate at the time of the report (such as the type of Protected Health Information involved in the event, the nature of the information, etc.) or promptly thereafter as such other information becomes available; 4.6 to notify COUNTY in writing within 2 business days of any use and/or disclosure of Protected Health Information that is not provided for by the Business Relationship or this BA Agreement; 4.7 to mitigate, to the extent practicable, any harmful effect that is ...

Responsibilities of Business Associate. Business Associate agrees: a. to use appropriate safeguards, and to comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement. b. to report to Covered Entity promptly, but in no case longer than fifteen (15) business days, any use or disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware, including a Breach of Unsecured PHI as required by 45 C.F.R. § 164.410, and any successful Security Incident of which it becomes aware. The Parties acknowledge and agree that this section 4.b. constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required. “Unsuccessful Security Incidents” means, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, or disclosure of PHI. The contact information for the Business Associate and Covered Entity employees to whom reports of unauthorized use or disclosure of PHI, Breaches of Unsecured PHI and successful Security Incidents under this Section shall be made as provided below (as such information may be updated from time to time between the parties). Notification shall be made using the methods as provided in the relevant Underlying Agreement. Business Associate: Xxxxx Xxxxxxxx, Chief Legal & Compliance Officer DeliverHealth Solutions, LLC 0000 Xxxxxxx Xx., Xxxxx 000 Xxxxxxx, XX 00000 Email: xxxxxxxxxx@xxxxxxxxxxxxx.xxx Covered Entity: [Employee Name and Title] [Company Name] [Street Address] [City, State, Zip] [Phone] [Email]

Responsibilities of Business Associate. Regarding the use or disclosure of PHI and PI, Business Associate agrees to: 4.2.1 Only use or further disclose the PHI and PI as allowable under this Agreement or applicable law. 4.2.2 Only use or further disclosure PHI and PI in a manner that would not violate the HIPAA Privacy and Security Rules if done so by the Covered Entity. 4.2.3 Establish and implement appropriate procedures, physical, and technical safeguards to prevent improper access, uses, transmissions, or disclosures of PHI and PI for mitigating to the greatest extents possible under the circumstances any deleterious effects from any improper access, use, or disclosure of PHI and PI that Business Associate reports to Covered Entity. Safeguards shall include, but are not limited to, the implementation and use of electronic security measures to safeguard electronic data, requiring employees to agree to access, use, or disclose PHI and PI only as permitted or required by this Agreement and taking related disciplinary action for inappropriate access, use or disclosure as necessary. 4.2.4 Report to Covered Entity’s Privacy Officer, in writing, any suspected or confirmed access, use or disclosure of PHI or PI, regardless of form, not permitted or required by this Agreement of which Business Associate becomes aware within two (2) days of Business Associate’s discovery of such unauthorized use or disclosure. 4.2.5 Ensure that Business Associate’s subcontractors or agents to whom Business Associate provides PHI or PI, received from, created, or received by the Business Associate on behalf of the Covered Entity, agree to the same restrictions and conditions that apply to the Business Associate with respect to PHI and PI, and ensure that its subcontractors or agents agree to establish and implement reasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of all PHI and PI that it creates receives, maintains, or transmits on behalf of Covered Entity. 4.2.6 The Business Associate must make its records, books, accounts, agreements, policies, and procedures available to the Secretary of HHS for determining the Covered Entity’s compliance with the HIPAA Privacy and Security Rules. 4.2.7 Use or disclose to its subcontractors, agents, other third parties, and Covered Entity, only the minimum PHI and PI necessary to perform or fulfill a specific function required or permitted hereunder. 4.2.8 Provide information to Covered Entity to permit Covered Entity to respond to a...

Responsibilities of Business Associate. With regard to its handling of Protected Health Information, the Business Associate hereby agrees to do the following: 3.1 Possess, for the sole purpose of destroying by shredding, the Protected Health Information only as required by the Service Agreement, this Agreement or as otherwise required by law; 3.2 Immediately report to the Company privacy officer, in writing, any other use and/or disclosure of the Protected Health Information that is not permitted or required by this Agreement of which Business Associate becomes aware upon the Business Associate’s discovery of such unauthorized use and/or disclosure; 3.3 Use appropriate safeguards to maintain the security of the Protected Health Information and to prevent unauthorized use and/or disclosure of such Protected Health Information; 3.4 Require all of its employees, representatives, subcontractors or agents that receive or have access to Protected Health Information under this Agreement to agree in writing to adhere to the same restrictions and conditions on the use and/or disclosure of Protected Health Information that apply herein, including the obligation to return or destroy the Protected Health Information as hereinafter provided. 3.5 Make available, to the Secretary of HHS, all records, books, agreements, policies and procedures relating to the document destruction services provided by Business Associate in the services provided to The Company involving the handling and distraction of Protected Health Information for purposes of determining the Company’s compliance with the Privacy Rules, subject to attorney-client and other applicable legal privileges. 3.6 Make available, during normal business hours, at Business Associate’s offices all records, books, agreements, policies and procedures relating to the use, destruction, and/or disclosure of Protected Health Information that is subject to this Agreement, to the Company within thirty (30) days of The Company's written request, for the purpose of enabling the Company to verify the Business Associate’s compliance with the terms of this Agreement; 3.7 Within thirty (30) days of receiving a written request from The Company, provide to the Company such information as is requested by The Company to permit the Company to respond to any request for accounting for any disclosures of an individual’s Protected Health Information in accordance with 45 C.F.R. §164.526 and §164.528; 3.8 Return to the Company or immediately destroy, as requested by the Company,...

Responsibilities of Business Associate. The Business Associate hereby agrees to do the following: Use and Disclosure: Use and/or disclose PHI only as permitted or required by this Agreement, Health Insurance Portability and Accountability Act (HIPAA), and the Health Information Technology for Economic and Clinical Health Act (HITECH) (Division A, Title XIII of the American Recovery and Reinvestment Act of 2009, Pub. Law 111-5, 2009 HR 1). The Business Associate shall use and disclose PHI only if such use or disclosure, respectively, is in compliance with each applicable requirement of 45 CFR §164.504(e). The Business Associate is directly responsible for full compliance with the privacy provisions of HIPAA and HITECH that apply to the Business Associate to the same extent as the Covered Entity.

Responsibilities of Business Associate a. Business Associate shall not use or disclose any Protected Health Information except as permitted or required by the Agreement or required by law or as otherwise authorized in writing by the Covered Entity, if done by the Covered Entity. Unless otherwise limited herein, Business Associate may use or disclose Protected Health Information for Business Associate’s proper management and administrative services, to carry out legal responsibilities of Business Associated, and to provide data aggregation services relating to health care operations of the Covered Entity if required under the Agreement. b. Business Associate shall not request, use, or disclose more than the minimum amount of Protected Health Information necessary to accomplish the purpose of the use or disclosure. c. Business Associate shall inform the Covered Entity if it or its subcontractors will perform any work outside the U.S. that involves access to, or the disclosure of, Protected Health Information.