Security Rule Obligations. The following provisions of this section apply to the extent that Business Associate creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity.
Security Rule Obligations. In addition to complying with Covered Entity’s policies and procedures as provided in Section 2.3.14, Business Associate will comply with all aspects of the Security Rule and the HITECH Act, including (i) implementing Safeguards (including written policies and procedures) that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule and the HITECH Act and (ii) developing and implementing all required policies and procedures.
Security Rule Obligations. The following provisions of this section apply to the extent that Business Associate creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity. Business Associate shall implement and use administrative, physical, and technical safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312 with respect to the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall identify in writing upon request from Covered Entity all of the safeguards that it uses to protect such Electronic PHI. Business Associate shall ensure that any Agent and Subcontractor to whom it provides Electronic PHI agrees in a written agreement to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of the Electronic PHI. Business Associate must enter into this written agreement before any use or disclosure of Electronic PHI by such Agent or Subcontractor. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the use or disclosure of Electronic PHI. Business Associate shall provide a copy of the written agreement to Covered Entity upon request. Business Associate may not make any disclosure of Electronic PHI to any Agent or Subcontractor without the prior written consent of Covered Entity. Business Associate shall report in writing to Covered Entity any Security Incident pertaining to such Electronic PHI (whether involving Business Associate or an Agent or Subcontractor). Business Associate shall provide this written report as soon as it becomes aware of any such Security Incident, and in no case later than two (2) business days after it becomes aware of the incident. Business Associate shall provide Covered Entity with the information necessary for Covered Entity to investigate any such Security Incident. Business Associate shall comply with any reasonable policies and procedures Covered Entity implements to obtain compliance under the Security Rule.
Security Rule Obligations. The following provisions of this Section apply to the extent that Onpoint creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity.
Security Rule Obligations. Business Associate acknowledges that 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316 apply to Business Associate in the same manner that such sections apply to covered entities, and are incorporated into this Agreement by reference. The additional requirements of the HITECH Act that relate to security and that apply to covered entities also apply to Business Associate and are incorporated into this Agreement by reference. Business Associate agrees to implement the technical safeguards provided in guidance issued annually by the Secretary of the U.S. Department of Health and Human Services (“HHS”) for carrying out the obligations under the Code of Federal Regulation sections cited in this Section and the security standards in 45 C.F.R. Part 164 Subpart C.
