Activities of Business Associate. Business Associate agrees to:
Activities of Business Associate. Business Associate agrees to the following: • Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law; • Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement; • Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware; and to mitigate any harmful effect known to the Business Associate of a use or disclosure of Protected Health Information by Business Associate (or its subcontracting entities) in violation of the requirements of this Agreement; if reasonable; • To implement adequate administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality and integrity of any Protected Health Information it receives, maintains or transmits (electronic or otherwise) on behalf of Pacific Clinics; • Notify Pacific Clinics of any breach or potential breach or disclosure of Protected Health Information within 24 hours of becoming aware; including any security incidents, and incidents of all internal and external data breaches; • In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information; • Make available protected health information in a designated record set to the Pacific Clinics as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524, to the extent applicable; • On the request of Pacific Clinics, Business Associate shall provide documentation made in accordance with this Agreement to Pacific Clinics to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528. Business Associate shall respond to such request with seventy-two (72) business hours of receipt of request; • Make any amendment(s) to protected health information in a designated record set as directed or agreed to b...
Activities of Business Associate. Business Associate agrees to comply with applicable federal and state confidentiality and security laws, including the provisions of HIPAA and the HITECH Act applicable to Business Associates, including but not limited to: Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required by Law. Business Associate agrees to limit its use, disclosure and requests for PHI to the minimum necessary PHI to accomplish the intended purpose of such use, disclosure or request. Business Associate agrees to comply with all applicable federal and state laws, including the Privacy Rule and Security Rule, and to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by the Agreement. In particular, Business Associate shall comply with 45 C.F.R. §§164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards) and 164.316 (policies and procedures and documentation requirements). Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate involving a use or disclosure of PHI in violation of the requirements of this BAA (including, without limitation, any Security Incident or Breach of Unsecured PHI). Business Associate agrees to reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this BAA and/or any Security Incident or Breach. Business Associate shall also reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices to the Individual, a regulatory body or any third party required to be made under HIPAA and the HITECH Act, or any other applicable Federal or State laws, rules, or regulations, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity.
Activities of Business Associate. (a) Business Associate agrees to not use or further disclose Protected Health Information (PHI) other than as permitted or required by the Agreement or as Required by Law, or applicable regulations, including by way of example only, the Privacy Rule.
Activities of Business Associate. Business Associate agrees to: (a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;
Activities of Business Associate. Business Associate agrees to: Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law. Use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement. Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware. If a breach should occur and business associate suspects protected health information has become compromised, the business associate shall report exclusively to the covered entity. The covered entity discloses information outside the association, after receiving the advice of the business associate. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. Make available protected health information in a designated record set to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.524. Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR 164.526. Maintain and make available the information required to provide an accounting of disclosures to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.528. To the extent the business associate is to carry out one or more of covered entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s). Make its internal practices, books, and records available to federal and state compliance officers for purposes of determining compliance with the HIPAA Rules.
