Common use of Applicability of Business Associate Agreement to Subcontractors and Agents Clause in Contracts

Applicability of Business Associate Agreement to Subcontractors and Agents. Business Associate must ensure that any agent, including a subcontractor, that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information, by entering into a contract or other arrangement that complies with HIPAA. An agent or subcontractor of a Business Associate is not permitted to use or disclose PHI in a manner that would not be permissible if done by the Business Associate. Business Associate will ensure that its subcontractors and agents to which Business Associate is permitted by this Business Associate Agreement or in writing by the City to disclose PHI agree to implement reasonable and appropriate safeguards to protect PHI. Business Associate will obtain reasonable assurances from any subcontractors and agents to which Business Associate discloses PHI that the subcontractor or agent will hold PHI in confidence and make further uses or disclosures of PHI only for the purpose for which Business Associate disclosed PHI to the subcontractor or agent or as Required By Xxx. Business Associate will obtain reasonable assurances that any subcontractor or agent to which Business Associate discloses PHI will notify the Business Associate within 5 calendar days (who will, in turn, notify the City within 5 calendar days, as described below) of any instance in which the subcontractor or agent becomes aware of a Breach of unsecured PHI; possible Breach of unsecured PHI; any security incident of which it becomes aware, including: any attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI; or any attempted or successful interference with agent or subcontractor’s system operations of which agent/subcontractor becomes aware. Agent/subcontractor is not required to report the following types of unsuccessful security incidents: pings and other broadcast attacks on agent/subcontractor’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, or disclosure of PHI. If a delay is requested by a law enforcement official in accordance with 45 CFR 164.412, agent/subcontractor may delay notification to Business Associate for the time period specified in HIPAA. Agent or subcontractor’s report will include the information described in 45 CFR 164.404(c) and such other information as the Business Associate or the City may reasonably request.

Applicability of Business Associate Agreement to Subcontractors and Agents. Business Associate must ensure that any agent, including a subcontractor, that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information, by entering into a contract or other arrangement that complies with HIPAA. An agent or subcontractor of a Business Associate is not permitted to use or disclose PHI in a manner that would not be permissible if done by the Business Associate. Business Associate will ensure that its subcontractors and agents to which Business Associate is permitted by this Business Associate Agreement or in writing by the City to disclose PHI agree to implement reasonable and appropriate safeguards to protect PHI. Business Associate will obtain reasonable assurances from any subcontractors and agents to which Business Associate discloses PHI that the subcontractor or agent will hold PHI in confidence and make further uses or disclosures of PHI only for the purpose for which Business Associate disclosed PHI to the subcontractor or agent or as Required By XxxLaw. Business Associate will obtain reasonable assurances that any subcontractor or agent to which Business Associate discloses PHI will notify the Business Associate within 5 calendar days (who will, in turn, notify the City within 5 calendar days, as described below) of any instance in which the subcontractor or agent becomes aware of a Breach of unsecured PHI; possible Breach of unsecured PHI; any security incident of which it becomes aware, including: any attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI; or any attempted or successful interference with agent or subcontractor’s system operations of which agent/subcontractor becomes aware. Agent/subcontractor is not required to report the following types of unsuccessful security incidents: pings and other broadcast attacks on agent/subcontractor’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, or disclosure of PHI. If a delay is requested by a law enforcement official in accordance with 45 CFR 164.412, agent/subcontractor may delay notification to Business Associate for the time period specified in HIPAA. Agent or subcontractor’s report will include the information described in 45 CFR 164.404(c) and such other information as the Business Associate or the City may reasonably request.

Applicability of Business Associate Agreement to Subcontractors and Agents. Business Associate must ensure that any agent, including a subcontractor, that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees to the same restrictions, conditions, and requirements that apply through this Agreement to Business Associate with respect to such information, by entering into a contract or other arrangement that complies with HIPAA. An agent or subcontractor of a Business Associate is not permitted to use or disclose PHI in a manner that would not be permissible if done by the Business Associate. Business Associate will ensure that its subcontractors and agents to which Business Associate is permitted by this Business Associate Agreement or in writing by the City to disclose PHI agree to implement reasonable and appropriate safeguards to protect PHI. Business Associate will obtain reasonable assurances from any subcontractors and agents to which Business Associate discloses PHI that the subcontractor or agent will hold PHI in confidence and make further uses use or disclosures of disclose PHI only for the purpose for which Business Associate disclosed PHI to the subcontractor or agent or as Required By Xxxrequired by law. Business Associate will obtain reasonable assurances that any subcontractor or agent to which Business Associate discloses PHI will notify the Business Associate within 5 calendar days (who will, in turn, notify the City within 5 calendar days, as described below) of any instance in which the subcontractor or agent becomes aware of a Breach of unsecured PHI; possible Breach of unsecured PHI; any security incident of which it becomes aware, including: any attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI; or any attempted or successful interference with agent or subcontractor’s system operations of which agent/subcontractor becomes aware. Agent/subcontractor is not required to report the following types of unsuccessful security incidents: pings and other broadcast attacks on agent/subcontractor’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, or disclosure of PHI. If a delay is requested by a law enforcement official in accordance with 45 CFR 164.412, agent/subcontractor may delay notification to Business Associate for the time period specified in HIPAA. Agent or subcontractor’s report will include the information described in 45 CFR 164.404(c) and such other information as the Business Associate or the City may reasonably request.