Common use of Audits, Inspection and Enforcement Clause in Contracts

Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, and procedures relating to the use or disclosure of Protected Information pursuant to this BAA for the purpose of determining whether Business Associate has complied with this BAA; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing, and location of such an inspection; (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities, systems, books, records, agreements, policies, and procedures does not relieve Business Associate of its responsibility to comply with the BAA, nor does Covered Entity’s (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory practices; constitute acceptance of such practice or a waiver of Covered Entity’s enforcement rights under the Agreement or BAA. Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human Services.

Audits, Inspection and Enforcement. Within ten (10) 10 days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or disclosure of Protected Information PHI or ePHI pursuant to this BAA Business Associate Addendum for the purpose of determining whether Business Associate has complied with this BAABusiness Associate Addendum; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s 's facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis Business Associate Addendum, nor does Covered Entity’s 's (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s 's remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered Entity’s 's enforcement rights under the Agreement or BAA. this Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human ServicesAddendum.

Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or disclosure of Protected Information pursuant to this BAA for the purpose of determining whether Business Associate has complied with this BAA; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; , (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business AssociateAssociate ’s facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAA, nor does Covered Entity’s (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business AssociateAssociate ’s remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered Entity’s enforcement rights under the Agreement or BAA. , Business Associate shall notify Covered Entity within five ten (510) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human ServicesRights.

Audits, Inspection and Enforcement. Within ten (10) days Upon receipt of a written request by Covered EntityCE, Business Associate and its agents or subcontractors shall allow Covered Entity CE and its authorized agents or contractors to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, procedures, and procedures practices relating to the use or disclosure of Protected Information PHI pursuant to this BAA BA Agreement for the purpose of determining whether Business Associate has complied with this BAABA Agreement; provided, however, that that: (i) Business Associate and Covered Entity CE shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; (ii) Covered Entity CE, and its authorized agents or contractors, shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity CE has access during the course of such inspection; and (iii) Covered Entity CE and its authorized agents or contractors shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. It is understood that the examination by CE and its authorized agents or contractors may include such examination as is necessary for Business Associate and such agents or contractors to certify to CE that extent to which Business Associate’s Administrative, Physical and Technical Safeguards comply with HIPAA, the HIPAA regulations and this BA Agreement. The fact that Covered Entity CE inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities, systems, books, records, agreements, policies, procedures, and procedures practices does not relieve Business Associate of its responsibility to comply with the BAAthis BA Agreement, nor does Covered EntityCE’s (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory policies, procedures and practices; , constitute acceptance of such practice or a waiver of Covered EntityCE’s enforcement rights under the Agreement or BAA. Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human ServicesAgreement.

Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or disclosure Disclosure of Protected Information PHI and the implementation of appropriate security safeguards pursuant to this BAA Agreement for the purpose of determining whether Business Associate has complied with this BAAAgreement; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; , (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s 's facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis Agreement, nor does Covered Entity’s 's (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s 's remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered Entity’s 's enforcement rights under the Agreement or BAA. Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human Servicesthis Agreement.

Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered EntityCE, Business Associate and its agents Agents or subcontractors shall Subcontractors must allow Covered Entity CE to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use Use or disclosure Disclosure of Protected Health Information pursuant to this BAA Agreement for the purpose of determining whether Business Associate has complied with this BAAAgreement; provided, however, that that: (i) Business Associate and Covered Entity CE shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; (ii) Covered Entity CE shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity CE has access during the course of such inspection; and (iii) Covered Entity CE or Associate shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business AssociateAssociate or CE. The fact that Covered Entity CE inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis Agreement, nor does Covered EntityCE’s (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered EntityCE’s enforcement rights under the Agreement or BAAthis Agreement. Business If Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become is the subject of an audit, compliance review, or complaint investigation by DHHS that is related to the Office performance of its obligations pursuant to this Agreement, Associate must notify CE and provide CE with a copy of any Protected Health Information that Associate provides to DHHS concurrently with providing such information to DHHS. Associate is responsible for Civil Rights all civil penalties assessed due to an audit or investigation of the U.S. Department of Health and Human ServicesAssociate by DHHS. Audit Findings. Associate must implement any appropriate Safeguards, as identified by CE in an audit conducted under paragraph 2(o).

Audits, Inspection and Enforcement. Within ten (10) business days of a written request by Covered Entity, Business Associate and its agents or and subcontractors shall allow Covered Entity or its agents or subcontractors to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or disclosure of Protected Information pursuant to this BAA Agreement for the purpose of determining whether Business Associate has complied with this BAAAgreement or maintains adequate security safeguards; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; , (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s 's facilities, systems, systems books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis Agreement, nor does Covered Entity’s 's (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s 's remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered Entity’s 's enforcement rights under the Agreement or BAAthis Agreement. Business Associate shall notify Covered Entity within five (5) business days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human Servicesor other state or federal government entity.

Audits, Inspection and Enforcement. Within ten (10) business days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall will allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or disclosure of Protected Information PHI pursuant to this BAA Agreement for the purpose of determining whether Business Associate has complied with this BAAAgreement; provided, however, that (i) Business Associate and Covered Entity shall will mutually agree in advance upon the scope, timing, timing and location of such an inspection; , (ii) Covered Entity shall will protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall will execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s 's facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis Agreement, nor does Covered Entity’s 's (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s 's remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered Entity’s 's enforcement rights under the Agreement or BAA. Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human Servicesthis Agreement.

Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or disclosure of Protected Information pursuant to this BAA for the purpose of determining whether Business Associate has complied with this BAA; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; , (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business AssociateAssociate . The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business AssociateAssociate ’s facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAA, nor does Covered Entity’s (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business AssociateAssociate ’s remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered Entity’s enforcement rights under the Agreement or BAA. , Business Associate shall notify Covered Entity within five ten (510) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human ServicesRights.

Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered EntitySBHO, Business Associate and its it agents or subcontractors shall allow Covered Entity SBHO to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies, policies and procedures relating to the use or and disclosure of Protected Information pursuant to this BAA Addendum for the purpose of determining whether Business Associate has complied with this BAAAddendum; provided, however, that (i) Business Associate and Covered Entity SBHO shall mutually agree in advance upon the scope, timing, timing and location of such an inspection; , (ii) Covered Entity SBHO shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity SBHO has access during the course of such inspection; , and (iii) Covered Entity SBHO shall execute a nondisclosure agreementagreement , upon terms mutually agreed upon by the parties, if requested by Business the Associate. The fact that Covered Entity SBHO inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities, systems, books, records, agreements, policies, policies and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis Addendum, nor does Covered EntitySBHO’s (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory practices; , constitute acceptance of such practice or a waiver of Covered EntitySBHO’s enforcement rights under the Agreement or BAA. Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of the U.S. Department of Health and Human Servicesthis Agreement.

Audits, Inspection and Enforcement. Within ten (10) 10 days of written notice, upon a written request reasonable determination by the Covered Entity, Entity that Business Associate and its agents or subcontractors shall allow has breached this BAS, the Covered Entity to may conduct a reasonable inspection of the Business Associate's facilities, systems, books, records, agreements, policies, books and procedures relating to records governing the use or disclosure privacy and security of Protected Information pursuant to this BAA for the purpose of determining whether Business Associate has complied with this BAAPHI ; provided, however, that (i) Business Associate and Covered Entity the parties shall mutually agree in advance upon the reasonable scope, timing, and location of such an inspection; (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) upon request of Business Associate, Covered Entity shall agrees to execute a nondisclosure agreementagreement prior to such inspection, upon terms mutually agreed upon by the parties, if requested by . Business AssociateAssociate shall promptly remedy any violation of any term of this BAS and shall certify the same to the Covered Entity in writing. The fact that the Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s 's facilities, systems, books, records, agreements, policies, systems and procedures does not relieve Business Associate of its responsibility to comply with the BAAthis BAS, nor does the Covered Entity’s 's (i) failure to detect any unsatisfactory practices; or (ii) detection, but failure to notify Business Associate or require Business Associate’s 's remediation of any unsatisfactory practices; practices constitute acceptance of such practice or a waiver of the Covered Entity’s 's enforcement rights under the Agreement or BAAthis BAS. Business Associate shall notify Covered Entity within five (5) days of learning that Business Associate has become the subject of an audit, compliance review, or complaint investigation by the Office for Civil Rights of fully cooperate with the U.S. Department of Health and Human Services, as the primary enforcer of the HIPAA, who shall conduct periodic compliance audits to ensure that both Business Associate and the Covered Entity are compliant.