Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall:
Electronic PHI Security Rule Obligations. With respect to Electronic PHI, Business Associate shall: Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and Continue to provide to Covered Entity information concerning the incident as it becomes available to it.
