2k Obligations and Activities of Business Associate Clause Examples for Any Agreement
POPULAR SAMPLE Copied 1 times
Obligations and Activities of Business Associate. Business Associate agrees to:
1. Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law.
2. Use appropriate safeguards, and comply with Subpart C of 45 CFR, Part 164 with respect to protected electronic health information and to prevent use or disclosure of protected health information other than as provided for by this Agreement.
3. Report to Covered Entity any use or disclosure of protected health information not provided for by this Agreement of which it becomes aware, including breaches of unsecured protected health information as required by 45 CFR 164.410, and any security incident of which it becomes aware. Business Associate agrees to promptly notify Covered Entity following the discovery of a Breach of unsecured PHI. A Breach is considered “discovered” as of the first day on which the Breach is known, or reasonably should have been known, to Business Associate or any employee, officer or agent of Business Associate, other than the individual committing the Breach. Any notice of a Security Incident or Breach of Unsecured PHI shall include the identification of each Individual whose PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such Security Incident or Breach as well as any other relevant information regarding the Security Incident or Breach.
4. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
5. Business Associate agrees to mitigate, to the extent possible, any harmful resulting from use or disclosure of PHI by Business Associate or its agents or subcontractors, in violation of the requirements of this Agreement.
6. Maintain and make available protected health information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524. If an Individual makes a request for access to the protected health information directly to Business Associate, business associate shall notify covered entity within three (3) business days of such request and shall cooperate with the Covered Entity to send the response to the Individual.
7. Make any amendment(s) to protected ...
Obligations and Activities of Business Associate. Business Associate agrees to:
A. Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;
B. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;
C. Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware (see Section IV. IV.below);
D. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information, evidenced by written agreement with subcontractor;
E. Make available protected health information in an Individual’s designated record set to the Individual as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
F. Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
G. Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity, a third party or individual as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
H. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
I. Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
J. Mitigation: to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of the requirements of this Agreement.
K. Tracking and Accounting of Disclosures. So that Covered Entity may meet its accounting obligations under the ...
Obligations and Activities of Business Associate. Business Associate agrees to:
Obligations and Activities of Business Associate. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Contract or another duly executed agreement with Covered Entity, or as Required by Law. Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Contract and in accordance with HIPAA standards. Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic protected health information that it creates, receives, maintains, or transmits on behalf of Covered Entity. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Contract. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Contract, or any security incident of which it becomes aware. Business Associate agrees, in accordance with 45 C.F.R. §§ 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit protected health information on behalf of Business Associate, agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information. Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of Covered Entity, and in the time and manner designated by Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by Covered Entity to an Individual for such records; the amount permitted by state law; or Business Associate’s actual cost of postage, labor and supplies for complying with the request. Business Associate agrees to make any amendments to PHI in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of Covered Entity, and in the time and manner designated by Covered Entity. Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the u...
Obligations and Activities of Business Associate. Business Associate may use PHI for the following functions, activities, or services for or on behalf of Covered Entity provided that such use would not violate this Agreement, the HIPAA regulations the Privacy Rule, or Notice of Privacy Practices if done by Covered Entity. In the event that this Agreement conflicts and any other written agreement made between the parties, relating to the exchange of PHI, this Agreement shall control. Business Associate's access to and use of the PHI is limited to the provision of services by the Business Associate on behalf the Covered Entity set forth in the contract between the Business Associate and the Covered Entity. Business Associate may further disclose PHI to a subcontractor/person for the proper management and administration of Business Associate, provided that such disclosure is Required by Law, or would not violate this Agreement, the Privacy Rule, or Notice of Privacy Practices if done by Covered Entity, and Business Associate executes an additional business associates agreement as Required by Law or for the purpose for which it was disclosed to the person, and the subcontractor/person notifies Business Associate of any instances of which it is aware in which PHI has been disclosed. In the event that this agreement conflicts with any other agreement relating to the access or use of PHI, this agreement shall control. Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law. In the event that this agreement conflicts with any other agreement relating to the access or use of PHI, this agreement shall control. Business Associate agrees to implement and use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate's operations and the nature and scope of its activities. Business Associate agrees to take prompt corrective action to mitigate any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. Business Associate agrees to notify Covered Entity of any use or disclosure of PHI not provided for by this Agreement, or the Privacy Rule, or of any suspected or actual breach of se...
Obligations and Activities of Business Associate a. Business Associate shall implement appropriate safeguards to prevent unauthorized use or disclosure of all PHI in accordance with HIPAA Privacy Rule and Security Rule with regard to electronic PHI, and Part 2, as applicable.
b. The Business Associate shall immediately notify the Covered Entity’s Privacy Officer at the following email address, XXXXXxxxxxxXxxxxxx@xxxx.xx.xxx after the Business Associate has determined that any use or disclosure not provided for by its contract, including any known or suspected privacy or security incident or breach has occurred potentially exposing or compromising the PHI. This includes inadvertent or accidental uses or disclosures or breaches of unsecured protected health information.
c. In the event of a breach, the Business Associate shall comply with the terms of this Business Associate Agreement, all applicable state and federal laws and regulations and any additional requirements of the Agreement.
d. The Business Associate shall perform a risk assessment, based on the information available at the time it becomes aware of any known or suspected privacy or security breach as described above and communicate the risk assessment to the Covered Entity. The risk assessment shall include, but not be limited to:
I. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
II. The unauthorized person who accessed, used, disclosed, or received the protected health information;
III. Whether the protected health information was actually acquired or viewed; and
IV. How the risk of loss of confidentiality to the protected health information has been mitigated.
e. The Business Associate shall complete a risk assessment report at the conclusion of its incident or breach investigation and provide the findings in a written report to the Covered Entity as soon as practicable after the conclusion of the Business Associate’s investigation.
f. Business Associate shall make available all of its internal policies and procedures, books and records relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of Covered Entity to the US Secretary of Health and Human Services for purposes of determining the Business Associate’s and the Covered Entity’s compliance with HIPAA and the Privacy and Security Rule, and Part 2, if applicable.
g. Business Associate shall require all of its business associates that ...
Obligations and Activities of Business Associate. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.
Obligations and Activities of Business Associate. 2.1 Business Associate agrees to:
2.1.1 Not use or disclose protected health information other than as permitted or required by this Attachment or as required by law;
2.1.2 Use appropriate administrative safeguards as set forth at 45 CRF164.308, physical safeguards as set forth at 45 CRF164.310, and technical safeguards as set forth at 45 CFR 164.312; including, policies and procedures regarding the protection of PHI and/or ePHI set forth at 45 CRF 164.316 and the provisions of training on such policies and procedures to applicable employees, independent contractors and volunteers, that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI and/or ePHI that the Network Service Provider creates, receives, maintains or transmits on behalf of the Managing Entity and/or the Department;
2.1.3 Acknowledge that (a) the foregoing safeguards, policies and procedures requirements shall apply to the Business Associate in the same manner that such requirements apply to the Managing Entity and/or the Department, and (b) the Business Associates and their Subcontractors are directly liable under the civil and criminal enforcement provisions set forth at Section 13404 of the HITECH Act and 45 CRF 164.500 and 164.502(E) of the Privacy Rule (42 U.S.C. 1320d-5 and 1320d-6), as amended, for failure to comply with the safeguards, policies and procedures requirements and any guidance issued by the Secretary of Health and Human Services with respect to such requirements;
2.1.4 Report to covered entity any use or disclosure of protected health information not provided for by this Attachment of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;
Obligations and Activities of Business Associate. Business Associate agrees as follows:
(a) not to use or further disclose PHI other than as permitted or required by this Agreement or as Required By Law;
(b) to establish, maintain, and use appropriate safeguards to prevent use or disclosure of the PHI other than as permitted herein;
(c) to report to Covered Entity any use, access or disclosure of the PHI not provided for by this Agreement, or any misuse of the PHI, including but not limited to systems compromises of which it becomes aware and to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result thereof. Business Associate shall be responsible for any and all costs (including the costs of Covered Entity) associated with mitigating or remedying any violation of this Agreement;
(d) to enforce and maintain appropriate policies, procedures, and access control mechanisms to ensure that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. The access and privileges granted to any such agent shall be the minimum necessary to perform the assigned functions;
(e) to provide access, at the request of Covered Entity, and in the time and manner reasonable designated by Covered Entity, to PHI in a Designated Record Set (as defined in the Privacy Rule), to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR §164.524;
(f) to make any amendment(s) to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual, and in the time and manner reasonably requested by Covered Entity.
(g) to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner reasonably requested by Covered Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
(h) to document such disclosures of PHI, and information related to such disclosures, as would be required for Covered Entity to respond to a request by an Individual...
Obligations and Activities of Business Associate. To the extent that Business Associate is provided with or creates any PHI on behalf of Covered Entity and is acting as a business associate of Covered Entity, Business Associate agrees to comply with the provisions of HIPAA applicable to business associates, and in doing so, represents and warrants as follows: