Parts 160 and 164. In cases where PHI may occasionally need to be disclosed from VA to the Academic Institution, this will only be done with the applicable authority under the Privacy Rule as well as other VA privacy statutes. Shared HPTs or shared faculty members may need to submit PHI directly to the Academic Institution. Both the VA medical center and the Academic Institution agree to: • Utilize de-identified data (whether in electronic or paper format) wherever possible in this relationship, • Protect individually identifiable health information by securely managing the confidentiality, integrity, and availability of PHI, • Implement appropriate administrative, physical, and technical safeguards and controls to protect PHI and document applicable policies and procedures to prevent any Use or Disclosure of PHI other than as allowed under the authority of all applicable VA privacy statutes such as the Privacy Act, 38 U.S.C. § 7332, 38 U.S.C. § 5705, 38 U.S.C. § 5701 and all HIPAA regulations, • Not use or further disclose PHI other than as permitted or required by this agreement or as required by law, • Report to the other party (and to its own HIPAA Privacy Officer) all security incidents involving PHI within 24 hours of discovery. The reports shall be sent by e-mail to the appropriate representative, as identified by each party. With respect to any such possible incidents, each party shall comply with all applicable reporting, individual notification, and mitigation requirements under VA policy.
Parts 160 and 164. The parties agree to comply with the requirements of these laws and will not use, disclose or exchange individually identifiable protected health information without a properly executed authorization signed by the client, which will be a requirement for the client’s participation in the BAMDC.
Parts 160 and 164. 3. The LTCAs may use and disclose Protected Health Information (PHI) only as required to satisfy its obligations herein, as permitted herein, or required by law, but shall not otherwise use or disclose any PHI. The LTCAs shall not, and shall ensure that its directors, officers, employees, contractors and agents do not use or disclose PHI received from ADvantage Provider in any manner that would constitute a violation of the HIPAA Privacy Standards if so used or disclosed by ADvantage Provider, except that the LTCAs may use PHI:
Parts 160 and 164. The Contractor further represents and agrees that, in the performance of the services under this Contract, it will comply with all legal obligations as a holder of personal information under the California Information Practices Act (Civil Code Section 1798 et seq.). The Contractor represents that it currently has in place policies and procedures that will adequately safeguard any confidential personal data obtained or created in the course of fulfilling its obligations under this Contract in accordance with applicable state and federal laws. The Contractor is required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. § 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties.