Common use of Permitted Disclosures Clause in Contracts

Permitted Disclosures. BA shall disclose Protected Information only for the purpose of performing BA’s obligations under the Contract and as permitted or required under the Contract and Addendum, or as required by law. BA shall not disclose Protected Information in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by CE. However, BA may disclose Protected Information as necessary (i) for the proper management and administration of BA; (ii) to carry out the legal responsibilities of BA; (iii) as required by law; or (iv), for Data Aggregation purposes relating to the Health Care Operations of CE. If BA discloses Protected Information to a third party, BA must obtain, prior to making any such disclosure, (i) reasonable written assurances from such third party that such Protected Information will be held confidential as provided pursuant to this Addendum and used or disclosed only as required by law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify BA of any breaches, suspected breaches, security incidents, or unauthorized uses or disclosures of the Protected Information in accordance with the Notification of Possible Breach requirements set forth in this Addendum (subparagraph 3.12), to the extent it has obtained knowledge of such occurrences [42 U.S.C. Section 17932; 45 C.F.R. Section 164.504(e)].

Permitted Disclosures. BA shall disclose Protected Information only for the purpose of performing BA’s obligations under for, or on behalf of, the Contract City and as permitted or required under the Contract Agreement and AddendumBAA, or as required by law. BA shall not disclose Protected Information in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by CE. However, BA may disclose Protected Information as necessary (i) for the proper management and administration of BA; (ii) to carry out the legal responsibilities of BA; (iii) as required by law; or (iv), ) for Data Aggregation purposes relating to the Health Care Operations of CE. If BA discloses Protected Information to a third party, BA must obtain, prior to making any such disclosure, (i) reasonable written assurances from such third party that such Protected Information will be held confidential as provided pursuant to this Addendum BAA and used or disclosed only as required by law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify BA of any breaches, suspected breaches, security incidents, or unauthorized uses or disclosures of the Protected Information in accordance with the Notification paragraph 2 (n) of Possible Breach requirements set forth in this Addendum (subparagraph 3.12)BAA, to the extent it has obtained knowledge of such occurrences [42 U.S.C. Section 17932; 45 C.F.R. Section 164.504(e)]. BA may disclose PHI to a BA that is a subcontractor and may allow the subcontractor to create, receive, maintain, or transmit Protected Information on its behalf, if the BA obtains satisfactory assurances, in accordance with 45 C.F.R. Section 164.504(e)(1), that the subcontractor will appropriately safeguard the information [45 C.F.R. Section 164.502(e)(1)(ii)].

Permitted Disclosures. BA shall not disclose Protected Information only except for the purpose of performing BA’s obligations under the Contract and as permitted or required under the Contract and Addendumthis Exhibit “M”. Further, or as required by law. and notwithstanding anything to the contrary above, BA shall not disclose Protected Information in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by CE. However, BA may disclose Protected Information as necessary (i) for the proper management and administration of BA; (ii) to carry out the legal responsibilities of BA; (iii) as required by law; or (iv), ) for Data Aggregation purposes relating to for the Health Care Operations of CE. If BA discloses Protected Information to a third party, BA must obtain, prior to making any such disclosure, (i) reasonable written assurances from such third party that such Protected Information will be held confidential as provided pursuant to this Addendum Exhibit “M” and used or only disclosed only as required by law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify BA of any breaches, suspected breaches, security incidents, or unauthorized uses or disclosures breaches of confidentiality of the Protected Information in accordance with the Notification of Possible Breach requirements set forth in this Addendum (subparagraph 3.12)Information, to the extent it has obtained knowledge of such occurrences breach [42 U.S.C. Section 17932; 45 C.F.R. Section 164.504(eSections 164.504(e)(2)(i), 164.504(e)(2)(i)(B), 164.504(e)(2)(ii)(A) and 164.504(e)(4)(ii)].

Permitted Disclosures. BA shall disclose Protected Information only for the purpose of performing BA’s obligations under for or on behalf of the Contract City and as permitted or required under the Contract [MOU] and AddendumAgreement, or as required by law. BA shall not disclose Protected Information in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by CE. However, BA may disclose Protected Information as necessary (i) for the proper management and administration of BA; (ii) to carry out the legal responsibilities of BA; (iii) as required by law; or (iv), ) for Data Aggregation purposes relating to the Health Care Operations of CE. If BA discloses Protected Information to a third party, BA must obtain, prior to making any such disclosure, (i) reasonable written assurances from such third party that such Protected Information will be held confidential as provided pursuant to this Addendum Agreement and used or disclosed only as required by law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify BA of any breaches, suspected breaches, security incidents, or unauthorized uses or disclosures of the Protected Information in accordance with paragraph 2. k. of the Notification of Possible Breach requirements set forth in this Addendum (subparagraph 3.12)Agreement, to the extent it has obtained knowledge of such occurrences [42 U.S.C. Section 17932; 45 C.F.R. Section 164.504(e)]. BA may disclose PHI to a BA that is a subcontractor and may allow the subcontractor to create, receive, maintain, or transmit Protected Information on its behalf, if the BA obtains satisfactory assurances, in accordance with 45 C.F.R. Section 164.504(e)(1), that the subcontractor will appropriately safeguard the information [45 C.F.R. Section 164.502(e)(1)(ii)].

Permitted Disclosures. BA shall disclose Protected Information only for the purpose of performing BA’s obligations under the Contract and as permitted or required under the Contract and Addendum, or as required by law. BA shall not disclose Protected Information in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by CE. However, BA may disclose Protected Information as necessary (i) for the proper management and administration of BA; (ii) to carry out the legal responsibilities of BA; (iiiii) as required by law; or (iv), ) for Data Aggregation purposes relating to the Health Care Operations of CE. If BA discloses Protected Information to a third party, BA must obtain, prior to making any such disclosure, (i) reasonable written assurances from such third party that such Protected Information will be held confidential as provided pursuant to this Addendum and used or disclosed only as required by law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify BA of any breaches, suspected breaches, security incidents, or unauthorized uses or disclosures of the Protected Information in accordance with paragraph 2. m. of the Notification of Possible Breach requirements set forth in this Addendum (subparagraph 3.12)Addendum, to the extent it has obtained knowledge of such occurrences [42 U.S.C. Section 17932; 45 C.F.R. Section 164.504(e)].