Permitted Uses and Disclosures by Business Associate Clause Samples

Permitted Uses and Disclosures by Business Associate a. BA may only use or disclose PHI for the following purposes: 1) BA may use or disclose PHI as required by law. 2) BA agrees to make uses and disclosures and requests for PHI consistent with CE’s minimum necessary policies and procedures. 3) BA may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by CE, except for the specific uses and disclosures set out below. 4) BA may disclose PHI for the proper management and administration of BA or to carry out the legal responsibilities of BA, provided the disclosures are required by law, or BA obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notified BA of any instances of which it is aware in which the confidentiality of the information has been breached. 5) BA may provide data aggregation services related to the health care operations of CE.

Permitted Uses and Disclosures by Business Associate. A. Business associate may only use or disclose protected health information as follows: 1. Necessary to perform the services set forth in Service Agreement. 2. Business associate may use or disclose protected health information as required by law. 3. Business Associate shall not request, use or disclose more than the minimum amount of PHI necessary to accomplish the purpose of the Use, Disclosure, or request, consistent with Covered Entity’s minimum necessary policies and procedures. 4. Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth below. 5. Business associate may use protected health information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. 6. Business associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 7. Business associate may provide data aggregation services relating to the health care operations of the Covered Entity only with the written consent of the Covered Entity. B. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions Covered entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information. Covered entity shall notify Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect Business Associate’s use or disclosure of protected health information. Covered entity shall notify Business Associate of any restriction on the use or disclosure of protec...

Permitted Uses and Disclosures by Business Associate. Business Associate may only use or disclose PHI to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in: Contract # , dated , (known as “the Contract”) between the parties, provided that such use or disclosure does not violate the policies and procedures of all HIPAA rules.

Permitted Uses and Disclosures by Business Associate. (A) Except as otherwise limited by this BAA, Business Associate may use or disclose PHI to perform functions, activities or services for or on behalf of Covered Entity as contemplated in the Services BAA, provided that such use or disclosure does not violate the Privacy Rule or the HITECH Act if done by Covered Entity. (B) Except as otherwise limited by this BAA, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the present and/or future legal responsibilities of Business Associate. (C) Except as otherwise limited by this BAA, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that disclosures are Required by ▇▇▇, or Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that it will remain confidential and be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any breaches in the confidentiality of the PHI. (D) Business Associate may use PHI to report violations of law or other conduct to appropriate federal and state authorities or other designated officials, consistent with 45 C.F.R. § 164.502(j)(1). (E) Business Associate may use PHI to aggregate data as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B). (F) Business Associate may use PHI to create de-identified information in accordance with 45 CFR § 164.514.

Permitted Uses and Disclosures by Business Associate. 1. Business Associate may only use or disclose protected health information as necessary to perform the services as outlined in the underlying agreement. 2. Business Associate is not authorized to use protected health information to de-identify the information in accordance with 45 CFR 164.514(a)-(c). 3. Business Associate may use or disclose protected health information as required by law. 4. Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific used and disclosures set forth below: a) Business Associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. b) Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.

Permitted Uses and Disclosures by Business Associate a. Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreement or this Addendum, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business Associate may disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the disclosure. b. Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. c. Business Associate may disclose Protected Health Information in its possession to third parties for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that: 1. the disclosures are required by law; or 2. Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached. d. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, access, use, and request only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIP...

Permitted Uses and Disclosures by Business Associate. 3.1. Except as otherwise limited in this Agreement, Outcomes may use or disclose Protected Health Information on behalf of, or to provide services to, Customer provided that such use or disclosure of Protected Health Information is: (A) in furtherance of the purposes set forth in the Underlying Services Agreement, including, but not limited to, the Installation and/ or Support of Outcomes' software, and associated licensed software; and (B) if such use or disclosure of Protected Health Information would not violate the Privacy Rule if done by Customer. 3.2. Except as otherwise limited in this Agreement, Outcomes may disclose Protected Health Information for the proper management and administration of Outcomes, provided that any such disclosures are either: (A) required by law; or (B) made after Outcomes obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies Outcomes of any instances of which it is aware in which the confidentiality of the information has been breached. 3.3. Outcomes may provide data aggregation services relating to the health care operations of the Customer pursuant to 45 CFR § 164.504(e)(2)(i)(B). 3.4. Business Associate may use PHI to create de-identified information (“De-Identified Information”) in accordance with the applicable provisions of 45 C.F.R. § 164.514, and may use and disclose such De-Identified Information: (1) for the purposes described in the Underlying Services Agreement between Covered Entity and Business Associate; and (2) to fulfill any legal responsibilities of Covered Entity and/or Business Associate. Business Associate may also use and disclose such De-Identified Information for any purpose and in any manner consistent with applicable law; provided, however, that: (1) Business Associate will not re-identify De-Identified Information and (2) Business Associate will take reasonable steps to ensure that its workforce and any Subcontractors or third parties that receive De-Identified Information do not re-identify De-Identified Information.

Permitted Uses and Disclosures by Business Associate a. Business Associate may only Use or Disclose Protected Health Information as necessary to perform the Agreement(s). b. Business Associate may Use or Disclose Protected Health Information as required by law. c. Business Associate agrees to make Uses and Disclosures and requests for Protected Health Information consistent with Covered Entity’s Minimum Necessary policies and procedures. d. Business Associate may not Use or Disclose Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.

Permitted Uses and Disclosures by Business Associate. Business Associate may only use and disclose PHI as necessary to perform Services set forth in any agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity, except for the specific uses and disclosures set forth in Subsections (1) through (4) below: