Permitted Uses and Disclosures of Protected Health Information. Business Associate shall not Use or Disclose PHI other than as permitted or required by the Underlying Agreement, this BAA, or as permitted or Required by Law. Further, Business Associate shall not Use PHI in any manner that would constitute a violation of the HIPAA Privacy Rule, the HITECH Act, or the Omnibus Final Rule, if so Used by Covered Entity. Except Business Associate may Use or Disclose PHI (1) for the proper management and administration of Business Associate, (2) to carry out the legal responsibilities of Business Associate, or (3) for Data Aggregation purposes for the Health Care Operations of Covered Entity consistent with HIPAA requirements. In order to Disclose PHI for its proper management and administration, such Disclosures are to be Required by Law, or the Business Associate is to obtain reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been Breached.
Appears in 10 contracts
Samples: Participation Agreement, Participation Agreement, Uniform Participant Agreement
