Common use of Permitted Uses and Disclosures of Protected Health Information Clause in Contracts

Permitted Uses and Disclosures of Protected Health Information. Business Associate shall not Use or Disclose PHI received, accessed, maintained, or created for or on behalf of Covered Entity except to perform the Services required by any Underlying Agreement, or as permitted by this BAA or Required by Law. Business Associate shall not Use or Disclose PHI in any manner that would constitute a violation of the HIPAA Regulations if so Used or Disclosed by Covered Entity. Without limiting the generality of the foregoing, Business Associate is permitted to (i) Use PHI for the proper management and administration of Business Associate; (ii) Use and Disclose PHI to carry out the legal responsibilities of Business Associate, provided that with respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b) Business Associate obtains an agreement from the person to whom the PHI is to be Disclosed that such person will hold the PHI in confidence and will not Use and further Disclose such PHI except as Required by Law and for the purpose(s) for which it was Disclosed by Business Associate to such person, and that such person will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (iii) Use PHI for Data Aggregation purposes in connection with the Health Care Operations of Covered Entity; and (iv) Use PHI for purposes of de-identification of the PHI.

Permitted Uses and Disclosures of Protected Health Information. Business Associate shall not Use or Disclose PHI receivedother than for the purposes of performing the Services, accessed, maintained, as permitted or created for or on behalf of Covered Entity except to perform the Services required by any Underlying Agreementthis BAA, or as permitted by this BAA or Required by Law. Business Associate shall not Use or Disclose PHI in any manner that would constitute a violation of the HIPAA Regulations Subpart E of 45 C.F.R. Part 164 if so Used or Disclosed by Covered Entity. Without limiting the generality of the foregoing, Business Associate is permitted to (i1) Use PHI for the proper management and administration of Business Associate; (ii) Use and Disclose PHI to carry out the legal responsibilities of Business Associate, provided that with respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b) Business Associate obtains an a written agreement from the person to whom the PHI is to be Disclosed that such person will hold the PHI in confidence and will not Use and further Disclose such PHI except as Required by Law and for the purpose(s) for which it was Disclosed by Business Associate to such person, and that such person will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (iii) Use PHI for Data Aggregation purposes in connection with the Health Care Operations of Covered Entity; and (iv) Use PHI for purposes of de-identification of the PHI.

Permitted Uses and Disclosures of Protected Health Information. Business Associate shall not Use or Disclose PHI receivedother than for the for the purposes listed on the signature page hereto for performing the Services, accessed, maintained, as permitted or created for or on behalf of Covered Entity except to perform the Services required by any Underlying Agreementthis BAA, or as permitted by this BAA or Required by Law. Business Associate shall not Use or Disclose PHI in any manner that would constitute a violation of the HIPAA Regulations Subpart E of 45 C.F.R. Part 164 if so Used or Disclosed by Covered Entity. Without limiting the generality of the foregoingHowever, Business Associate is permitted to may Use or Disclose PHI (i) Use PHI for the proper management and administration of Business Associate; (ii) Use and Disclose PHI to carry out the legal responsibilities of Business Associate, provided that with respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b) Business Associate obtains an a written agreement from the person to whom the PHI is to be Disclosed that such person will hold the PHI in confidence and will not Use and further Disclose such PHI except as Required by Law and for the purpose(s) for which it was Disclosed by Business Associate to such person, and that such person will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (iii) Use PHI for Data Aggregation purposes in connection with the Health Care Operations of Covered Entity; and (iv) Use PHI for purposes of de-identification of the PHI.;

Permitted Uses and Disclosures of Protected Health Information. Business Associate shall not Use or Disclose PHI receivedother than for the purposes of performing the Services, accessed, maintained, as permitted or created for or on behalf of Covered Entity except to perform the Services required by any Underlying Agreementthis BAA, or as permitted by this BAA or Required by Law. Business Associate shall not Use or Disclose PHI in any manner that would constitute a violation of the HIPAA Regulations Subpart E of 45 C.F.R. Part 164 if so Used or Disclosed by Covered Entity. Without limiting the generality of the foregoing, Business Associate is permitted to (i1) Use PHI for the proper management and administration of Business Associate; (ii) Use and Disclose PHI to carry out the legal responsibilities of Business Associate, provided that with respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b) Business Associate obtains an a written agreement from the person to whom the PHI is to be Disclosed that such person will hold the PHI in confidence and will not Use and further Disclose such PHI except as Required by Law and for the purpose(s) for which it was Disclosed by Business Associate to such person, and that such person will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (iii) Use PHI for Data Aggregation purposes in connection with the Health Care Operations of Covered Entity; and (iv) Use PHI for purposes of de-identification of the PHI.;