Responsibilities of the Business Associate. With regard to its use and/or disclosure of PHI, the Business Associate hereby agrees to do the following:
Responsibilities of the Business Associate. With regard to its use and/or disclosure of Protected Health Information, the Business Associate hereby agrees to abide by all applicable state and federal laws regarding the privacy and security of individually identifiable health information, including without limitation Protected Health Information, and to do the following:
Responsibilities of the Business Associate. With regard to its use and/or disclosure of PHI, the Business Associate hereby agrees to do the following: use and/or disclose the PHI only as permitted or required by this Agreement or as otherwise required by law. report to the designated Privacy Officer and/or Security Officer of the Covered Entity, in writing, any use and/or disclosure of the PHI that is not permitted or required by this Agreement of which Business Associate becomes aware within 30 days of the Business Associate’s discovery of such unauthorized use and/or disclosure. use commercially reasonable efforts to maintain the security of the PHI and to prevent unauthorized use and/or disclosure of such Protected Health Information. require all of its subcontractors and agents that receive or use, or have access to, PHI under this Agreement to agree, in writing, to adhere to the same restrictions and conditions on the use and/or disclosure of PHI that apply to the Business Associate pursuant to section 2 of this Agreement. make available all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to the Secretary of HHS for purposes of determining the Covered Entity’s compliance with the Privacy and/or Security Regulation, subject to attorney-client and other applicable legal privileges. upon prior written request, make available during normal business hours at Business Associate’s offices all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to the Covered Entity within 30 days for purposes of enabling the Covered Entity to determine the Business Associate’s compliance with the terms of this Agreement. within 30 days of receiving a written request from the Covered Entity, provide to the Covered Entity such information as is requested by the Covered Entity to permit the Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual's Protected Health Information in accordance with 45 C.F.R. § 164.528. subject to Section 3.4 below, return to the Covered Entity or destroy, within 30 days of the termination of this Agreement, the Protected Health Information in its possession and retain no copies. This includes, but is not limited to; all media, media backups, and any other files (i.e. sound or .wav files) and/or paper which contains PHI.
Responsibilities of the Business Associate. Regarding the use or disclosure of PHI and PII, the Business Associate agrees to:Business Associate Addendum between Orange County and Dean, Ringers, Morgan & Lawton,P.A.Regarding HIPAA and FIPAAttachment APage 6 of 16
Responsibilities of the Business Associate. To the extent applicable and with the understanding by the County that Business Associate will not respond to requests from, or provide PHI directly to, any individuals whose PHI is governed by this Agreement, the Business Associate agrees to the following:
Responsibilities of the Business Associate. With regard to its use and/or disclosure of PHI, the Business Associate hereby agrees to do the following: Not use or disclose PHI other than as permitted or required by the Underlying Arrangement or as required by law, subject to Section 3(c) below. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to secure and protect electronic PHI to prevent use or disclosure of PHI other than as provided for by the Agreement, and to protect the integrity and availability of PHI. Report, in writing, to the UC privacy officer within five (5) business days any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI, and any security incident of which it becomes aware, and cooperate with UC in any mitigation or breach reporting efforts. The UC will determine whether the Business Associate or the UC will be responsible to send breach notification to affected individuals. If the UC provides the breach notification, the Business Associate will reimburse the UC for all related expenses which can include but are not limited to the investigation and notification. This can include but is not limited to: outside legal counsel, forensic fees, vendor fees for notification purposes, credit monitoring for affected individuals. All outside counsel and vendors utilized for investigation and breach notification will be chosen by the UC. The notice will provide as much information as Business Associate has gathered as of that time. A subsequent notice, which Business Associate will provide no later than fifteen (15) days after the first discovery of the use or disclosure, will include the identification of each individual whose PHI has been or is reasonably believed by Business Associate to have been affected by or during such use or disclosure and the type of PHI disclosed for each individual affected. Business Associate will make no public disclosure including to the media of such use or disclosure without the approval of UC. Business Associate will make no public disclosure of such use or disclosure without the approval of UC. In accordance with 45 CFR §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information. Ensure that a...