Common use of Safeguarding PHI Clause in Contracts

Safeguarding PHI. Business Associate shall comply with the HIPAA Security Rule with respect to EPHI. Business Associate agrees that it will use appropriate safeguards to prevent the use or disclosure of PHI in a manner contrary to the terms and conditions of this Agreement and will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity. Such safeguards shall include, but not be limited to those required by applicable law, including, but not limited to, the Privacy and Security Rule. Business Associate shall ensure that: only those employees and agents of Business Associate that have a business need to know PHI are provided with access to it; access is limited to the minimum amount necessary to accomplish the intended purpose of the access; all employees and agents of Business Associate handling PHI are educated on how to maintain its confidentiality and the requirements of this Agreement; and all PHI is stored and transmitted in a secure environment and in a manner that prevents its inadvertent disclosure.