Common use of Effective Dates Clause in Contracts

Effective Dates. The provisions of this Business Associate Agreement applicable to the Privacy Rule, Security Rule, and HITECH Act are effective as of the respective mandated compliance dates or the effective date of the Premium Account Agreement, whichever is later. Obligations of Blue Cross and Blue Shield Under this Business Associate Agreement, Blue Cross and Blue Shield’s responsibilities are: General. Blue Cross and Blue Shield will not use or disclose Protected Health Information other than as permitted or required by the Privacy Rule, the HITECH Act, the applicable Administrative Services Agreement, this Business Associate Agreement, or as required by law. Information Safeguards. Blue Cross and Blue Shield will use commercially reasonable safeguards to prevent the use or disclosure of Protected Health Information other than as provided for by the applicable Administrative Services Agreement and this Business Associate Agreement. Blue Cross and Blue Shield will implement, maintain and use administrative, physical and technical safeguards for Electronic Protected Health Information in compliance with the Security Rule, as required by the HITECH Act. Breaches and Security Incidents. Blue Cross and Blue Shield will report to Account, following discovery and without unreasonable delay, any incident that Blue Cross and Blue Shield determines, in its sole discretion, constitutes a “breach” of “unsecured protected health information,” as these terms are defined by the Breach Notification Rule. With respect to any incident not subject to reporting in the paragraph above, Blue Cross and Blue Shield will report to the Plan any use or disclosure of Protected Health Information not provided for by the applicable Administrative Services Agreement and this Business Associate Agreement of which Blue Cross and Blue Shield becomes aware. With respect to any incident not subject to reporting in the two paragraphs above, Blue Cross and Blue Shield will report to the Plan any Security Incident of which Blue Cross and Blue Shield becomes aware. Subcontractors. Blue Cross and Blue Shield will require any Subcontractor that creates or receives Protected Health Information to engage in a written agreement requiring that the Subcontractor comply with the same restrictions and conditions that apply through this Business Associate Agreement to Blue Cross and Blue Shield with respect to such Protected Health Information. Blue Cross and Blue Shield will also require any Subcontractor that creates or receives Electronic Protected Health Information to agree in writing to comply with the Security Rule.