Business Associate agrees to Clause Samples

This clause establishes the obligations that a Business Associate must fulfill under an agreement, typically in the context of handling protected health information (PHI) on behalf of a covered entity. It outlines specific actions or standards the Business Associate is required to adhere to, such as implementing safeguards, reporting breaches, or ensuring subcontractors comply with relevant regulations. The core function of this clause is to ensure that the Business Associate's activities are clearly defined and compliant with applicable laws, thereby protecting sensitive information and allocating responsibility for data security.
Business Associate agrees to. 2.1.1. Not use or disclose Protected Health Information other than as permitted or required by the Agreement or as required by law; 2.1.2. Develop, implement, maintain, use and document appropriate safeguards that will protect the confidentiality, integrity, and availability of the electronic Protected Health Information, comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, and prevent use or disclosure of Protected Health Information, other than as permitted by this Agreement; 2.1.3. Report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware and/or any Security Incident of which it becomes aware in accordance with Section 2.2, below; 2.1.4. Mitigate, to the extent practicable, any known harmful effect of its use or disclosure of Protected Health Information in violation of the requirements of this Agreement; 2.1.5. Enter into a written agreement with any agents, including subcontractors, that create, receive, maintain, or transmit Protected Health Information on its behalf, in which such agents agree to the same restrictions, conditions, and requirements that apply to the Business Associate under this Agreement with respect to such Protected Health Information; 2.1.6. Make available to the Covered Entity Protected Health Information in a Designated Record Set as necessary to satisfy Covered Entity’s obligations under 45 CFR § 164.524. If Business Associate receives a request directly from an Individual or the Individual’s designee, Business Associate shall notify Covered Entity as soon as administratively feasible in order for the Parties to coordinate a response. 2.1.7. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR § 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR § 164.526. If Business Associate receives a request directly from an Individual or the Individual’s designee, Business Associate shall notify Covered Entity as soon as administratively feasible in order for the Parties to coordinate a response; 2.1.8. Maintain and make available the information required to provide an Accounting of Disclosures to the Covered Entity or Individual as necessary to satisfy Covered Entity’s obligations under 45 CFR § 164.528; provided that if Business Associate receives a request directly fr...
View SourceView Similar (4)
Business Associate agrees to a. Not use or disclose PHI other than as permitted or required by the Agreement or as Required by Law. b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement; c. Mitigate to the extent practicable, any harmful effect known to BUSINESS ASSOCIATE if BUSINESS ASSOCIATE uses/disclosures PHI in violation of this Agreement. d. Report to COVERED ENTITY any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware within one (1) business day and before notifying any other entity; e. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the BUSINESS ASSOCIATE agree to the same restrictions, conditions, and requirements that apply to the BUSINESS ASSOCIATE with respect to such information; f. If the BUSINESS ASSOCIATE has PHI in a Designated Record, provide access at the request of COVERED ENTITY, and in the time and manner designated by COVERED ENTITY, to PHI in a Designated Record Set, to COVERED ENTITY or, as directed by COVERED ENTITY, to an Individual in order to meet the requirements under 45 CFR § 164.524. g. If the BUSINESS ASSOCIATE has PHI in a Designated Record Set, make any amendment(s) to PHI in a Designated Record Set that the COVERED ENTITY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COVERED ENTITY or an Individual, and in the time and manner designated by COVERED ENTITY. h. Make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by BUSINESS ASSOCIATE on behalf of, COVERED ENTITY available to the COVERED ENTITY, or at the request of the COVERED ENTITY to the Secretary, in a time and manner designated by the COVERED ENTITY or the Secretary, for purposes of the Secretary determining COVERED ENTITY's compliance with the HIPAA Rules. i. Document such disclosures of PHI and information related to such disclosures as would be required for COVERED ENTITY to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. j. Provide to COVERED ENTITY or an Individual, in time and manner d...
View SourceView Similar (2)
Business Associate agrees to. Hold harmless, defend at its own expense, and indemnify Covered Entity for the costs of any mitigation undertaken by Business Associate pursuant to Section 7 of this Exhibit.
View SourceView Similar (2)

Related to Business Associate agrees to

  • Business Associate Agreement This Agreement may require the exchange of information covered by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). A Business Associate Agreement (“BAA”) executed by the Parties is attached as Appendix [Letter C/D/E etc.].

  • Business Associate Contract GENERAL PROVISIONS AND RECITALS

  • Business Associate’s Agents To ensure that any agents, including subcontractors, to whom Business Associate provides PHI received from or created or received by Business Associate on behalf of County, agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI, including implementation of reasonable and appropriate administrative, physical, and technical safeguards to protect such PHI; and to incorporate, when applicable, the relevant provisions of this Addendum into each subcontract or subaward to such agents or subcontractors.

  • Business Associate “Business Associate” shall have the same meaning as the term “business associate” at 45 C.F.R. 160.103, and shall refer to Contractor.

  • Business Associate Obligations Business Associate agrees to comply with applicable federal confidentiality and security laws, specifically the provisions of the HIPAA Rules and the HITECH Act applicable to business associates, including: 2.1 Use and Disclosure of PHI. Except as otherwise permitted by this Agreement, the HIPAA Rules, or applicable law, Business Associate shall not make any uses or disclosures of PHI except as necessary to provide services to, or on behalf of, Covered Entity as described in the Underlying Agreement, and shall not use or disclose PHI that would violate the HIPAA Rules or HITECH Act if used or disclosed by Covered Entity; provided, however, Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities, consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate may not use or disclose PHI which it creates, receives, maintains or transmits for or on behalf of the Covered Entity for any purpose except as otherwise provided by the Agreement and this BAA. Business Associate agrees to review and understand any state privacy and security laws to the extent that such laws are not preempted by HIPAA, as may be amended from time to time. Business Associate acknowledges that it shall comply specifically with the HIPAA Security Rule, and, to the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under the Privacy Rule, it shall comply with the requirements of the Privacy Rule which apply to Covered Entity in the performance of such obligation(s). Business Associate shall in such cases: 2.1.1 provide information to members of its workforce using or disclosing PHI regarding the confidentiality requirements in the HIPAA Rules and this Agreement; 2.1.2 obtain reasonable assurances, in writing from the person or entity to whom the PHI is disclosed that: (i) the PHI will be held in confidence and further used and disclosed only as required by law or for the purpose for which it was disclosed to the person or entity; and (ii) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and 2.1.3 agree to notify the Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules or HITECH Act. 2.2 Marketing; Sale of PHI. Business Associate may not use or disclose PHI for marketing purposes. Marketing includes any communication which would encourage the recipient to use or purchase a product or service. Business Associate may not use or disclose PHI where it has directly or indirectly received remuneration, financial or otherwise, from or on behalf of the recipient of the PHI in exchange for the PHI. “Sale” is not limited to circumstances where a transfer of ownership occurs, and would include access, license or lease agreements.