Common use of Business Associate agrees to Clause in Contracts

Business Associate agrees to. a. Not use or disclose PHI other than as permitted or required by the Agreement or as Required by Law. b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement; c. Mitigate to the extent practicable, any harmful effect known to BUSINESS ASSOCIATE if BUSINESS ASSOCIATE uses/disclosures PHI in violation of this Agreement. d. Report to COVERED ENTITY any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware within one (1) business day and before notifying any other entity; e. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the BUSINESS ASSOCIATE agree to the same restrictions, conditions, and requirements that apply to the BUSINESS ASSOCIATE with respect to such information; f. If the BUSINESS ASSOCIATE has PHI in a Designated Record, provide access at the request of COVERED ENTITY, and in the time and manner designated by COVERED ENTITY, to PHI in a Designated Record Set, to COVERED ENTITY or, as directed by COVERED ENTITY, to an Individual in order to meet the requirements under 45 CFR § 164.524. g. If the BUSINESS ASSOCIATE has PHI in a Designated Record Set, make any amendment(s) to PHI in a Designated Record Set that the COVERED ENTITY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COVERED ENTITY or an Individual, and in the time and manner designated by COVERED ENTITY. h. Make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by BUSINESS ASSOCIATE on behalf of, COVERED ENTITY available to the COVERED ENTITY, or at the request of the COVERED ENTITY to the Secretary, in a time and manner designated by the COVERED ENTITY or the Secretary, for purposes of the Secretary determining COVERED ENTITY's compliance with the HIPAA Rules. i. Document such disclosures of PHI and information related to such disclosures as would be required for COVERED ENTITY to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. j. Provide to COVERED ENTITY or an Individual, in time and manner designated by COVERED ENTITY, information collected in accordance with Section III.i of this Agreement, to permit COVERED ENTITY to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.