Common use of Obligations of Covered Entity Clause in Contracts

Obligations of Covered Entity. Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by the Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. 3.1 Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entitypractices, in accordance prepared for compliance with 45 C.F.R. § §164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . 3.2 Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) an Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . 3.3 Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . 3.4 Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Regulations if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. a. Covered Entity shall agrees to: i. notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, ’s Notice of Privacy Practices in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use Use or disclosure Disclosure of PHIPHI (“Changes to Privacy Practices”). ii. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) an Individual to use Use or disclose Disclose PHI, to the extent that such changes may affect Business Associate’s use Use or disclosure Disclosure of PHI. iii. Covered Entity shall notify Business Associate of any restriction to the use Use or disclosure Disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522164.522 (“Use or Disclosure Restrictions”), to the extent that such restriction may restrictions affect Business Associate’s use Use or disclosure Disclosure of PHI. iv. Permissible Requests by Covered Entitynot store, transmit or deliver to Business Associate any PHI in an unencrypted state without Business Associate’s knowledge and express written consent. Covered Entity shall not request will encrypt PHI at rest in a manner consistent with guidelines established by the Secretary, except where the provision of the Services requires PHI to be unencrypted. If, however, Business Associate expressly undertakes the obligation to use or disclose encrypt PHI in on behalf of Covered Entity for any manner that would not be permissible under the HIPAA Standards if done by Covered EntityBA-Related Services, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted ’s knowledge and consent under this Contract. Term and Terminationprovision will be presumed.

Obligations of Covered Entity. a. Covered Entity shall notify Business Associate of any limitations limitation(s) in its the notice of privacy practices of Covered Entity, in accordance with Entity under 45 C.F.R. CFR § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. protected health information. b. Covered Entity shall notify Business Associate of any changes in, in or revocation of, the permission by Individual(s) an individual to use or disclose PHIhis or her protected health information, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI. protected health information. c. Covered Entity shall notify Business Associate of any restriction to on the use or disclosure of PHI protected health information that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use user or disclosure of PHI. Permissible Requests by Covered Entity. protected health information. d. Covered Entity shall not request Business Associate to use or disclose PHI protected health information in any manner that would not be permissible under the HIPAA Standards Subpart E of 45 CFR Part 164 if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. With regard to the Use and/or Disclosure of PHI by the Business Associate, Covered Entity shall notify hereby agrees: a) To inform the Business Associate of any limitations in its notice the Use and Disclosure of privacy practices of PHI set forth in the Covered Entity, in accordance with 's Notice of Privacy Practices that Covered Entity provides to Individuals pursuant to 45 C.F.R. § section 164.520, or to the extent that such limitation may affect Business Associate’s use 's Use or disclosure Disclosure of PHI. Covered Entity shall notify Entity's Notice of Privacy Practices is available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy. b) To inform the Business Associate of any changes in, or revocation of, the permission by Individual(s) an Individual to use Use or disclose Disclose PHI, to the extent that such changes limitation may affect Business Associate’s use 's Use or disclosure Disclosure of PHI. Covered Entity shall . c) To notify the Business Associate Associate, of any restriction to on the use Use or disclosure Disclosure of PHI that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. § CFR section 164.522, to the extent that such restriction may affect impact in any manner the Use and/or Disclosure of PHI by the Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. Associate under this BAA. d) Covered Entity shall will not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Rules if done by the Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. (a) Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of the Covered Entity's Notice of Privacy Practices, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation limitations may affect Business Associate’s 's use or disclosure of PHI. . (b) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission granted by Individual(s) any Patient to use or disclose PHI, to the extent that such changes or revocations may affect Business Associate’s 's use or disclosure of PHI. . (c) Covered Entity shall notify Business Associate of any restriction to (1) restrictions on the use or disclosure of PHI PHI; or (2) requests for confidential communications that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction restrictions may affect Business Associate’s 's use or disclosure of PHI. Permissible Requests by Covered Entity. . (d) All notifications to Business Associate under this Section 3 of this Agreement shall include such detail as Business Associate reasonably requires in order to honor the limitations, restrictions, or requests for confidential communications. (e) Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Rules if done made by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. a. Covered Entity shall notify Business Associate of any limitations limitation(s) in its the notice of privacy practices of Covered Entity, in accordance with Entity under 45 C.F.R. CFR § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. protected health information. b. Covered Entity shall notify Business Associate of any changes in, in or revocation of, the permission by Individual(s) an individual to use or disclose PHIhis or her protected health information, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI. protected health information. c. Covered Entity shall notify Business Associate of any restriction to on the use or disclosure of PHI protected health information that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use user or disclosure of PHI. Permissible Requests by Covered Entity. protected health information. d. Covered Entity shall not request Business Associate to use or disclose PHI protected health information in any manner that would not be permissible under the HIPAA Standards Subpart E of 45 CFR Part 164 if done by Covered Entity, except that . e. Covered Entity shall only provide a minimum amount of protected health information necessary for the Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted to satisfy its obligations under this Contract. Term and Terminationthe Agreement.

Obligations of Covered Entity. a) Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice Notice of privacy practices Privacy Practices of Covered Entity, Entity in accordance with 45 C.F.R. § CFR 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . b) Covered Entity shall notify Business Associate in a timely manner of any changes in, or revocation of, permission by Individual(s) an Individual to use or disclose PHI, PHI to the extent that such changes change may affect Business Associate’s permitted or required use or disclosure of PHI. . c) Covered Entity shall notify Business Associate in a timely manner of any restriction to the use or and/or disclosure of PHI that PHI, which the Covered Entity has agreed to in accordance with 45 C.F.R. § CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . d) Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Rule if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. If deemed applicable by Covered Entity, Covered Entity shall: 1. Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § CFR 164.520, or to the extent that such limitation may affect Business Associate’s 's use or disclosure of PHI. 2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s 's use or disclosure of PHI. 3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § CFR 164.522, to the extent that such restriction may affect Business Associate’s 's use or disclosure of PHI. Permissible Requests by Covered Entity 4. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Rule if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. 5.1. Covered Entity shall notify Business Associate of any limitations limitation(s) in its a notice of privacy practices of Covered Entity, Entity in accordance with 45 C.F.R. CFR § 164.520, or as well as any changes to such notice, to the extent that such limitation or changes may affect Business Associate’s use or disclosure of PHI. 5.2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) an Individual to use Use or disclose Disclose PHI, to the extent that such changes may affect Business Associate’s use Use or disclosure Disclosure of PHI. 5.3. Covered Entity shall notify Business Associate of any restriction to on the use Use or disclosure Disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use Use or disclosure Disclosure of PHI. Permissible Requests by Covered Entity. 5.4. Covered Entity shall not request that Business Associate to use Use or disclose Disclose PHI in any manner that would not be permissible under the HIPAA Standards Rules if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. (a) Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, ’s Notice of Privacy Practices in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . (b) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . (c) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed pursuant to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . (d) Except as set forth in Section 4(b) and Section 4(c) of this BA Agreement, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Rule if done by Covered Entity. (e) To the extent required under the HIPAA Rules, except that Covered Entity will request from Business Associate may use only the minimum PHI necessary for Business Associate to perform or fulfil a specific function required or permitted hereunder. (f) Covered Entity represents and warrants that it has the right and authority to disclose PHI to Business Associate for data aggregation, Business Associate to perform its obligations and management and administrative activities of Business Associate, as permitted under this Contract. Term and Terminationprovide services to Covered Entity.

Obligations of Covered Entity. 4.1 Covered Entity shall notify shall: (a) Provide Business Associate with the Notice of any limitations in its notice of privacy practices of Privacy Practices that Covered Entity, Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes or limitations may affect Business Associate’s 's use or disclosure of PHI. Covered Entity shall notify . (b) Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s 's use or disclosure of PHI under this BAA. (c) Notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI. Permissible Requests by Covered Entity. , if such change or revocation may affect Business Associate's permitted or required uses and disclosures of PHI under this BAA. (d) Use appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate in accordance with the standards and requirements of the HIPAA Rules. 4.2 Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy and Security Rule if done by Covered Entity, except that Business Associate may use for the specific uses and disclose PHI for data aggregation, and management and administrative activities disclosures provided under Section 3 of Business Associate, as permitted under this Contract. Term and TerminationBAA.

Obligations of Covered Entity. (1) Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . (2) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . (3) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not make any disclosure of PHI to Business Associate if such disclosure would violate HIPAA, HITECH or any applicable federal or state law or regulation and will not request Business Associate to use or disclose make any disclosure of PHI in any manner that would not be permissible under the HIPAA Standards Covered Entity’s privacy policies, HIPAA, HITECH or any applicable federal or state law or regulation if such use or disclosure were done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. (a) Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice Notice of privacy practices of Covered EntityPrivacy Practices, in accordance with pursuant to 45 C.F.R. § 164.520, or 164.520 to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . (b) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) any individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . (c) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § C.F.R.§ 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . (d) Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards HIPAA, if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. With regard to the Use and/or Disclosure of PHI by the Business Associate, Covered Entity shall notify hereby agrees: To inform the Business Associate of any limitations in its notice the Use and Disclosure of privacy practices of PHI set forth in the Covered Entity, in accordance with ’s Notice of Privacy Practices that Covered Entity provides to Individuals pursuant to 45 C.F.R. § section 164.520, or to the extent that such limitation may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall notify Entity’s Notice of Privacy Practices is available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy. To inform the Business Associate of any changes in, or revocation of, the permission by Individual(s) an Individual to use Use or disclose Disclose PHI, to the extent that such changes limitation may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall To notify the Business Associate Associate, of any restriction to on the use Use or disclosure Disclosure of PHI that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. § CFR section 164.522, to the extent that such restriction may affect impact in any manner the Use and/or Disclosure of PHI by the Business Associate’s use or disclosure of PHI. Permissible Requests by Covered EntityAssociate under this BAA. Covered Entity shall will not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Rules if done by the Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. Covered Entity shall notify will: (a) Obtain the permission of Individuals to Use or Disclose such Individual’s PHI or ePHI to Business Associate as necessary for Business Associate to perform its Services under the PSA. (b) Notify Business Associate of any limitations limitation in its Covered Entity’s notice of privacy practices of Covered Entity, in accordance with under 45 C.F.R. CFR § 164.520, or to the extent that such limitation may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall notify . (c) Notify Business Associate of any changes in, or revocation of, the permission by Individual(s) an Individual to use Use or disclose Disclose such Individual’s PHI, to the extent that such changes may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall notify . (d) Notify Business Associate of any restriction to the use Use or disclosure Disclosure of PHI that to which Covered Entity has agreed or by which Covered Entity is required to in accordance with abide under 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use Use or disclosure Disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not . (e) Not request Business Associate to use Use or disclose Disclose PHI in any manner that would not be permissible under the HIPAA Standards Subpart E of 45 CFR Part 145 if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted otherwise allowed under this Contract. Term and TerminationAgreement.

Obligations of Covered Entity. a. Covered Entity shall notify Business Associate of any limitations limitation(s) in its the notice of privacy practices of Covered Entity, in accordance with Entity under 45 C.F.R. CFR § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . b. Covered Entity shall notify Business Associate of any changes in, in or revocation of, of permission by Individual(s) an individual to use or disclose his or her PHI, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI. . c. Covered Entity shall notify Business Associate of any restriction to on the use or disclosure of PHI that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . d. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Subpart E of 45 CFR Part 164 if done by Covered Entity, except that . e. Covered Entity shall only provide a minimum amount of PHI necessary for the Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted to satisfy its obligations under this Contract. Term and Terminationthe Agreement.

Obligations of Covered Entity. 1. Covered Entity shall notify Business Associate of any limitations limitation(s) in its Covered Entity’s notice of privacy practices of Covered Entity, that are produced in accordance with 45 C.F.R. § 164.520CFR §164.520 (as well as any changes to that notice), or to the extent that such limitation limitation(s) may affect Business Associate’s 's use or disclosure of PHI. 2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s 's use or disclosure of PHI. 3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. § CFR §164.522, to the extent that such restriction may affect Business Associate’s 's use or disclosure of PHI. Permissible Requests by Covered Entity. 4. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Rule if done by Covered Entity, except that . Nothing in this paragraph shall restrict the ability of Business Associate may to use and or disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contractset forth in paragraph C.2. Term and Termination.herein. ▇▇▇▇▇ Administrative Services Agreement Client Name Sample

Obligations of Covered Entity. 5.1 Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, ’s Notice of Privacy Practices in accordance with 45 C.F.R. CFR § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . 5.2 Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) an Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . 5.3 Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that to which Covered Entity has agreed to in accordance with 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . 5.4 Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Rule or HITECH Act if done by Covered Entity. 5.5 Covered Entity shall make reasonable efforts to Disclose PHI to Business Associate in the minimum amount and to the minimum number of individuals necessary to achieve the purpose of the services being rendered to or on behalf of Covered Entity, except that Covered Entity shall not be obligated to comply with this minimum necessary limitation if neither Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Terminationnor Covered Entity is required to limit its Use or Disclosure to the minimum necessary.

Obligations of Covered Entity. a. Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . b. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . c. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. DocuSign Envelope ID: A849516C-C59D-4724-9DAE-5D8C9EC2E2D4 d. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by the Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Section of the Contract. Term and Termination.

Obligations of Covered Entity. (a) Covered Entity shall agrees to notify Business Associate of any limitations limitation(s) in its Covered Entity’s notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § §164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. . (b) Covered Entity shall agrees to notify Business Associate of any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. . (c) Covered Entity shall agrees to notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . (d) Covered Entity shall not request Business Associate agrees to use or disclose limit its use, disclosure, and requests of PHI in any manner that would not be permissible under the HIPAA Standards this BAA/QSOA to a limited data set or, if done needed by Covered Entity, except to the minimum necessary PHI to accomplish the intended purpose of such use, disclosure, or request. (e) Covered Entity shall identify data that Business Associate may use and disclose PHI qualifies for Part 2 protections prior to sending such data aggregation, and management and administrative activities of to the Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. (a) Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice Notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or Privacy Practices to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. that (b) Covered Entity shall notify provide Business Associate of with any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHI, to the extent that if such changes may affect Business Associate’s 's permitted or required uses and disclosures. (c) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity or disclosure of PHI. . (a) Covered Entity shall notify Business Associate of any limitation(s) in its Notice of Privacy Practices to the extent that (b) Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by Individual to use or disclose PHI, if such changes affect Business Associate's permitted or required uses and disclosures. (c) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § CFR 164.522, to the extent that such restriction may affect Business Associate’s use e or disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. 1. Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, Entity in accordance with 45 C.F.R. § CFR §164.520, or to the extent that such limitation may affect Business Associate’s 's use or disclosure of PHIProtected Health Information. 2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHIProtected Health Information, to the extent that such changes may affect Business Associate’s 's use or disclosure of PHIProtected Health Information. 3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI Protected Health Information that Covered Entity has agreed to in accordance with 45 C.F.R. § CFR §164.522, to the extent that such restriction may affect Business Associate’s 's use or disclosure of PHI. Permissible Requests by Covered EntityProtected Health Information. 4. Covered Entity shall not request Business Associate to use or disclose PHI Protected Health Information in any manner that would not be permissible under the HIPAA Standards Privacy Rule if done by Covered Entity, except that . Nothing in this paragraph shall restrict the ability of Business Associate may to use and or disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contractset forth in paragraph C.2. Term and Terminationherein.

Obligations of Covered Entity. Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and TerminationAgreement.

Obligations of Covered Entity. Covered Entity agrees to timely notify Business Associate, in writing, of any arrangements between Covered Entity and the Individual that is the subject of PHI that may impact in any manner the Use and/or Disclosure of that PHI by Business Associate under this Agreement. Covered Entity shall notify Business Associate Associate, in writing, of any limitations limitation(s) in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use Use or disclose Disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Obligations if done by Covered Entity. Covered Entity shall limit, to the extent practicable and except that Business Associate may use and disclose PHI for data aggregationas permitted by 45 C.F.R. § 164.502(b)(2), its Use, Disclosure, and management and administrative activities requests of Business AssociatePHI under the Agreement to a Limited Data Set or, as permitted under this Contract. Term and Terminationif needed, to the minimum necessary PHI to accomplish the intended purpose of such Use, Disclosure or request.

Obligations of Covered Entity. Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity, in accordance with 45 C.F.R. § 164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s(a) to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to on the use or disclosure of PHI that to which Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522164.522(a), to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by . (b) Covered Entity shall notify Business Associate of any limitation(s) in Covered Entity’s notice of privacy practices in accordance with 45 C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. (c) Covered Entity shall notify Business Associate in writing of any changes in, or revocation of, permission by an Individual to use or disclose such Individual’s PHI to the extent that such change or revocation may affect Business Associate’s use or disclosure of PHI or its ability to perform its obligations under any applicable agreement with Covered Entity or the law. Covered Entity shall also obtain, in writing, any Individual consent, authorization, and other permissions that may be necessary or required by applicable laws in order to transfer or disclose the PHI to Business Associate. (d) Covered Entity shall not request that Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. 1. Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, Entity in accordance with 45 C.F.R. § CFR §164.520, or to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. 2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. 3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. 4. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Privacy Rule if done by Covered Entity, except that . Nothing in this paragraph shall restrict the ability of Business Associate may to use and or disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contractset forth in paragraph C.2. Term and Terminationherein.

Obligations of Covered Entity. A. Upon request, Covered Entity shall notify Business Associate of any limitations limitation(s) in its notice of privacy practices of Covered Entity, ’s Notice of Privacy Practices in accordance with 45 C.F.R. CFR § 164.520, or to the extent that such limitation limitation(s) may affect Business Associate’s use Use or disclosure Disclosure of PHI. . B. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual(s) an Individual to use Use or disclose Disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure 's Uses and Disclosure of PHI. . C. Covered Entity shall notify Business Associate of any restriction to the use Use or disclosure Disclosure of an Individual’s PHI that Covered Entity has agreed to in accordance with 45 C.F.R. CFR § 164.522, to the extent that such restriction may affect Business Associate’s use Use or disclosure Disclosure of PHI. Permissible Requests by Covered Entity. . D. Covered Entity shall not request makes no warranty or representation that compliance by Business Associate to use with this Addendum, HIPAA or disclose PHI in any manner that would not the Privacy and Security Rules will be permissible under the HIPAA Standards if done by Covered Entity, except that adequate or satisfactory for Business Associate’s own purposes. Business Associate may use and disclose PHI is solely responsible for data aggregation, and management and administrative activities all decisions made by Business Associate regarding the safeguarding of Business Associate, as permitted under this Contract. Term and TerminationPHI.

Obligations of Covered Entity. A. It is the responsibility of Covered Entity to notify patients of any breach of PHI, including any breach of PHI involving more than 500 individuals. At no time is Business Associate to contact or speak directly to any of Covered Entity’s patients/individuals who are the subject of a breach or to the media regarding any such breach. Business Associate shall cooperate with Covered Entity as necessary to provide notification and any details pertaining to any breach. B. Covered Entity shall notify provide Business Associate with the Notice of any limitations in its notice of privacy practices of Privacy Practices that Covered Entity, Entity produces in accordance with 45 C.F.R. § CFR 164.520, or as well as any changes to such Notice and the extent that Business Associate shall comply with such limitation may affect Business Associate’s use or disclosure Notice of PHI. Privacy Practices. C. Covered Entity shall notify provide Business Associate of with any changes in, or revocation of, permission by Individual(s) an individual to use or disclose PHI, to the extent that if such changes may affect Business Associate’s use permitted or disclosure of PHI. required uses and disclosures. D. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Permissible Requests by Covered Entity. . E. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA or the HIPAA Standards HITECH standards if done by Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.

Obligations of Covered Entity. With regard to the Use and/or Disclosure of PHI by the Business Associate, Covered Entity shall notify hereby agrees: To inform the Business Associate of any limitations in its notice the Use and Disclosure of privacy practices of PHI set forth in the Covered Entity, in accordance with ’s Notice of Privacy Practices that Covered Entity provides to Individuals pursuant to 45 C.F.R. § §164.520, or to the extent that such limitation may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall notify Entity’s Notice of Privacy Practices is available at ▇▇▇▇▇://▇▇▇▇.▇▇▇/notice-privacy-practices-english. To inform the Business Associate of any changes in, or revocation of, the permission by Individual(s) an Individual to use Use or disclose Disclose PHI, to the extent that such changes limitation may affect Business Associate’s use Use or disclosure Disclosure of PHI. Covered Entity shall To notify the Business Associate Associate, of any restriction to on the use Use or disclosure Disclosure of PHI that Covered Entity has agreed to in accordance with or is required to abide by under 45 C.F.R. § CFR §164.522, to the extent that such restriction may affect impact in any manner the Use and/or Disclosure of PHI by the Business Associate’s use or disclosure of PHI. Permissible Requests by Covered EntityAssociate under this BAA. Covered Entity shall will not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Standards Rules if done by the Covered Entity, except that Business Associate may use and disclose PHI for data aggregation, and management and administrative activities of Business Associate, as permitted under this Contract. Term and Termination.