Common use of Permitted Uses and Disclosures of Phi by Business Associate Clause in Contracts

Permitted Uses and Disclosures of Phi by Business Associate. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such uses and/or further disclosures (i) do not violate the requirements of HIPAA’s Business Associate contract standard at 45 C.F.R. § 164.504(e)(1) and/or the HITECH Act, if done by the Covered Entity, (ii) are the minimum necessary PHI to accomplish the intended purpose, or (iii) are Required By Law. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate, provided, however, that any such uses or disclosures are Required By Law, or Business Associate obtains reasonable written assurances from the person to whom the information is disclosed that (i) the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and (ii) the person immediately notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been the subject of a Breach. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity, consistent with 45 C.F.R. 164.504(e)(2)(i)(B). Business Associate may use PHI to report violations of law to appropriate federal and state authorities as required under HIPAA and/or other federal and state laws, consistent with 45 C.F.R. § 164.502(j)(1), provided that Business Associate gives Covered Entity prior written notice of its intention to report any such violation of law and the facts or circumstances related thereto, to the extent legally permissible.

Permitted Uses and Disclosures of Phi by Business Associate. 2.1. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such uses and/or further disclosures (i) do not violate the requirements of HIPAA’s Business Associate contract standard at 45 C.F.R. § 164.504(e)(1) and/or the HITECH Act, if done by the Covered Entity, (ii) are the minimum necessary PHI to accomplish the intended purpose, or (iii) are Required By Law. 2.2. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate, provided, however, that any such uses or disclosures are Required By Law, or Business Associate obtains reasonable written assurances from the person to whom the information is disclosed that (i) the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and (ii) the person immediately notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been the subject of a Breach. 2.3. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity, consistent with 45 C.F.R. § 164.504(e)(2)(i)(B). 2.4. Business Associate may use PHI to report violations of law to appropriate federal and state authorities as required under HIPAA and/or other federal and state laws, consistent with 45 C.F.R. § 164.502(j)(1), provided that Business Associate gives Covered Entity prior written notice of its intention to report any such violation of law and the facts or circumstances related thereto, to the extent legally permissible.

Permitted Uses and Disclosures of Phi by Business Associate. A. Except as otherwise limited in this BAA or in the Services AgreementBAA, Business Associate may use Use or disclose Disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Underlying Agreement, provided that such uses Uses and/or further disclosures Disclosures (i) do not violate the requirements of HIPAA’s Business Associate contract standard at 45 C.F.R. § 164.504(e)(1) and/or the HITECH Act, if done by the Covered Entity, (ii) are the minimum necessary PHI to accomplish the intended purpose, or (iii) are Required By Law. . B. Except as otherwise limited in this BAA or in the Services AgreementBAA, Business Associate may use Use or disclose Disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate, provided, however, that any such uses Uses or disclosures Disclosures are Required By Law, or Business Associate obtains reasonable written assurances from the person to whom the information is disclosed that (i) the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and (ii) the person immediately notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been the subject of a Breach. Breached. C. Except as otherwise limited in this BAA or in the Services AgreementBAA, Business Associate may use Use PHI to provide Data Aggregation services to Covered Entity, consistent with Entity (45 C.F.R. 164.504(e)(2)(i)(B). ). D. Business Associate may use Use PHI to report violations of law to appropriate federal Federal and state State authorities as required permitted under HIPAA and/or other federal Federal and state State laws, consistent with . (45 C.F.R. § 164.502(j)(1), provided that Business Associate gives Covered Entity prior written notice of its intention to report any such violation of law and the facts or circumstances related thereto, to the extent legally permissible).

Permitted Uses and Disclosures of Phi by Business Associate. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such uses and/or further disclosures (i) do not violate the requirements of HIPAA’s Business Associate contract standard at 45 C.F.R. § 164.504(e)(1) and/or the HITECH Act, if done by the Covered Entity, (ii) are the minimum necessary PHI to accomplish the intended purpose, or (iii) are Required By Law. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate, provided, however, that any such uses or disclosures are Required By Law▇▇▇, or Business Associate obtains reasonable written assurances from the person to whom the information is disclosed that (i) the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and (ii) the person immediately notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been the subject of a Breach. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity, consistent with 45 C.F.R. § 164.504(e)(2)(i)(B). Business Associate may use PHI to report violations of law to appropriate federal and state authorities as required under HIPAA and/or other federal and state laws, consistent with 45 C.F.R. § 164.502(j)(1), provided that Business Associate gives Covered Entity prior written notice of its intention to report any such violation of law and the facts or circumstances related thereto, to the extent legally permissible.

Permitted Uses and Disclosures of Phi by Business Associate. Except as otherwise limited in this BAA or in the Services Agreement, (a) Business Associate may use or disclose PHI to perform functions, activities, or services Services for, or on behalf of, Covered Entity as specified in pursuant to the Services Agreement, Terms of Service provided that such uses and/or further disclosures (i) do use or disclosure does not violate the requirements of HIPAA’s Business Associate contract standard at 45 C.F.R. § 164.504(e)(1HIPAA Standards. (b) and/or the HITECH Act, if done by the Covered Entity, (ii) are the minimum necessary PHI to accomplish the intended purpose, or (iii) are Required By Law. Except as otherwise limited in this BAA or in the Services Agreement, Business Associate may use or disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities, provided, however, provided that any such uses or disclosures are (i) Required By by Law, or (ii) Business Associate obtains reasonable written assurances from the person to whom the information is disclosed that (i) the PHI it will remain confidential and used or further disclosed only as Required By by Law or for the purpose for which it was disclosed to the person, and (ii) the person immediately notifies the agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been the subject of a Breach. Except as otherwise limited in this BAA or in the Services Agreement, breached. (c) Business Associate may use PHI and disclose Protected Health Information to provide Data Aggregation services related to the health care operations of Covered Entity, consistent with 45 C.F.R. 164.504(e)(2)(i)(B). . (d) Business Associate may use PHI or disclose Protected Health Information to de-identify information or create a Limited Data Set, in accordance with 45 C.F.R. § 164.514(b), and use and disclose such de-identified data as permitted by law and, in the case of a Limited Data Set, as permitted by and in accordance with the Privacy Standards. (e) Business Associate may use or disclose Protected Health Information for purposes of obtaining, and in accordance with, authorizations that meet the requirements of 45 CFR § 164.508. (f) Business Associate may use or disclose Protected Health Information as permitted by 45 CFR § 164.506(c). (g) Business Associate may use or disclose Protected Health Information to for public health and other purposes permitted by 45 CFR 164.512 and to report violations of law to appropriate federal and state authorities as required under HIPAA and/or other federal and state laws, consistent with 45 C.F.R. CFR § 164.502(j)(1), provided that Business Associate gives Covered Entity prior written notice of its intention to report any such violation of law and the facts or circumstances related thereto, to the extent legally permissible.