Common use of Permitted Uses and Disclosures of PHI Clause in Contracts

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Envelope ID: F41EDEC2-77E4-43A0-8A52-37876FE6F8C2 permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Docusign Envelope ID: F41EDEC2B74962FE-77E4CDB2-43A044C7-8A528BFD-18395FAA0ACE Docusign Envelope ID: C15B4410-37876FE6F8C2 BD48-4F5A-A988-C8159EB272AF permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Envelope ID: F41EDEC27EB0287A-77E4F4E6-43A04935-8A529D3F-37876FE6F8C2 D12E38D70FBF permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care DocuSign Envelope ID: F0942045-ABB3-45A1-B1D6-CF93DB27A96E Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of administrationof Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Envelope ID: F41EDEC2-77E4-43A0-8A52-37876FE6F8C2 permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is personis aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authoritiesstateauthorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Docusign Envelope ID: F41EDEC203643C7A-77E4B886-43A04374-8A528336-37876FE6F8C2 A9DEE4D898C6 permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Envelope ID: F41EDEC22617A776-77E442D3-43A044D9-8A529D67-37876FE6F8C2 B510F3740326 permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).

Permitted Uses and Disclosures of PHI. Unless otherwise limited herein, Business Associate may: (a) Use or Disclose PHI to perform Services for, or on behalf of, Covered Entity, provided that such Use or Disclosure would not violate the Privacy or Security Rules, this BAA, or California Confidentiality Laws if done by Covered Entity; (b) Use PHI to provide Data Aggregation Services for the Health Care Operations of Covered Entity, if required by the Services Agreement and as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B); (c) Use PHI if necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (d) Disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as DocuSign Envelope ID: F41EDEC2-77E4-43A0-8A52-37876FE6F8C2 permitted under 45 C.F.R. § 164.504(e)(4)(ii), provided that Disclosures are Required by Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person will notify the Business Associate of any instances of which such person is aware that the confidentiality of the information has been breached; and (e) Use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).