Permitted Uses and Disclosures of Protected Health Information. 3.1 Upon execution of this Agreement and subject to its terms, from time to time, Covered Entity may disclose PHI to Business Associate and allow Business Associate to create or receive PHI on behalf of Covered Entity. 3.2 Except as otherwise limited in this Agreement, Business Associate may use PHI received from or created on behalf of Covered Entity to carry out the responsibilities imposed upon Business Associate under the Service Arrangement provided that such use or disclosure would not violate the Privacy Regulations if done by Covered Entity or the minimum necessary policies and procedures of Covered Entity. Business Associate may use PHI in connection with the proper management and administration of Business Associate or to carry out legal responsibilities of Business Associate. Business Associate may disclose PHI in connection with the proper management and administration of Business Associate if (a) the disclosure is Required By Law, or (b) Business Associate receives adequate assurances from the person to whom the information is disclosed that the information will be held confidentially, used or further disclosed only as Required By Law or for the purposes for which the disclosure was made, and the person notifies Business Associate of any instance of which it is aware in which the confidentiality of the information has been breached. 3.3 Any use or disclosure of PHI which is not specifically permitted in this Agreement is prohibited. 3.4 Business Associate may use PHI to report violations of law to appropriate authorities consistent with 45 C.F.R. ' 164.502(j)(1).
Appears in 3 contracts
Sources: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement