Common use of Permitted Uses and Disclosures Clause in Contracts

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any DocuSign Envelope ID: F61EB2DC-8573-4B1C-9752-C54AF08E201F instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. . Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information PHI is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information such PHI has been actually subject to a Security Incident or potentially breached. c. Breach. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the DocuSign Envelope ID: AE37FFA1-3914-4D42-ACF5-6A9C1FF1F1C3 Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the DocuSign Envelope ID: 5E99E4E6-935D-41E0-BF7B-66E0A9E91BB2 Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any DocuSign Envelope ID: 1D2D5B4D-3187-47D4-AE44-7CBC9DE4C714 instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law.. Docusign Envelope ID: 8016DDC0-DE9E-4630-8221-0B00163B03E5 b. Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Partiesparties, or as required by law. b. . Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law law, or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. . Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by this Agreement only to perform the services of the Underlying Agreement between the Parties, or as required by law. b. . Business Associate may use or disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, only where a) the use or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains reasonable assurances from the person or entity to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person or entity, and ii) the person or entity agree to immediately notify Business Associate of any instances of which it is aware that the confidentiality, privacy or security of the information has been actually or potentially breached. c. . Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.

Permitted Uses and Disclosures. a. Business Associate agrees to use or disclose the PHI authorized by Except as otherwise limited in this Agreement only to perform the services of the Underlying Agreement between the PartiesBAA, or as required by law. b. Business Associate may use or disclose PHI only as necessary to perform its obligations under the Primary Agreement, as long as such use or disclosure would not violate the Privacy Rule, or the policies and procedures of Covered Entity relating to the “Minimum Necessary Standard,” if done by Covered Entity. If the Business Associate is permitted to de-identify PHI in a Primary Agreement, Business Associate shall de-identify PHI in accordance with 45 C.F.R. § 164.514 and not use de-identified PHI except as expressly provided in the applicable Primary Agreement. Business Associate shall ensure that it’s Affiliates Use PHI in accordance with this BAA and shall be responsible for such Use. In addition, Business Associate may Use PHI: To provide Data Aggregation services to Covered Entity as permitted by 42 CFR § 164.504(e)(2)(i)(B); and For the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, except that Use or disclosure of PHI under this paragraph is permissible only where if (a) the use it is Required By Law, or disclosure does not violate any law governing the protection of the PHI, including, but not limited to, prohibitions under 42 CFR Part 2 (Part 2 Regulations), and b) the disclosures are required by law or c) Business Associate agrees only to disclose the minimum necessary PHI to accomplish the intended purpose and i) obtains has obtained reasonable assurances from the person or entity to whom the information PHI is disclosed that the such PHI will remain confidential and used or further disclosed only as required by law Required By Law or for the purposes purpose for which it such PHI was disclosed to the person or entityperson, and ii) the person or entity agree to immediately notify notifies Business Associate of any instances of which it is aware that in which the confidentiality, privacy or security confidentiality of the information PHI has been actually or potentially breached. c. Business Associate may provide data aggregation services relating to the health care operations of the Department, or de-identify the Department’s PHI, only when such specific services are permissible under the Underlying Agreement or as otherwise preapproved in writing by the Department.