Common use of Responsibilities of the Parties With Respect to Phi Clause in Contracts

Responsibilities of the Parties With Respect to Phi. 2.1 Responsibilities of the CATRAC. With regard to its use and/or disclosure of PHI, the CATRAC hereby agrees to do the following: 2.1.1. Not use or disclose PHI other than as permitted or required by this Agreement or the Underlying Agreement or as required by law; 2.1.2. Use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement or the Underlying Agreement; 2.1.3. Report, in writing, to Covered Entity within five ( 5) business days any use or disclosure of PHI not provided for by this Agreement or the Underlying Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware, and cooperate with the Covered Entity in any mitigation or breach reporting efforts; 2.1.4. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the CATRAC agree pursuant to a written agreement to the same restrictions, conditions, and requirements that apply to the CATRAC with respect to such information; 2.1.5. Ensure that any agent or subcontractor to whom the CATRAC provides PHI, as well as CATRAC, not export PHI beyond the borders of the United States of America; 2.1.6. Within five (5) business days of a request by Covered Entity, make available PHI in a designated record set, i f applicable, to Covered Entity, as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; 2.1.7. Within five (5) business days, make any amendment(s) to PHI, i f applicabl e , in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526. 2.1.8. As applicable, maintain and make available the information required to provide an accounting of disclosures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528. 2.1.9. To the extent the CATRAC is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s). 2.1.10. Make its internal practices, books, and records available to the Secretary and to the Covered Entity for purposes of determining compliance with the HIPAA Rules. 2.1.11. Comply with minimum necessary requirements under the HIPAA Rules.