Responsibilities of the Parties With Respect to Protected Health Information Sample Clauses

This clause defines the obligations and duties of each party regarding the handling, use, and protection of Protected Health Information (PHI). It typically outlines how parties must safeguard PHI, restrict its disclosure, and comply with relevant privacy laws such as HIPAA. For example, it may require parties to implement security measures, report breaches, and only use PHI for authorized purposes. The core function of this clause is to ensure that all parties maintain the confidentiality and security of sensitive health information, thereby reducing the risk of unauthorized access or disclosure.
Responsibilities of the Parties With Respect to Protected Health Information. 2.1 Responsibilities of the Business Associate. With respect to its use and/or disclosure of Protected Health Information, the Business Associate hereby agrees to do the following: a. Shall use and disclose the Protected Health Information only in the amount minimally necessary to perform the services of the Contract or under this Agreement, provided that such use or disclosure would not violate the Privacy and Security Regulations if done by the Covered Entity or as required by law. b. Shall immediately report to the designated privacy officer of the covered entity, in writing, any use and/or disclosure of unsecured Protected Health Information that is not permitted or required by this Agreement or required by law. c. Establish procedures for mitigating, to the greatest extent possible, any deleterious effects from any improper use and/or disclosure of PHI that the Business Associate reports to the Covered Entity. d. Use appropriate administrative, technical and physical safeguards to maintain the privacy and security of PHI and to prevent uses and/or disclosures of unsecured PHI other than as provided in this Agreement. e. Require all of its subcontractors and agents that receive or use, or have access to, PHI provided under this Agreement, to agree in writing to adhere to the same restrictions and conditions on the use and/or disclosures of PHI that apply to the Business Associate pursuant to this Agreement. f. Make available all policies, records, books, agreements, records or procedures relating to the use or disclosure of Protected Health Information to the Secretary of Health & Human Services for purposes of determining the Business Associates’ compliance with the Privacy and Security Regulations. g. Upon written request, make available during normal working hours at Business Associate’s office all records, books, agreements, policies and procedures relating to the use and disclosure of Protected Health Information to the Covered Entity to determine the Business Associate’s compliance with the terms of this Agreement. h. Upon Covered Entity’s request, Business Associate shall provide to the Covered Entity an accounting of each disclosure of PHI made by the Business Associate or its employees, agents, representatives, or subcontractors. Business Associate shall implement a process that allows for an accounting to be collected and maintained for any disclosure of PHI for which Covered Entity is required to maintain. Business Associate shall include in...
View SourceView Similar (14)
Responsibilities of the Parties With Respect to Protected Health Information. 2.1 Responsibilities of the Business Associate: With regard to its use and/or disclosure of Protected Health Information, the Business Associate hereby agrees to abide by all applicable state and federal laws regarding the privacy and security of individually identifiable health information, including without limitation Protected Health Information, and to do the following: a. use and/or disclose the Protected Health Information only as permitted or required by this Agreement or as otherwise required by law; b. use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic protected health information, in putting systems in place to secure and prevent use or disclosure of protected health information other than as provided by the Agreement; c. report to the Designated Privacy Officer (as defined under 45 C.F.R. 164.530(a)(1)) of the Covered Entity, in writing, any use and/or disclosure of the Protected Health Information that is not permitted or required by this Agreement of which the Business Associate becomes aware within 5 (five) days of the Business Associate’s discovery of such unauthorized use and/or disclosure; d. report to the Covered Entity within ten (10) days of a request by the Covered Entity, all disclosures of Protected Health Information to a third party for a purpose other than Treatment, Health Care Operations or Payment (each as defined in the Standards). The report will identify (i) the subject of the Protected Health Information (i.e., the patient name or identifier); (ii) the Protected Health Information disclosed; and (iii) the purpose of the disclosure in accordance with the accounting requirements of 45 C.F.R. 164.528. e. establish procedures for mitigating any deleterious effects from any improper use and/or disclosure of Protected Health Information that the Business Associate reports to the Covered Entity; f. use commercially reasonable efforts to maintain the security of Protected Health Information and to prevent unauthorized use and/or disclosure of such Protected Health Information; g. require all of its subcontractors and agents that receive, use or have access to Protected Health Information under this Agreement to agree in writing to adhere to the same restrictions and conditions on the use and/or disclosure of Protected Health Information that apply to the Business Associate; h. make available all records, books, agreements, policies and procedures relating to the use and/or disclos...
View SourceView Similar (4)
Responsibilities of the Parties With Respect to Protected Health Information. 2.1 Responsibilities of the Business Associate. With regard to its use and/or disclosure of Protected Health Information, the Business Associate hereby agrees to do the following: a. use and/or disclose the Protected Health Information only as permitted or required by this Agreement or as otherwise required by law. b. report to the designated Privacy Officer of the Covered Entity, in writing, and promptly, but no later than five (5) business days after discovery, of any access to, use or disclosure of Protected Health Information not provided for or allowed by this Agreement, or any Security Incident, or Breach of Unsecured Protected Health Information of which Business Associate becomes aware. For purposes of this Agreement, “Security
View SourceView Similar (2)
Responsibilities of the Parties With Respect to Protected Health Information. 3.1 Responsibilities of Contractor. Contractor hereby agrees to: 3.1.1 Useand/or disclose the Protected Health Information only as permitted or required by the Agreement or this Addendum and without violation of HIPAA, or as otherwise permitted or Required by Law; provided that any use or disclosure shall not violate HIPAA. 3.1.2 Prevent inappropriate use and disclosure of such Protected Health Information other than as provided for in this Addendum and implement, maintain and use Administrative Safeguards, Physical Safeguards, and Technical Safeguards that appropriately protect the Confidentiality, Integrity, and Availability of the Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of Company or the Covered Entities. 3.1.3 Report to Company: (i) any use and/or disclosure of Protected Health Information that is not permitted or required by this Addendum of which Contractor becomes aware, without unreasonable delay, but in no event later than one (1) business day after becoming aware of such use and/or disclosure, and (ii) any Security Incident involving electronic Protected Health Information of which it becomes aware, in the following manner: (a) any actual, successful Security Incident will be reported to Company in writing without unreasonable delay, but in no event later than one (1) business day after becoming aware of such Security Incident, and (b) any attempted, unsuccessful Security Incident that represents a material risk to PHI of which Contractor becomes aware will be reported to Company, upon request by Company, orally or in writing on a reasonable basis, such as through routine reports. If the HIPAA security regulations are amended to remove the requirement to report unsuccessful attempts at unauthorized access, the requirement hereunder to report such unsuccessful attempts will no longer apply as of the effective date of the amendment. 3.1.4 Followingthe discovery of a Breach of Unsecured PHI, notify the Company of such Breach in accordance with 45 C.F.R. § 164.410 without unreasonable delay and in no case later than one (1) day after discovery of the Breach. 3.1.5 Employits best efforts to mitigate any harmful effect of a use or disclosure of Protected Health Information by Contractor in violation of this Addendum. 3.1.6 Obtainand maintain a written agreement with each of its subcontractors, other agents and other third parties to whom it provides Protected Health Information, pursuant to w...
View SourceView Similar (2)
Responsibilities of the Parties With Respect to Protected Health Information. (a) Responsibilities of Covered Entity. With regard to the use and/or disclosure of Protected Health Information by the Business Associate, Covered Entity hereby agrees: (1) to inform the Business Associate of any limitations in the form of notice of privacy practices that Covered Entity provides to individuals pursuant to 45 CFR §164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. (2) to inform the Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose Protected Health Information, to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information. (3) to notify the Business Associate, in writing and in a timely manner, of any restriction on the use or disclosure of Protected Health Information that Covered Entity has agreed to or is required to abide by under 45 CFR §164.522, to the extent that such restriction may impact in any manner the use and/or disclosure of Protected Health Information by the Business Associate under this Agreement. Except if the Business Associate will use or disclose Protected Health Information for (and the Underlying Agreement includes provisions for) data aggregation or management and administration and legal responsibilities of the Business Associate, Covered Entity will not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy and Security Rule if done by the Covered Entity.
View Source
Responsibilities of the Parties With Respect to Protected Health Information. 2.1 Responsibilities of the Business Associate. With regard to its use and/or disclosure of PHI, the Business Associate hereby agrees to do the following: a. use and/or disclose the Protected Health Information only as permitted or required by this BA Agreement or as otherwise required by law. b. report to the designated Privacy Officer of the Covered Entity, in writing, and promptly, but no later than five (5) business days after discovery, of any access to, use or disclosure of PHI not provided for or allowed by this BA Agreement, or any Security Incident, or Breach of Unsecured PHI of which Business Associate becomes aware. For purposes of this BA Agreement, “Security Incident” shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system. “Unsecured Protected Health Information” shall have the meaning as set forth in 45 CFR 164.402. With respect to a Breach of Unsecured Protected Health Information, Business Associate must include in its report to the Covered Entity the information required by 45 CFR 164.410, but must not delay initial notification of the suspected Breach for purposes of collecting such information.
View Source
Responsibilities of the Parties With Respect to Protected Health Information a. FortaTech Security, LLC’s Responsibilities. To the extent FortaTech Security, LLC is acting as a Business Associate, FortaTech Security, LLC agrees to the following:
View Source
Responsibilities of the Parties With Respect to Protected Health Information. 2.1 Responsibilities of the Business Associate. With regard to its use and/or disclosure of Protected Health Information, the Business Associate hereby agrees to do the following: a. use and/or disclose the Protected Health Information only as permitted or required by this Agreement or as otherwise required by law. b. use appropriate safeguards, and comply with 45 CFR Part 164 Subpart C with respect to electronic Protected Health Information, to prevent use or disclosure of Protected Health Information other than as provided for by the Agreement. c. report to the designated Privacy Officer of the Covered Entity, in writing, without unreasonable delay, but no later than five (5) days following Business Associate’s discovery of any use or disclosure of Protected Health Information not provided for by the Agreement of which it becomes aware, including breaches of unsecured Protected Health Information as required at 45 CFR 164.410, and any security incident of which it becomes aware. Business Associate’s report shall include: (i) the identification of each individual whose Protected Health Information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, used, or disclosed during the Breach; (ii) a brief description of what happened, including the date of the Breach and the date of the discovery of the Breach, if known;
View Source
Responsibilities of the Parties With Respect to Protected Health Information 
View SourceView Similar (17)

Related to Responsibilities of the Parties With Respect to Protected Health Information

  • ACCESS TO PROTECTED HEALTH INFORMATION 7.1 To the extent Covered Entity determines that Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within two (2) business days after receipt of a request from Covered Entity, make the Protected Health Information specified by Covered Entity available to the Individual(s) identified by Covered Entity as being entitled to access and shall provide such Individuals(s) or other person(s) designated by Covered Entity with a copy the specified Protected Health Information, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.524. 7.2 If any Individual requests access to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate shall notify Covered Entity in writing within two (2) days of the receipt of the request. Whether access shall be provided or denied shall be determined by Covered Entity. 7.3 To the extent that Business Associate maintains Protected Health Information that is subject to access as set forth above in one or more Designated Record Sets electronically and if the Individual requests an electronic copy of such information, Business Associate shall provide the Individual with access to the Protected Health Information in the electronic form and format requested by the Individual, if it is readily producible in such form and format; or, if not, in a readable electronic form and format as agreed to by Covered Entity and the Individual.

  • Amendment of Protected Health Information 8.1 To the extent Covered Entity determines that any Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within ten (10) business days after receipt of a written request from Covered Entity, make any amendments to such Protected Health Information that are requested by Covered Entity, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.526. 8.2 If any Individual requests an amendment to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate shall notify Covered Entity in writing within five (5) days of the receipt of the request. Whether an amendment shall be granted or denied shall be determined by Covered Entity.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

  • Electronic Protected Health Information “Electronic Protected Health Information” (“EPHI”) means individually identifiable health information that is transmitted or maintained in electronic media, limited to the information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity.