Security Restrictions on Business Associate Clause Samples

The 'Security Restrictions on Business Associate' clause defines the obligations of a business associate to implement and maintain specific security measures when handling sensitive information, typically protected health information (PHI) under HIPAA. This clause requires the business associate to use administrative, physical, and technical safeguards to prevent unauthorized access, use, or disclosure of such information. For example, it may mandate encryption of data, access controls, and regular security audits. Its core function is to ensure that third parties entrusted with confidential data uphold stringent security standards, thereby reducing the risk of data breaches and ensuring compliance with applicable privacy laws.
Security Restrictions on Business Associate 
View SourceView Similar (13)

Related to Security Restrictions on Business Associate

  • Restrictions on Business There shall be no restrictions on the business that Amalco may carry on.

  • Business Associate Obligations Business Associate agrees to comply with applicable federal confidentiality and security laws, specifically the provisions of the HIPAA Rules and the HITECH Act applicable to business associates, including: 2.1 Use and Disclosure of PHI. Except as otherwise permitted by this Agreement, the HIPAA Rules, or applicable law, Business Associate shall not make any uses or disclosures of PHI except as necessary to provide services to, or on behalf of, Covered Entity as described in the Underlying Agreement, and shall not use or disclose PHI that would violate the HIPAA Rules or HITECH Act if used or disclosed by Covered Entity; provided, however, Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities, consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate may not use or disclose PHI which it creates, receives, maintains or transmits for or on behalf of the Covered Entity for any purpose except as otherwise provided by the Agreement and this BAA. Business Associate agrees to review and understand any state privacy and security laws to the extent that such laws are not preempted by HIPAA, as may be amended from time to time. Business Associate acknowledges that it shall comply specifically with the HIPAA Security Rule, and, to the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under the Privacy Rule, it shall comply with the requirements of the Privacy Rule which apply to Covered Entity in the performance of such obligation(s). Business Associate shall in such cases: 2.1.1 provide information to members of its workforce using or disclosing PHI regarding the confidentiality requirements in the HIPAA Rules and this Agreement; 2.1.2 obtain reasonable assurances, in writing from the person or entity to whom the PHI is disclosed that: (i) the PHI will be held in confidence and further used and disclosed only as required by law or for the purpose for which it was disclosed to the person or entity; and (ii) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and 2.1.3 agree to notify the Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules or HITECH Act. 2.2 Marketing; Sale of PHI. Business Associate may not use or disclose PHI for marketing purposes. Marketing includes any communication which would encourage the recipient to use or purchase a product or service. Business Associate may not use or disclose PHI where it has directly or indirectly received remuneration, financial or otherwise, from or on behalf of the recipient of the PHI in exchange for the PHI. “Sale” is not limited to circumstances where a transfer of ownership occurs, and would include access, license or lease agreements.

  • Lobbying Restrictions The Recipient will comply, as applicable, with provisions of the Hatch Act (5 U.S.C. §§ 1501- 1508 and 7324-7328) which limits the political activities of employees whose principal employment activities are funded in whole or in part with Federal funds. The Recipient will comply with provisions of 31 U.S.C § 1352. This provision generally prohibits the use of Federal funds for lobbying in the Executive or Legislative Branches of the Federal Government in connection with the award, and requires disclosure of the use of non-Federal funds for lobbying. The Recipient shall submit, at the time of application, a completed “Certification Regarding Lobbying” form, regardless of dollar value. If applicable, the Recipient receiving in excess of $100,000.00 in Federal funding shall submit a completed Standard Form (SF-LLL), “Disclosure of Lobbying Activities” for any persons engaged in lobbying activities, as discussed at 31 U.S. Code § 1352 – Limitation on use of appropriated funds to influence certain Federal contracting and financial transactions. The form concerns the use of non-Federal funds for lobbying within 30 days following the end of the calendar quarter in which there occurs any event that requires disclosure or that materially affects the accuracy of the information contained in any disclosure form previously filed. If the Recipient must submit the SF-LLL, including those received from sub-recipients, contractors, and subcontractors, to the Grants Officer.

  • Use Restrictions (a) Company will not do or attempt to do, and Company will not permit any other person or entity to do or attempt to do, any of the following, directly or indirectly: (i) use any Proprietary Item for any purpose, at any location or in any manner not specifically authorized by this Agreement; (ii) make or retain any copy of any Proprietary Item except as specifically authorized by this Agreement; (iii) create, recreate or obtain the source code for any Proprietary Item; (iv) refer to or otherwise use any Proprietary Item as part of any effort to develop other software, programs, applications, interfaces or functionalities or to compete with BNYM or a Third Party Provider; (v) modify, adapt, translate or create derivative works based upon any Proprietary Item, or combine or merge any Proprietary Item or part thereof with or into any other product or service not provided for in this Agreement and not authorized in writing by BNYM; (vi) remove, erase or tamper with any copyright or other proprietary notice printed or stamped on, affixed to, or encoded or recorded in any Proprietary Item, or fail to preserve all copyright and other proprietary notices in any copy of any Proprietary Item made by Company; (vii) sell, transfer, assign or otherwise convey in any manner any ownership interest or Intellectual Property Right of BNYM, or market, license, sublicense, distribute or otherwise grant, or subcontract or delegate to any other person, including outsourcers, vendors, consultants, joint venturers and partners, any right to access or use any Proprietary Item, whether on Company’s behalf or otherwise; (viii) subcontract for or delegate the performance of any act or function involved in accessing or using any Proprietary Item, whether on Company’s behalf or otherwise; (ix) reverse engineer, re-engineer, decrypt, disassemble, decompile, decipher, reconstruct, re-orient or modify the circuit design, algorithms, logic, source code, object code or program code or any other properties, attributes, features or constituent parts of any Proprietary Item; (x) take any action that would challenge, contest, impair or otherwise adversely effect an ownership interest or Intellectual Property Right of BNYM; (xi) use any Proprietary Item to provide remote processing, network processing, network communications, a service bureau or time sharing operation, or services similar to any of the foregoing to any person or entity, whether on a fee basis or otherwise; (xii) allow Harmful Code into any Proprietary Item, as applicable, or into any interface or other software or program provided by it to BNYM, through Company’s systems or personnel or Company’s use of the Licensed Services or Company’s activities in connection with this Agreement. (b) Company shall, promptly after becoming aware of such, notify BNYM of any facts, circumstances or events regarding its or a Permitted User’s use of the Licensed System that are reasonably likely to constitute or result in a breach of this Section 2.12, and take all reasonable steps requested by BNYM to prevent, control, remediate or remedy any such facts, circumstances or events or any future occurrence of such facts, circumstances or events.

  • Obligations of Business Associate a. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this Agreement or as Required By Law. b. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. f. Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524. g. Business Associate agrees, at the request of the Covered Entity, to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526. h. Unless otherwise prohibited by law, Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Davidson County Department of Social Services, in a time and manner designated by the Secretary, for purposes of the Davidson County Department of Social Services determining Covered Entity's compliance with the Privacy Rule. i. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528, and to provide this information to Covered Entity or an Individual to permit such a response.