Use and Disclosure of Protected Health Information. Except as otherwise provided in this BAA, the Business Associate may use or disclose Protected Health Information (“PHI”) to perform functions, activities or services for or on behalf of the Covered Entity as specified in the Agreement, provided that such use or disclosure would not violate HIPAA and its implementing regulations if done by the Covered Entity. The Business Associate may use and disclose the minimum necessary PHI for its proper management, administrative, and legal responsibilities as follows: A. The Business Associate may use the minimum necessary PHI for the Business Associate’s proper management and administration, or to carry out Business Associate’s legal responsibilities. B. The Business Associate may disclose the minimum necessary PHI for the Business Associate’s proper management and administration, or to carry out the Business Associate’s legal responsibilities only if: (1) The disclosure is required by law; or (2) The Business Associate obtains reasonable assurances, evidenced in writing, from the person to whom the PHI is being disclosed that the PHI will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person; and (3) The person promptly notifies the Business Associate (who will in turn promptly notify the Covered Entity) of any instances of which it is aware in which the confidentiality of the PHI has been breached.
Appears in 6 contracts
Sources: Services Agreement, Services Agreement, Services Agreement