Use or Disclosure of PHI Clause Samples

Use or Disclosure of PHI. A. Outside Entity shall not use or disclose PHI received from ESSENTIA HEALTH in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA. Outside Entity shall ensure that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of ESSENTIA HEALTH only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed through the System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other patient care records, or as required by state and federal law. B. Outside Entity agrees to implement and utilize the System and shall provide ESSENTIA HEALTH with access to a patient’s EHR that is created, maintained, transmitted, or received using the System when such patient is also a patient of ESSENTIA HEALTH solely for the purposes of treatment, payment, or health care operations to the extent permitted without patient authorization by HIPAA. Outside Entity shall use the System in accordance with any network security policies issued by ESSENTIA HEALTH from time to time. C. ESSENTIA HEALTH and Outside Entity shall comply in all material respects with the standards for privacy of individually identifiable health information of the Administrative Simplification subtitle of HIPAA. ESSENTIA HEALTH and Outside Entity recognize their status as “covered entities” under HIPAA and agree to carry out their responsibilities under this Agreement in accordance with such status.

Use or Disclosure of PHI. (a) Outside Entity shall not use or disclose protected health information, as defined by HIPAA (“PHI”), accessed using EpicCare Link or otherwise received from Baptist in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA. Outside Entity shall ensure that its directors, officers, employees, contractors, and agents use or disclose PHI accessed or received through EpicCare Link only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement and applicable state and federal laws. Outside Entity further agrees that all information accessed through EpicCare Link will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other patient care records, and as required by state and federal law. Outside Entity shall not release or disclose such information to any third-party unless authorized to do so by the patient or HIPAA, or required to do so by a valid court order or subpoena, consistent with HIPAA and other applicable law. (b) Outside Entity agrees to respond to Baptist’s reasonable requests for access to patient information for patients who are also patients of Baptist solely for the purposes of treatment, payment, or healthcare operations to the extent permitted without patient authorization by HIPAA. (c) Outside Entity shall access and use EpicCare Link in accordance with any network security policies issued by Baptist from time to time. (d) Baptist and Outside Entity shall comply with the standards for privacy of Individually identifiable health information of HIPAA. Baptist and Outside Entity recognize their status as “covered entities” under HIPAA and agree to carry out their responsibilities under this Agreement in accordance with such status. Outside Entity agrees to establish policies and procedures within Outside Entity to prevent the unauthorized use or disclosure of PHI. (e) Consistent with HIPAA requirements set forth at 45 CFR § 164.506(c)(4), Outside Entity agrees that if the purpose of Outside Entity’s access is for its own “health care operations” purposes as defined by HIPAA at 45 CFR 164.501, Outside Entity shall only access a patient’s EHR if the Outside Entity has or had a relationship (as Outside Entity’s patient or member) with the patient who is the subject of the PHI being requested, the PHI pertains to ...

Use or Disclosure of PHI. Only the minimum necessary PHI to accomplish the intended purpose of this Agreement can be used or disclosed. COUNTY shall not use or disclose PHI received from MEMBER in any manner that would constitute a violation of applicable state and federal law, including, but not limited to, HIPAA. COUNTY shall ensure that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of, MEMBER only in accordance with the provisions of this Agreement and state and federal law. COUNTY shall not disclose PHI in any manner other than that permitted by this Agreement. COUNTY further agrees that all information accessed through OCHIN Link will be maintained in the strictest confidentiality and in the same manner as COUNTY safeguards the confidentiality of other PHI and as required by state and federal law.

Use or Disclosure of PHI. The Facility may use and/or disclose your PHI for purposes related to your care, payment for your care, and health care operations of the Facility. The following are examples of the types of uses and/or disclosures of your PHI that may occur. These examples are not meant to include all possible types of use and/or disclosure.

Use or Disclosure of PHI. Only the minimum necessary PHI to accomplish the intended purpose of this agreement can be used or disclosed. Outside Entity shall not use or disclose PHI received from UW Medicine in any manner that would constitute a violation of federal or Washington State law, including but not limited to the Health Insurance Portability and Accountability Act and any regulations enacted pursuant to its provisions (“HIPAA Standards”) or applicable provisions of Washington state law (including but not limited to: RCW 70.02 Medical Records — Health Care Information Access And Disclosure). Outside Entity shall ensure that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of UW Medicine only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than that permitted by this Agreement. Outside Entity further agrees that all information accessed through the UW Medicine Information System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of their PHI and as required by state and federal law.

Use or Disclosure of PHI. A. Neither Site User nor any Authorized User shall use or disclose protected health information (“PHI”) obtained through AHS CARELINK in any manner that would constitute a violation of federal law, including, but not limited to, HIPAA, or state law, including but not limited to state laws governing specially protected PHI, such as mental health information and HIV information. Site User shall ensure that its directors, officers, employees, contractors, representatives and agents, or those to whom Site User grants access pursuant to this Agreement, use (access) and disclose PHI obtained through AHS CARELINK only in accordance with the provisions of this Agreement and federal and state law. Site User shall not disclose PHI in any manner other than as permitted by this Agreement. Site User further agrees that all information accessed through AHS CARELINK will be maintained in the strictest confidentiality and in the same manner as Site User safeguards the confidentiality of other patient care records, or as required by state and federal law. B. Site User and each Authorized User agree to implement and utilize AHS CARELINK solely for the purposes of treatment, payment related activities, and/or limited health care operations (e.g., case management and care coordination) relevant to their mutual patient, or other Approved Activities, as appropriate, to the extent permitted without patient authorization by HIPPA. C. Site User agrees that it will implement all appropriate technical, administrative and physical safeguards to prevent unauthorized use or disclosure of PHI. Site User agrees to comply with all federal and state laws and regulations regarding privacy, security, and electronic exchange of health information, as currently enacted or amended in the future. D. Site User shall use AHS CARELINK to access patient records consistent with the minimum necessary requirements of HIPAA and its implementing regulations. Site User is solely responsible for ensuring that its Authorized Users request and access only the minimum necessary information relevant to carrying out their duties to the patients at issue. E. The duties outlined in this Section 2 shall survive the termination of this Agreement.

Use or Disclosure of PHI. A. Outside Entity shall not use or disclose PHI received from UC Health, through the System or otherwise, or created or received on behalf of UC Health, in any manner that would constitute a violation of federal or state law, including, but not limited to, HIPAA, or that would conflict with the IRB approved protocol or research agreement. Outside Entity shall ensure that its executives, directors, officers, employees, contractors, subcontractors, Authorized Users, and agents (“Key Personnel”) use or disclose PHI received from UC Health, through the System or otherwise, or created or received on behalf of UC Health, only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed through the System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other Study Participant care records and as required by state and federal law. B. UC Health will provide Outside Entity with access to a Study Participant’s EHR that is created, maintained, transmitted, or received using the System solely for the purposes of research activities as permitted by HIPAA, FDA and federal human subject guidelines. Outside Entity shall use the System in accordance with all security policies and best practices necessary to maintain HIPAA Privacy and Security compliance, and compliance with IRB approved protocol or research agreement. C. UC Health and Outside Entity shall comply in all material respects with the standards for privacy, security, and electronic transmission of individually identifiable health information of the Administrative Simplification subtitle of HIPAA. Outside Entity recognizes UC Health’s status as a “covered entity” under HIPAA and agrees to carry out its responsibilities under this Agreement in accordance with such status.

Use or Disclosure of PHI. Except as otherwise limited in this BAA, Contractor may use or disclose PHI to perform functions activities, or services for, or on behalf of, CommonSpirit as specified in the Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by CommonSpirit or the minimum necessary policies and procedures of CommonSpirit.

Use or Disclosure of PHI. Except as otherwise limited in this BAA, Covered Entity may use or disclose PHI to perform functions activities, or services for, or on behalf of, Business Associate as specified in the Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Business Associate.