Browse
Search
Agenda - 05-19-2009 - 4l
OrangeCountyNC
>
Board of County Commissioners
>
BOCC Agendas
>
2000's
>
2009
>
Agenda - 05-19-2009
>
Agenda - 05-19-2009 - 4l
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/29/2009 9:43:39 AM
Creation date
5/18/2009 12:12:03 PM
Metadata
Fields
Template:
BOCC
Date
5/19/2009
Meeting Type
Regular Meeting
Document Type
Agenda
Agenda Item
4l
Document Relationships
2009-052 DSS - UNC Hospitals Madicaid Program
(Linked From)
Path:
\Board of County Commissioners\Contracts and Agreements\General Contracts and Agreements\2000's\2009
Minutes - 20090519
(Linked From)
Path:
\Board of County Commissioners\Minutes - Approved\2000's\2009
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
19
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
ensure that its employees' actions or omissions do not cause Business Associate to <br />breach the terms of this Agreement. <br />(b) Notwithstanding the prohibitions set forth in this Agreement, Business Associate may <br />use and disclose Protected Health Information as follows: <br />(i) if necessary, for the proper management and administration of Business <br />Associate or to carry out the legal responsibilities of Business Associate, provided that <br />as to any such disclosure, the following requirements are met: <br />(A) the disclosure is required by law; or <br />(B) Business Associate obtains reasonable assurances from the <br />person to whom the information is disclosed that it will be held confidentially and <br />used or further disclosed only as required by law or for the purpose for which it <br />was disclosed to the person, and the person notifies Business Associate of any <br />instances of which it is aware in which the confidentiality of the information has <br />been breached; <br />(ii) for data aggregation services, if to be provided by Business Associate for <br />the health care operations of Covered Entity pursuant to any agreements between the <br />Parties evidencing their business relationship. For purposes of this Agreement, data <br />aggregation services means the combining of Protected Health Information by Business <br />Associate with the protected health information received by Business Associate in its <br />capacity as a business associate of another covered entity, to permit data analyses that <br />relate to the health care operations of the respective covered entities. <br />(c) Business Associate will implement appropriate safeguards to prevent use or disclosure <br />of Protected Health Information other than as permitted in this Agreement. Business Associate will <br />implement administrative, physical, and technical safeguards that reasonably and appropriately protect <br />the confidentiality, integrity, and availability of any Electronic Protected Health Information that it <br />creates, receives, maintains, or transmits on behalf of Covered Entity as required by the HIPAA <br />Security and Privacy Rule. <br />(d) The Secretary of Health and Human Services shall have the right to audit Business <br />Associate's records and practices related to use and disclosure of Protected Health Information to <br />ensure Covered Entity's compliance with the terms of the HIPAA Security and Privacy Rule. <br />(e) Business Associate shall report to Covered Entity (see Exhibit B) any use or disclosure <br />of Protected Health Information which is not in compliance with the terms of this Agreement, as well as <br />any Security Incident, of which it becomes aware within forty-eight (48) hours of such discovery. For <br />purposes of this Agreement, "Security Incident" means the attempted or successful unauthorized <br />access, use, disclosure, modification, or destruction of information or interference with system <br />operations in an information system. In addition, Business Associate agrees to mitigate, to the extent <br />practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected <br />Health Information by Business Associate in violation of the requirements of this Agreement, as well as <br />to provide complete cooperation to Covered Entity should Covered Entity elect to review or investigate <br />such noncompliance or Security Incident. Business Associate shall indemnify and hold harmless <br />Covered Entity for any injury or damages arising from any noncompliance or Security Incident <br />attributable to the negligence of Business Associate, including the failure to execute the terms of this <br />Agreement. <br />III. AVAILABILITY OF PHI <br />
The URL can be used to link to this page
Your browser does not support the video tag.