Orange County NC Website
Browse       Search
The term "Protected Health Information" means individually identifiable health information <br />including, without limitation, all information, data, documentation, and materials, including <br />without limitation, demographic, medical and financial information, that relates to the past, <br />present, or future physical or mental health or condition of an individual; the provision of health <br />care to an individual; or the past, present, or future payment for the provision of health care to <br />an individual; and that identifies the individual or with respect to which there is a reasonable <br />basis to believe the information can be used to identify the individual. "Protected Health <br />Information" includes without limitation "Electronic Protected Health Information" as defined <br />below. <br />The term "Electronic Protected Health Information" means Protected Health Information which is <br />transmitted by Electronic Media (as defined in the HIPAA Security and Privacy Rule) or <br />maintained in Electronic Media. <br />Business Associate acknowledges and agrees that all Protected Health Information that is <br />created or received by Covered Entity and disclosed or made available in any form, including <br />paper record, oral communication, audio recording, and electronic display by Covered Entity or <br />its operating units to Business Associate or is created or received by Business Associate on <br />Covered Entity's behalf shall be subject to this Agreement. <br />CONFIDENTIALITY AND SECURITY REQUIREMENTS <br />(a) Business Associate agrees: <br />(i) to use or disclose any Protected Health Information solely: (1) for <br />meeting its obligations as set forth in any agreements between the Parties <br />evidencing their business relationship, or (2) as required by applicable law, rule <br />or regulation, or by accrediting or credentialing organization to whom Covered <br />Entity is required to disclose such information or as otherwise permitted under <br />this Agreement, the Arrangement Agreement (if consistent with this Agreement <br />and the HIPAA Security and Privacy Rule), or the HIPAA Security and Privacy <br />Rule, and (3) as would be permitted by the HIPAA Security and Privacy Rule if <br />such use or disclosure were made by Covered Entity; <br />(ii) to account for certain disclosures of Protected Health Information <br />as required by Section 164.528 of the HIPAA Security and Privacy Rule. A copy <br />of Covered Entity's policy regarding accounting of disclosures is available at <br />http~//www.med.unc.edu/security/hipaa/documents/d13.pdf ; <br />(iii) to provide appropriate HIPAA training to its personnel within thirty <br />days of the date of this agreement as follows: (1) general HIPAA training for all <br />of Business Associate's personnel, and (2) Business Associate will compare the <br />UNC HCS policies and procedures outlined in the training materials to the <br />general HIPAA training provided by the Business Associate to its personnel, and, <br />if there are material differences, will train all of its personnel who service the UNC <br />HCS account on those different policies/procedures. (Business Associate may <br />obtain a copy of the UNC HCS training materials at <br />http~//www unchealthcare.org/site/hipaa Internet); <br />(iv) at termination of this Agreement, the Arrangement Agreement (or <br />any similar documentation of the business relationship of the Parties), or upon <br />request of Covered Entity, whichever occurs first, if feasible, Business Associate <br />will return or destroy all Protected Health Information received from or created or <br />received by Business Associate on behalf of Covered Entity that Business <br />Associate still maintains in any form and retain no copies of such information, or <br />