Orange County NC Website
Browse       Search
Contract #68-2005 <br />Arcadia Health Services, Inc. <br />f. "Required By Law" shall have the same meaning as the term "required by law" in 45 <br />CFR 164.103. <br />g. "Secretary" shall mean the Secretary of the United States Department of Health and <br />Human Services or his designee. <br />h. "Security Incident" shall have the same meaning as the term "security incident" in 45 <br />CFR 164.304. <br />i. Unless otherwise defined in this Agreement, terms used herein shall have the same <br />meaning as those terms have in the Privacy and Security Rules. <br />3. OBLIGATIONS OF BUSINESS ASSOCIATE <br />a. Business Associate agrees to not use or disclose electronic protected health information <br />or other protected health information other than as permitted or required by this <br />Agreement or as required by law. <br />b. Business Associate agrees to implement administrative, physical, and technical <br />safeguards that reasonably and appropriately protect the confidentiality, integrity, and <br />availability of the electronic protected health information and other protected health <br />information that it creates, receives, maintains, or transmits on behalf of Covered Entity, <br />as required by the Privacy and Security Rules. <br />c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is <br />known to Business Associate of a use or disclosure of electronic protected health <br />information or other protected health information by Business Associate in violation of <br />the requirements of this Agreement. <br />d. Business Associate agrees to report to Covered Entity (i) any use or disclosure of <br />electronic protected health information or other protected health information not provided <br />for by this Agreement of which it becomes aware and (ii) any security incident of which <br />it becomes aware. <br />e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it <br />provides electronic protected health information and/or other protected health <br />information received from, or created or received by Business Associate on behalf of <br />Covered Entity (i) agrees to be bound by the same restrictions and conditions that apply <br />through this Agreement to Business Associate with respect to such information, and (ii) <br />agrees to implement reasonable and appropriate safeguards to protect such information. <br />f. Business Associate agrees to provide access, at the request of Covered Entity, to <br />electronic protected health information and other protected health information in a <br />Designated Record Set to Covered Entity or, as directed by Covered Entity, to an <br />individual in order to meet the requirements under 45 CFR 164.524. <br />g. Business Associate agrees, at the request of Covered Entity, to make any amendment(s) <br />to electronic protected health information and other protected health information in a <br />Designated Record Set that Covered Entity directs or agrees to pursuant to 45 CFR <br />164.526. <br />h. Unless otherwise prohibited by law, Business Associate agrees to make internal practices, <br />books, and records, including policies and procedures concerning electronic protected <br />health information and other protected health information, relating to the use and <br />disclosure of electronic protected health information and other protected health <br />information received from, or created or received by Business Associate on behalf of, <br />Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner <br />Contract-Scope of Work (07/08) Page 2of 5 <br />