Orange County NC Website
Browse       Search
UNCH #92 <br />Electronic Protected Health Information set out in 45 CFR part 160 and part 164, <br />subparts A and E. <br />e. "Protected Health Information" shall have the same meaning as the term "protected <br />health information" in 45 CFR 160.103, limited to the information created or received by <br />Business Associate from or on behalf of Covered Entity. <br />f. "Required By Law" shall have the same meaning as the term "required by law" in 45 <br />CFR 164.103. <br />g. "Secretary" shall mean the Secretary of the United States Department of Health and <br />Human Services or his designee. <br />h. "Security Incident" shall have the same meaning as the term "security incident' in 45 <br />CFR 164.304. <br />i. Unless otherwise defined in this Agreement, terms used herein shall have the same <br />meaning as those terms have in the Privacy and Security Rules. <br />3. OBLIGATIONS OF BUSINESS ASSOCIATE <br />a. Business Associate agrees to not use or disclose electronic protected health information <br />or other protected health information other than as permitted or required by this <br />Agreement or as required by law. <br />b. Business Associate agrees to implement administrative, physical, and technical <br />safeguards that reasonably and appropriately protect the confidentiality, integrity, and <br />availability of the electronic protected health information and other protected health <br />information that it creates, receives, maintains, or transmits on behalf of Covered Entity, <br />as required by the Privacy and Security Rules. <br />c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is <br />known to Business Associate of a use or disclosure of electronic protected health <br />information or other protected health information by Business Associate in violation of <br />the requirements of this Agreement. <br />d. Business Associate agrees to report to Covered Entity (i) any use or disclosure of <br />electronic protected health information or other protected health information not <br />provided for by this Agreement of which it becomes aware and (ii) any security incident <br />of which it becomes aware. <br />e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it <br />provides electronic protected health information and/or other protected health <br />information received from, or created or received by Business Associate on behalf of <br />Covered Entity (i) agrees to be bound by the same restrictions and conditions that apply <br />through this Agreement to Business Associate with respect to such information, and (ii) <br />agrees to implement reasonable and appropriate safeguards to protect such information. <br />f. Business Associate agrees to provide access, at the request of Covered Entity, to <br />electronic protected health information and other protected health information in a <br />Designated Record Set to Covered Entity or, as directed by Covered Entity, to an <br />individual in order to meet the requirements under 45 CFR 164.524. <br />g. Business Associate agrees, at the request of Covered Entity, to make any amendment(s) <br />to electronic protected health information and other protected health information in a <br />