Browse
Search
2012-417 EMS - EMS Management & Consultants for Update Business Associate Agreement in ref to HIPAA $0
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2010's
>
2012
>
2012-417 EMS - EMS Management & Consultants for Update Business Associate Agreement in ref to HIPAA $0
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/3/2013 12:47:17 PM
Creation date
1/3/2013 12:47:15 PM
Metadata
Fields
Template:
BOCC
Date
12/28/2012
Meeting Type
Work Session
Document Type
Agreement
Agenda Item
Mgr Signed
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
The term "Unsecured Protected Health Information" means Protected Health Information that is not <br /> rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a <br /> technology or methodology specified by the Secretary in guidance published in the Federal Register at 74 <br /> Fed.Reg. 19006 on April 27, 2009 and in annual guidance published thereafter. <br /> 11. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE <br /> a. Business Associate may use or disclose Protected Health Information to perform <br /> functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreements, <br /> provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by <br /> Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act <br /> specifying what constitutes"minimum necessary"for purposes of the HIPAA Privacy and Security Rules, <br /> Business Associate shall, to the extent practicable, disclose only Protected Health Information that is <br /> contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security <br /> Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain <br /> direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business <br /> Associate may disclose only the minimum necessary amount of Protected Health Information to <br /> accomplish the intended purpose of the disclosure. <br /> b. Business Associate may use Protected Health Information in its possession for its proper <br /> management and administration and to fulfill any present or future legal responsibilities of Business <br /> Associate,provided that such uses are permitted under state and federal confidentiality laws. <br /> C. Business Associate may disclose Protected Health Information in its possession to third <br /> parties for the purposes of its proper management and administration or to fulfill any present or future <br /> legal responsibilities of Business Associate,provided that: <br /> 1. the disclosures are required by law; or <br /> 2. Business Associate obtains reasonable assurances from the third parties to whom <br /> the Protected Health Information is disclosed that the information will remain confidential and be <br /> used or further disclosed only as required by law or for the purpose for which it was disclosed to <br /> the third party, and that such third parties will notify Business Associate of any instances of <br /> which they are aware in which the confidentiality of the information has been breached. <br /> d. Until such time as the Secretary issues regulations pursuant to the HITECH Act <br /> specifying what constitutes"minimum necessary"for purposes of the HIPAA Privacy and Security Rules, <br /> Business Associate shall, to the extent practicable, access, use, and request only Protected Health <br /> Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA <br /> Privacy and Security Rules), unless Business Associate requires certain direct identifiers in order to <br /> accomplish the intended purpose of the access, use, or request, in which event Business Associate may <br /> access, use, or request only the minimum necessary amount of Protected Health Information to <br /> accomplish the intended purpose of the access, use, or request. Covered Entity shall determine what <br /> quantum of information constitutes the "minimum necessary" amount for Business Associate to <br /> accomplish its intended purposes. <br /> III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br /> a. Business Associate acknowledges and agrees that all Protected Health Information that is <br /> created or received by Covered Entity and disclosed or made available in any form, including paper <br /> record, oral communication, audio recording, and electronic display by Covered Entity or its operating <br /> 3 <br />
The URL can be used to link to this page
Your browser does not support the video tag.