Orange County NC Website
The term "Unsecured Protected Health Information" means Protected Health Information that is not <br /> rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a <br /> technology or methodology specified by the Secretary in guidance published in the Federal Register at 74 <br /> Fed. Reg. 19006 on April 27,2009 and in annual guidance published thereafter. <br /> 11. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE <br /> a. Business Associate may use or disclose Protected Health Information to perform <br /> functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreements, <br /> provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by <br /> Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act <br /> specifying what constitutes"minimum necessary"for purposes of the HIPAA Privacy and Security Rules, <br /> Business Associate shall, to the extent practicable, disclose only Protected Health Information that is <br /> contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security <br /> Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain <br /> direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business <br /> Associate may disclose only the minimum necessary amount of Protected Health Information to <br /> accomplish the intended purpose of the disclosure. <br /> b. Business Associate may use Protected Health Information in its possession for its proper <br /> management and administration and to fulfill any present or future legal responsibilities of Business <br /> Associate,provided that such uses are permitted under state and federal confidentiality laws. <br /> C. Business Associate may disclose Protected Health Information in its possession to third <br /> parties for the purposes of its proper management and administration or to fulfill any present or future <br /> legal responsibilities of Business Associate,provided that: <br /> 1. the disclosures are required by law; or <br /> 2. Business Associate obtains reasonable assurances from the third parties to whom <br /> the Protected Health Information is disclosed that the information will remain confidential and be <br /> used or further disclosed only as required by law or for the purpose for which it was disclosed to <br /> the third party, and that such third parties will notify Business Associate of any instances of <br /> which they are aware in which the confidentiality of the information has been breached. <br /> d. Until such time as the Secretary issues regulations pursuant to the HITECH Act <br /> specifying what constitutes"minimum necessary"for purposes of the HIPAA Privacy and Security Rules, <br /> Business Associate shall, to the extent practicable, access, use, and request only Protected Health <br /> Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA <br /> Privacy and Security Rules), unless Business Associate requires certain direct identifiers in order to <br /> accomplish the intended purpose of the access, use, or request, in which event Business Associate may <br /> access, use, or request only the minimum necessary amount of Protected Health Information to <br /> accomplish the intended purpose of the access, use, or request. Covered Entity shall determine what <br /> quantum of information constitutes the "minimum necessary" amount for Business Associate to <br /> accomplish its intended purposes. <br /> Ill. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br /> a. Business Associate acknowledges and agrees that all Protected Health Information that is <br /> created or received by Covered Entity and disclosed or made available in any form, including paper <br /> record, oral communication, audio recording, and electronic display by Covered Entity or its operating <br /> 3 <br />