Browse
Search
2012-417 EMS - EMS Management & Consultants for Update Business Associate Agreement in ref to HIPAA
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2010's
>
2012
>
2012-417 EMS - EMS Management & Consultants for Update Business Associate Agreement in ref to HIPAA
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/8/2013 3:32:21 PM
Creation date
1/8/2013 3:32:18 PM
Metadata
Fields
Template:
BOCC
Date
1/4/2013
Meeting Type
Work Session
Document Type
Agreement
Agenda Item
Manager Signed
Document Relationships
2012-417 S EMS - EMS Management & Consultants for Update Business Associate Agreement in ref to HIPAA
(Linked From)
Path:
\Board of County Commissioners\Contracts and Agreements\Contract Routing Sheets\Routing Sheets\2012
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
first obtaining the written authorization of the individual or the individual's representative,unless: <br /> 1. such payment is for a communication regarding a drug or biologic currently <br /> prescribed for the individual and is reasonable in amount(as defined by the Secretary); or <br /> 2. the communication is made on behalf of Covered Entity and is consistent with <br /> the terms of this Agreement. <br /> in. Business Associate agrees that if it uses or discloses patients' Protected Health <br /> Information for marketing purposes, it will obtain such patients' authorization before making any such <br /> use or disclosure. <br /> IV. BUSINESS ASSOCIATE'S MITIGATION AND BREACH NOTIFICATION OBLIGATIONS <br /> a. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is <br /> known to Business Associate of a use or disclosure of Protected Health Information by Business <br /> Associate in violation of the requirements of this Agreement. <br /> b. Following the discovery of a Breach of Unsecured Protected Health Information, <br /> Business Associate shall notify Covered Entity of such Breach without unreasonable delay and in no case <br /> later than forty-five (45) calendar days after discovery of the Breach. A Breach shall be treated as <br /> discovered by Business Associate as of the first day on which such Breach is known to Business <br /> Associate or, through the exercise of reasonable diligence, would have been known to Business <br /> Associate. <br /> C. Notwithstanding the provisions of Section IV.b., above, if a law enforcement official <br /> states to Business Associate that notification of a Breach would impede a criminal investigation or cause <br /> damage to national security,then: <br /> 1. if the statement is in writing and specifies the time for which a delay is required, <br /> Business Associate shall delay such notification for the time period specified by the official; or <br /> 2. if the statement is made orally, Business Associate shall document the statement, <br /> including the identity of the official making it, and delay such notification for no longer than <br /> thirty (30) days from the date of the oral statement unless the official submits a written statement <br /> during that time. <br /> Following the period of time specified by the official,Business Associate shall promptly deliver a copy of <br /> the official's statement to Covered Entity. <br /> d. The Breach notification provided shall include,to the extent possible: <br /> 1. the identification of each individual whose Unsecured Protected Health <br /> Information has been, or is reasonably believed by Business Associate to have been, accessed, <br /> acquired,used,or disclosed during the Breach; <br /> 2. a brief description of what happened, including the date of the Breach and the <br /> date of discovery of the Breach, if known; <br /> 3. a description of the types of Unsecured Protected Health Information that were <br /> involved in the Breach (such as whether full name, social security number, date of birth, home <br /> 6 <br />
The URL can be used to link to this page
Your browser does not support the video tag.