Orange County NC Website
Browse       Search
(h) Security Incident shall mean the attempted or successful unauthorized <br /> access, use, Disclosure, modification, or destruction of information or interference with System <br /> operations in an information system. <br /> (i) Security Rule means the Security Standards and Implementation <br /> Specifications at 45 C.F.R part 160 and part 164,subpart C. <br /> (j) Unsecured Protected Health Information shall mean Protected Health <br /> Information that is not rendered unusable, unreadable, or indecipherable to unauthorized <br /> individuals through the use of a technology or methodology specified by the Secretary in <br /> guidance published at 74 Fed. Reg. 19006 (April 27, 2009), and in any additional guidance <br /> published thereafter. <br /> 4. PERMITTED USES and DISCLOSURES. <br /> (a) NC HIE may use and Disclose PHI on behalf of Covered Entity <br /> Participants in accordance with the terms and conditions of any applicable Subscription <br /> Agreement and this Agreement, and, if necessary: (i) for the proper management and <br /> administration of NC HIE; and (ii) to carry out the legal responsibilities of NC HIE, provided <br /> that in each such instance,NC HIE may only disclose PHI if. (i) the disclosure is Required By <br /> Law;or(ii)NC HIE obtains reasonable assurances from the person or entity to whom the PHI is <br /> disclosed that such PHI will remain confidential and will be used or further disclosed only as <br /> Required By Law or for the purpose for which such PHI was disclosed to the person or entity, <br /> and the person or entity notifies NC HIE of any instances of which it is aware in which the <br /> confidentiality of such PHI has been breached;and <br /> (b) NC HIE may use or disclose PHI pursuant to a valid authorization by an <br /> Individual that satisfies the requirements of 45 C.F.R § 164.508. <br /> 5. OBLIGATIONS OF NC HIE. <br /> (a) Prohibition on Unauthorized Use or Disclosure.NC HIE will not use or <br /> disclose PHI except as permitted or required by the Privacy Rule, the Security Rule, this <br /> Agreement,applicable Subscription Agreements,or as Required By Law. <br /> (b) Minimum Necessary Uses and Disclosures.NC HE shall limit its use and <br /> disclosure of PHI under this Agreement to the"minimum necessary"as set forth in guidance that <br /> the Secretary issues under the Privacy Rule, or if guidance has not been issued, to the Limited <br /> Data Set(as defined by HIPAA) or the minimum necessary to carry out NC HIE's duties. This <br /> Section 5.(b) does not apply to: (i) Disclosures to, or requests by, a health care provider for <br /> treatment; (ii)uses or Disclosures made to the Individual; (iii)Disclosures made pursuant to an <br /> authorization as set forth in 45 C.FR§ 164.508;(iv)Disclosures made to the Secretary under 45 <br /> C.F.R.part 160, subpart C; (v)uses or Disclosures that are Required By Law as described in 45 <br /> C.F.R. § 164.512(a); and (vi) uses or Disclosures that are required for compliance with <br /> applicable requirements of the Privacy Rule. <br /> (c) Safeguards. NC HIE will use appropriate safeguards to prevent the use or <br /> Disclosure of PHI other than as provided for by this Agreement. NC HIE will implement <br /> administrative, physical and technical safeguards as required by the Security Rule, and that <br /> reasonably and appropriately protect the confidentiality and integrity of the Electronic Protected <br /> Health Information that it creates,receives,maintains or transmits on behalf of Covered Entity <br /> Participant. <br /> 19 <br />