Orange County NC Website
Browse       Search
DocuSign Envelope ID:CD6526B8-31F8-4494-98D6-FFE6244E4DOF <br /> for the purposes of the Service Agreement(s) between the Covered Entity and Business Associate(s) <br /> identified in Section I(a) of this Agreement <br /> (f) Covered Entity Authorization for Additional Uses Any use of Protected Health <br /> Information by Business Associate, its affiliate or Contractor, other than those purposes of this <br /> Agreement, shall require express written authorization by the Covered Entity, and a Business Associate <br /> Agreement or amendment as necessary Activities which are prohibited include, but are not limited to <br /> Marketing, as defined by 45 CFR § 164.503 ox the sharing for Commercial Use or any purpose construed <br /> by Coveted Entity as Marketing or Commercial Use, even if such sharing would be permitted by federal <br /> oi state laws. <br /> (g) Business Associate may de-identify Protected Health Infbrmation only at the specific <br /> direction of and only for the use of Covered Entity. Business Associate may not sell Protected Health <br /> Information except at the direction of Covered Entity and in compliance with the requirements of the <br /> HlPAA Security and Privacy Rule_ <br /> IV AVAILABILIIY OF PHI <br /> (a) Access to Protected Health Information Business Associate agrees, in the event the <br /> Business Associate maintains protected health information in a Designated Record Set,to make available, <br /> within ten (10) days of a request by Covered Entity in a time and manner designated by Coveted Entity, <br /> Protected Health Irdormation in a Designated Record Set, to Covered Entity or as directed by Covered <br /> Entity, to an individual in order to meet the requirements of 45 CFR § 164.524 of the HIPAA Security <br /> and Privacy Rule. <br /> (b) Amendments to Protected Health Information In the event that the Business Associate <br /> maintains Protected Health Information in a Designated Record Set, Business Associate agrees to make <br /> any amendment(s) to Protected Health Information in a designated record set that the Coveted Entity <br /> directs or agrees to pursuant to the HIPAA Security and Privacy Rule at the request of Covered Entity of <br /> an individual,within ten(10) days of receipt of a request fiom Covered Entity and in the time and manner <br /> designated by Covered Entity. <br /> (c) Accounting of Disclosures Business Associate agrees to maintain and make available <br /> the information required to provide an accounting of disclosures, as required by 45 CFR § 164 52.8 of the <br /> HIPAA Security and Privacy Rule Business Associate will comply with Covered Entity's policy <br /> regarding accounting of disclosures. <br /> (d) Document Disclosures In the event an Individual makes a request under this Section of <br /> the Agreement directly to Business Associate, Business Associate will notify Covered Entity of such <br /> request within three (3) business days and shall cooperate with, and act only at the direction of Covered <br /> Entity in responding to such request <br /> V OBLIGAIIONS OF COVERED ENIIIY <br /> (a) Notice of Privacy Practices Covered Entity shall provide Business Associate with the <br /> notice of privacy practice that Covered Entity produces in accordance with 45 CFR § 164.520, as well as <br /> any changes to that notice <br /> (b) Notice of Changes in Individual's Access or Protected Health Information Covered <br /> Entity shall provide Business Associate with any changes in, or revocation of; permission by an <br /> Individual to use or disclose Protected Health Infbrrnation, is such changes affect Business Associate's <br /> permitted or required uses. <br /> 5 <br /> October 2013. <br />