Orange County NC Website
Browse       Search
DocuSign Envelope ID:2131C227-EE7F-46A7-A603-446386DA3B96 <br /> for the purposes of the Service Agreement(s) between the Covered Entity and Business Associate(s) <br /> identified in Section I(a) of this Agreement. <br /> (f) Coveted Entity Authorization for Additional Uses Any use of Protected Health <br /> Information by Business Associate, its affiliate or Contractor, other than those purposes of this <br /> Agreement, shall requiu•c express written authorization by the Covered Entity, and a Business Associate <br /> Agreement or amendment as necessary. Activities which are prohibited include, but ate not limited to, <br /> Marketing, as defined by 45 CPR § 164.503 or the sharing for Commercial Use or any purpose construed <br /> by Covered Entity as Marketing or Commercial Use, even if such sharing would be permitted by federal <br /> or state laws <br /> (g) Business Associate may de-identify Protected Health Information only at the specific <br /> direction of and only for the use of Covered Entity Business Associate may not sell Protected Health <br /> Information except at the direction of Covered Entity and in compliance with the requirements of the <br /> HIPAA Security and Privacy Rule. <br /> N. AVAILABILIIY OF PHI <br /> (a) Access to Protected Health Information. Business Associate agrees, in the event the <br /> Business Associate maintains protected health information hi a Designated Record Set,to make available, <br /> within ten (10) days of a request by Covered Entity in a time and manner designated by Covered Entity, <br /> Protected Health Information in a Designated Record Set, to Covered Entity or as directed by Covered <br /> Entity, to an individual in order to meet the requirements of 45 CPR § 164 524 of the=AA Security <br /> and Privacy Rule. <br /> (b) Amendments to Protected Health Information In the event that the Business Associate <br /> maintains Protected Health Information in a Designated Record Set, Business Associate agrees to make <br /> any amendment(s) to Protected Health Information in a designated record set that the Covered Entity <br /> directs or agrees to pursuant to the HIPAA Security and Privacy Rule at the request of Covered Entity of <br /> an individual,within ten(10) days of receipt of a request from Coveted Entity and in the time and manner <br /> designated by Coveted Entity <br /> (c) Accounting of Disclosures Business Associate agrees to maintain and make available <br /> the information required to provide an accounting of disclosures, as required by 45 CFR§ 164.528 of the <br /> HIPAA Security and Privacy Rule Business Associate will comply with Covered Entity's policy <br /> regarding accounting of'diselosures <br /> (d) Document Disclosures. In the event an Individual makes a request under this Section of <br /> the Agreement directly to Business Associate, Business Associate will notify Covered Entity of such <br /> request within three (3) business days and shall cooperate with, and act only at the direction of Covered <br /> Entity in responding to such request <br /> V.. OBLIGATIONS OF COVERED ENIITY <br /> (a) Notice of Privacy Practices Covered Entity shall provide Business Associate with the <br /> notice of privacy practice that Covered Entity produces in accordance with 45 CPR § 164.52.0, as well as <br /> any changes to that notice <br /> (b) Notice of Changes in Individual's Access or Protected Health Information Covered <br /> Entity shall provide Business Associate with any changes in, or revocation of, permission by an <br /> Individual to use or disclose Protected Health Information, is such changes affect Business Associate's <br /> permitted or required uses. <br /> 5 <br /> October 2013 <br />