Orange County NC Website
Privacy Rule shall control. Where provisions of this Agreement are different than those mandated in the <br /> HIPAA Security and Privacy Rule, but are nonetheless permitted by the HIPAA Security and Privacy <br /> Rule,the provisions of this Agreement shall control. <br /> (c) Electronic Protected Health Information. Protected Health Information that is transmitted <br /> by or maintained in Electronic Media(as defined in the HIPAA Security and Privacy Rule). <br /> (d) Protected Health Information. "Protected Health Information" shall have the same <br /> meaning as the term in 45 CFR § 160.103, limited to the information created or received by Business <br /> Associate from or on behalf of Covered Entity and includes without limitation `Electronic Protected <br /> Health Information." Business Associate acknowledges and agrees that all Protected Health Information <br /> that is created or received by Covered Entity and disclosed or made available in any form, including paper <br /> record, oral communication, audio recording, and electronic display by Covered Entity or its operating <br /> units to Business Associate or is created or received by Business Associate on Covered Entity's behalf <br /> shall be subject to this Agreement. <br /> (e) Required by Law. "Required by Law" shall have the same meaning as the term in 45 <br /> CFR§ 164.103. <br /> II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br /> (a) Use and Disclosure. Business Associate agrees to fully comply with the requirements <br /> under the HIPPA Security and Privacy Rule applicable to Business Associates and not to use or disclose <br /> Protected Health Information other than as permitted or required by this Agreement, the Service <br /> Agreement or as Required by Law. To the extent Business Associate carries out obligations of Covered <br /> Entity under the HIPAA Security and Privacy Rule,Business Associate shall comply with the applicable <br /> provisions of the HIPAA Security and Privacy Rule as if such use or disclosure were made by Covered <br /> Entity. Business Associate agrees to comply with Covered Entity's policies regarding the minimum <br /> necessary use or disclosure of Protected Health Information. <br /> (b) Appropriate Safeguards. Business Associate agrees to use appropriate safeguards to <br /> prevent use or disclosure of Protected Health Information other than as provided for by this Service <br /> Agreement(s), this Agreement or as Required by Law. This includes the implementation physical, <br /> technical and administrative safeguards to prevent use or disclosure of Protected Health Information other <br /> than as permitted in this Agreement or Required by Law and reasonably and appropriately protect the <br /> confidentiality, integrity, and availability of any Electronic Protected Health Information that it creates, <br /> receives, maintains, or transmits on behalf of Covered Entity as required by the HIPAA Security and <br /> Privacy Rule. The Business Associate shall maintain appropriate documentation of its compliance with <br /> the HIPPA Security and Privacy Rule, including, but not limited to, its policies, procedures, records of <br /> training and sanctions of members in its workforce. <br /> (c) Assurances. Business Associate agrees to provide Covered Entity with written <br /> assurances that any Protected Health Information placed on any type of mobile media, including, but by <br /> no means limited to, lap top computers, Ipads and mobile phones, is encrypted in accordance with <br /> guidance issued by the Secretary. <br /> (d) Agents and Subcontractors. Business Associate shall require any agents, including any <br /> subcontractors, to whom it provides Protected Health Information from Covered Entity that is created, <br /> received, maintained or transmitted on behalf of Business Associate to agree by written contract with <br /> Business Associate to the same (or greater) restrictions, conditions and requirements that apply to <br /> Business Associate with respect to such information, and to agree to implement reasonable and <br /> appropriate safeguards to protect any of such information that is Electronic Protected Health Information. <br /> 2 <br /> October 2013 <br />