Orange County NC Website
Browse       Search
A. Not receive, directly or indirectly, any impermissible remuneration in exchange <br /> for Protected Health Information or Electronic Protected Health Information, <br /> except as permitted by HITECH§ 13405(d)or the HIPPA Regulations; <br /> B. Comply with the marketing and other restrictions applicable to Business <br /> Associates contained in HITECH§ 13406 and the HIPPA Regulations; <br /> C. To the extent required under HITECH§ 13404, fully comply with the applicable <br /> requirements of 45 CFR 164.502(e)(2) for each use and disclosure of Protected <br /> Health Information; <br /> D. To the extent required under HITECH § 13401, fully comply with 45 CFR §§ <br /> 164.308, 164.310, 164.312,and 164.316; <br /> E. To the extent required under HITECH §§13401 and 13404, comply with the <br /> additional privacy and security requirements that apply to Covered Entities in the <br /> same manner and to the same extent as Covered Entity is required to do so; and <br /> F. To the extent required under the HIPPA Regulations, comply with the privacy <br /> and security requirements that apply to Business Associates. <br /> (m) State Privacy Laws. Business Associate shall understand and comply with state privacy <br /> laws to the extent that such privacy laws are not preempted by HIPPA or HITECH. <br /> III. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE <br /> (a) Use of Protected Health Information on Behalf of Covered Entity. Except as otherwise <br /> limited in this Agreement, Business Associate may use or disclose Protected Health Information to <br /> perform functions, activities or services for, or on behalf of, Covered Entity described in the Service <br /> Agreement, provided that such use or disclosure would not violate the HIPPA Security and Privacy Rule <br /> if it were made by Covered Entity or would not violate the Covered Entities minimum necessary policies. <br /> (b) Other Uses of Protected Health Information. Except as otherwise limited in this <br /> Agreement,Business Associate may use Protected Health Information within its workforce for the proper <br /> management and administration of Business Associate not to include Marketing or Commercial Use and <br /> to carry out the legal responsibilities of Business Associate;and <br /> (c) Third Party Confidentiality. Except as otherwise limited in this Agreement, Business <br /> Associate may disclose Protected Health Information for the proper management and administration of <br /> Business Associate or to carry out the legal responsibilities of Business Associate, provided that if <br /> Business Associate discloses any Protected Health Information to a third party for such purpose, the <br /> Business Associate shall enter into a written agreement with such third party requiring the following: <br /> A. Disclosure only as Required by Law; or <br /> B. Business Associate obtains reasonable assurances from the person to whom the <br /> information is disclosed that the information will remain confidential and will be used or <br /> further disclosed only as Required by Law or for the purpose for which it was disclosed <br /> to the person, and the person notifies Business Associate of any instances of which it is <br /> aware in which the confidentiality, integrity, and or availability of the Protected Health <br /> Information has been breached immediately upon becoming aware. <br /> 4 <br /> October 2013 <br />