Orange County NC Website
(d) Protected Health Information."Protected Health Information"shall have the same meaning <br /> as the term in 45 CFR§ 160.103,limited to the information created or received by Business Associate from <br /> or on behalf of Covered Entity and includes without limitation"Electronic Protected Health Information." <br /> Business Associate acknowledges and agrees that all Protected Health Information that is created or <br /> received by Covered Entity and disclosed or made available in any form, including paper record, oral <br /> communication,audio recording,and electronic display by Covered Entity or its operating units to Business <br /> Associate or is created or received by Business Associate on Covered Entity's behalf shall be subject to this <br /> Agreement. <br /> (e) Required by Law. "Required by Law"shall have the same meaning as the term in 45 CFR <br /> § 164.103. <br /> IL OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br /> (a) Use and Disclosure. Business Associate agrees to fully comply with the requirements <br /> under the HIPPA Security and Privacy Rule applicable to Business Associates and not to use or disclose <br /> Protected Health Information other than as permitted or required by this Agreement,the Service Agreement <br /> or as Required by Law. To the extent Business Associate carries out obligations of Covered Entity under <br /> the HIPAA Security and Privacy Rule,Business Associate shall comply with the applicable provisions of <br /> the HIPAA Security and Privacy Rule as if such use or disclosure were made by Covered Entity. Business <br /> Associate agrees to comply with Covered Entity's policies regarding the minimum necessary use or <br /> disclosure of Protected Health Information. <br /> (b) Appropriate Safeguards. Business Associate agrees to use appropriate safeguards to <br /> prevent use or disclosure of Protected Health Information other than as provided for by this Service <br /> Agreement(s),this Agreement or as Required by Law. This includes the implementation physical,technical <br /> and administrative safeguards to prevent use or disclosure of Protected Health Information other than as <br /> permitted in this Agreement or Required by Law and reasonably and appropriately protect the <br /> confidentiality, integrity, and availability of any Electronic Protected Health Information that it creates, <br /> receives, maintains, or transmits on behalf of Covered Entity as required by the HIPAA Security and <br /> Privacy Rule. The Business Associate shall maintain appropriate documentation of its compliance with the <br /> HIPPA Security and Privacy Rule,including,but not limited to,its policies,procedures,records of training <br /> and sanctions of members in its workforce. <br /> (c) Assurances. Business Associate agrees to provide Covered Entity with written assurances <br /> that any Protected Health Information placed on any type of mobile media, including, but by no means <br /> limited to, lap top computers, Ipads and mobile phones, is encrypted in accordance with guidance issued <br /> by the Secretary. <br /> (d) Agents and Subcontractors. Business Associate shall require any agents, including any <br /> subcontractors, to whom it provides Protected Health Information from Covered Entity that is created, <br /> received, maintained or transmitted on behalf of Business Associate to agree by written contract with <br /> Business Associate to the same(or greater)restrictions,conditions and requirements that apply to Business <br /> Associate with respect to such information, and to agree to implement reasonable and appropriate <br /> safeguards to protect any of such information that is Electronic Protected Health Information. In addition, <br /> Business Associate agrees to take reasonable steps to ensure that its employees' actions or omissions do <br /> not cause Business Associate to breach the terms of this Agreement. <br /> (e) Mitigation of Breach. Business Associate agrees to mitigate,to the extent practicable,any <br /> harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information <br /> by Business Associate in violation of the requirements of this Agreement, as well as to provide complete <br /> cooperation to Covered Entity should Covered Entity elect to review or investigate such noncompliance or <br /> 2 <br /> October 2013 <br />