Orange County NC Website
Browse       Search
Exhibit C - 5 <br /> <br />complaints, as Required By Law. If permitted, without unreasonable delay and, in any event, no <br />more than 48 hours of receipt of the request or notification, Business Associate will notify <br />Covered Entity in writing of any request by any governmental entity, or its designee, to review <br />Business Associate’s compliance with law or this BAA, to pursue a complaint, or to conduct an <br />audit or assessment of any kind involving Protected Health Information received from Covered <br />Entity or created on Covered Entity’s behalf. <br /> <br /> (h) Business Associate shall report to Covered Entity (see Exhibit B) any use or <br />disclosure of Protected Health Information that is not in compliance with the terms of this <br />Agreement as well as any Breach of which it becomes aware, without unreasonable delay, and in <br />no event later than forty-eight (48) hours of such Discovery. Such notification shall contain the <br />elements required by 45 C.F.R. § 164.410. In addition, Business Associate agrees to mitigate, to <br />the extent practicable, any harmful effect that is known to Business Associate of a use or <br />disclosure of Protected Health Information by Business Associate in violation of the <br />requirements of this Agreement, as well as to reasonably cooperate with Covered Entity should <br />Covered Entity elect to review or investigate such noncompliance or Breach. Business Associate <br />shall reasonably cooperate in Covered Entity’s Breach analysis and/or risk assessment, if <br />requested. Furthermore, Business Associate shall reasonably cooperate with Covered Entity in <br />the event that Covered Entity determines that any third parties must be notified of a Breach, <br />provided that Business Associate shall not provide any such notification except at the direction <br />of Covered Entity. Business Associate shall indemnify and hold harmless Covered Entity for any <br />direct injury or damages arising from any noncompliance with this Agreement or any Breach <br />attributable to the negligence of Business Associate, including the failure to execute the terms of <br />this Agreement. <br /> <br />(i) Business Associate shall permit Covered Entity, after providing ten (10) business days’ <br />written notice, to conduct an audit of Business Associate’s compliance with this BAA and the <br />HIPAA Rules, provided that such audit does not unreasonably interfere with Business <br />Associate’s operations. Such audit may consist of an onsite visit, a series of inquiries that <br />require written responses, or both. Business Associate shall promptly and completely respond to <br />Covered Entity’s reasonable requests for information in support of the audit, which shall not be <br />conducted more than once annually except in cases of an actual Breach or noncompliance with <br />this BAA or the HIPAA Rules. Each Party shall bear its own costs associated with the audit. <br /> <br />IV. AVAILABILITY OF PHI <br /> <br /> (a) Business Associate agrees to make available within ten (10) days of a request by <br />Covered Entity Protected Health Information in a Designated Record Set to Covered Entity to <br />the extent and in the manner required by 45 C.F.R. § 164.524. <br /> <br /> (b) Business Associate agrees to make available Protected Health Information in a <br />Designated Record Set for amendment and to incorporate any amendments to Protected Health <br />36