Orange County NC Website
Browse       Search
Exhibit C - 4 <br /> <br /> (c) At termination of this Agreement, the Arrangement Agreement (or any similar <br />documentation of the business relationship of the Parties), or upon request of Covered Entity, <br />whichever occurs first, if feasible, Business Associate will return (in a manner or process <br />approved by the Covered Entity) or destroy all Protected Health Information received from <br />Covered Entity, or created, maintained or received by Business Associate on behalf of Covered <br />Entity, that Business Associate still maintains in any form and retain no copies of such <br />information. If such return or destruction is not feasible, Business Associate will (i) retain only <br />that Protected Health Information necessary under the circumstances; (ii) return or destroy the <br />remaining Protected Health Information that the Business Associate still maintains in any form; <br />(iii) extend the protections of this Agreement to the retained Protected Health Information; (iv) <br />limit further uses and disclosures to those purposes that make the return or destruction of the <br />Protected Health Information not feasible; and (v) return or destroy the retained Protected Health <br />Information when it is no longer needed by Business Associate. This paragraph shall survive the <br />termination of this Agreement and shall apply to Protected Health Information created, <br />maintained, or received by Business Associate and any of its subcontractors. <br /> <br /> (d) Business Associate agrees to ensure that its agents, including any subcontractors, <br />that create, receive, maintain or transmit Protected Health Information on behalf of Business <br />Associate agree to the same (or greater) restrictions and conditions that apply to Business <br />Associate with respect to such information, and agree to implement reasonable and appropriate <br />safeguards to protect any of such information that is Electronic Protected Health Information. <br />Business Associate agrees to enter into written agreements with any subcontractors in <br />accordance with the requirements of the HIPAA Rules. In addition, Business Associate agrees to <br />take reasonable steps to ensure that its employees’ actions or omissions do not cause Business <br />Associate to breach the terms of this Agreement. <br /> <br /> (e) Business Associate will implement appropriate safeguards to prevent use or <br />disclosure of Protected Health Information other than as permitted in this Agreement. Business <br />Associate will implement administrative, physical, and technical safeguards that reasonably and <br />appropriately protect the confidentiality, integrity, and availability of any Electronic Protected <br />Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity <br />as required by the HIPAA Rules. <br /> <br /> (f) To the extent applicable, Business Associate will comply with (i) Covered <br />Entity’s Notice of Privacy Practices; (ii) any limitations to which Covered Entity has agreed in <br />regard to an Individual’s permission to use or disclose his or her Protected Health Information; <br />and (iii) any restrictions to the use or disclosure of Protected Health Information to which <br />Covered Entity has agreed or is required to agree. <br /> <br /> (g) Business Associate will make its internal practices, books and records available to <br />the Secretary of the Department of Health and Human Services for purposes of determining <br />compliance with the HIPAA Rules, and, at the request of the Secretary, will comply with any <br />investigations and compliance reviews, permit access to information, and cooperate with any <br />35