Orange County NC Website
Browse       Search
d. Hospital,Hospital Groups,Primary Care Practices,Primary Care Practice Groups.These additional <br /> obligations will be described in Exhibit: Hospital / Hospital Groups 1 Primary Care Practices <br /> Primary Care Practice Groups. <br /> 12. Mutual Business Associate Obligations. Each Party individually stands as a Business Associate to the <br /> other Party regarding PHI provided by that other Party,whether the providing Party is itself a Covered <br /> Entity or a Business Associate for that PHI. Therefore,each Party individually agrees to the following <br /> Business Associate Agreement provisions for any PHI it accesses or uses for which it is not the owner <br /> or the primary custodian. Each Party,in its role as a Business Associate,agrees to: <br /> a. Use PHI in its possession only as permitted or required by this Agreement or as otherwise <br /> Required by Law. <br /> b. Disclose PHI in its possession to third parties only if(1)the disclosures are Required By Law,or(ii) <br /> the Business Associate has received from the third party written assurances regarding its <br /> confidential handling of such PHI as required under 45 CFR §164.504(e)(4), and the third party <br /> agrees in writing to notify Business Associate of any instances of which it becomes aware that the <br /> confidentiality of the information has been breached. <br /> c. Comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health information <br /> (ePHI),to prevent use or disclosure of PHI other than as provided for by this Agreement. <br /> d. Acknowledge its continuing obligations under HIPAA and agree to comply with any subsequent <br /> regulations promulgated under HIPAA and any guidance thereto. <br /> e. Acknowledge that (1) the foregoing requirements shall apply to Business Associate in the same <br /> manner that such requirements apply to a Covered Entity, and (ii) Business Associate shall be <br /> subject to the civil and criminal enforcement provisions set forth at 42 USC 1320d-5 and 1320d- <br /> 6, as amended from time to time,for failure to comply with the requirements and any applicable <br /> guidance subsequently issued by the Secretary of the Department of Health and Human Services <br /> ("Secretary")with respect to such requirements. <br /> f. Disclose to its subcontractors, agents,or other third parties only the minimum PHI necessary to <br /> perform or fulfill the Permitted Uses. <br /> g. Transmit any ePHI it creates, receives, or maintains in a manner that the ePHI is rendered <br /> unusable,unreadable,or indecipherable to unauthorized persons through the use of technology <br /> or methodology specified by the Secretary in the guidance issued under section 13402(h)(2) of <br /> Public Law 111-5. <br /> h. Establish procedures for mitigating any deleterious effects from any improper use or disclosure <br /> of PHI from Business Associate or any subcontractor or agent thereof, <br /> I. Make available all records, books, agreements, policies, and procedures relating to the use or <br /> disclosure of PHI to the Secretary for purposes of investigating or determining compliance with <br /> HIPAA. <br /> j. Upon prior written request, make available to the other Party during normal business hours at <br /> Business Associate's offices all records, books, agreements, policies, and procedures relating to <br /> Page 11 of 21 <br />