Orange County NC Website
2 <br />October 2013 <br />(c) Electronic Protected Health Information. Protected Health Information that is transmitted <br />by or maintained in Electronic Media (as defined in the HIPAA Security and Privacy Rule). <br /> <br />(d) Protected Health Information. “Protected Health Information” shall have the same meaning <br />as the term in 45 CFR § 160.103, limited to the information created or received by Business Associate from <br />or on behalf of Covered Entity and includes without limitation “Electronic Protected Health Information.” <br />Business Associate acknowledges and agrees that all Protected Health Information that is created or <br />received by Covered Entity and disclosed or made available in any form, including paper record, oral <br />communication, audio recording, and electronic display by Covered Entity or its operating units to Business <br />Associate or is created or received by Business Associate on Covered Entity’s behalf shall be subject to this <br />Agreement. <br /> <br />(e) Required by Law. “Required by Law” shall have the same meaning as the term in 45 CFR <br />§ 164.103. <br /> <br /> <br />II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br /> <br /> (a) Use and Disclosure. Business Associate agrees to fully comply with the requirements <br />under the HIPAA Security and Privacy Rule applicable to Business Associates and not to use or disclose <br />Protected Health Information other than as permitted or required by this Agreement, the Service Agreement <br />or as Required by Law. To the extent Business Associate carries out obligations of Covered Entity under <br />the HIPAA Security and Privacy Rule, Business Associate shall comply with the applicable provisions of <br />the HIPAA Security and Privacy Rule as if such use or disclosure were made by Covered Entity. Business <br />Associate agrees to comply with Covered Entity’s policies regarding the minimum necessary use or <br />disclosure of Protected Health Information. <br /> <br /> (b) Appropriate Safeguards. Business Associate agrees to use appropriate safeguards to <br />prevent use or disclosure of Protected Health Information other than as provided for by this Service <br />Agreement(s), this Agreement or as Required by Law. This includes the implementation physical, technical <br />and administrative safeguards to prevent use or disclosure of Protected Health Information other than as <br />permitted in this Agreement or Required by Law and reasonably and appropriately protect the <br />confidentiality, integrity, and availability of any Electronic Protected Health Information that it creates, <br />receives, maintains, or transmits on behalf of Covered Entity as required by the HIPAA Security and <br />Privacy Rule. The Business Associate shall maintain appropriate documentation of its compliance with the <br />HIPAA Security and Privacy Rule, including, but not limited to, its policies, procedures, records of training <br />and sanctions of members in its workforce. <br /> <br />(c) Assurances. Business Associate agrees to provide Covered Entity with written assurances <br />that any Protected Health Information placed on any type of mobile media, including, but by no means <br />limited to, lap top computers, Ipads and mobile phones, is encrypted in accordance with guidance issued <br />by the Secretary. <br /> <br />(d) Agents and Subcontractors. Business Associate shall require any agents, including any <br />subcontractors, to whom it provides Protected Health Information from Covered Entity that is created, <br />received, maintained or transmitted on behalf of Business Associate to agree by written contract with <br />Business Associate to the same (or greater) restrictions, conditions and requirements that apply to Business <br />Associate with respect to such information, and to agree to implement reasonable and appropriate <br />safeguards to protect any of such information that is Electronic Protected Health Information. In addition, <br />Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do <br />not cause Business Associate to breach the terms of this Agreement. <br /> <br />(e) Mitigation of Breach. Business Associate agrees to mitigate, to the extent practicable, any <br />harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information <br />DocuSign Envelope ID: A7AE99E4-EA4E-458C-808C-B641597E1CBF