Orange County NC Website
Browse       Search
4 <br />October 2013 <br />C.To the extent required under HITECH § 13404, fully comply with the applicable <br />requirements of 45 CFR 164.502(e)(2) for each use and disclosure of Protected <br />Health Information; <br />D.To the extent required under HITECH § 13401, fully comply with 45 CFR §§ <br />164.308, 164.310, 164.312, and 164.316; <br />E.To the extent required under HITECH §§13401 and 13404, comply with the <br />additional privacy and security requirements that apply to Covered Entities in the <br />same manner and to the same extent as Covered Entity is required to do so; and <br />F.To the extent required under the HIPPA Regulations, comply with the privacy and <br />security requirements that apply to Business Associates. <br />(m)State Privacy Laws. Business Associate shall understand and comply with state privacy <br />laws to the extent that such privacy laws are not preempted by HIPPA or HITECH. <br />III.PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE <br />(a)Use of Protected Health Information on Behalf of Covered Entity. Except as otherwise <br />limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform <br />functions, activities or services for, or on behalf of, Covered Entity described in the Service Agreement, <br />provided that such use or disclosure would not violate the HIPPA Security and Privacy Rule if it were made <br />by Covered Entity or would not violate the Covered Entities minimum necessary policies. <br />(b)Other Uses of Protected Health Information. Except as otherwise limited in this <br />Agreement, Business Associate may use Protected Health Information within its workforce for the proper <br />management and administration of Business Associate not to include Marketing or Commercial Use and to <br />carry out the legal responsibilities of Business Associate; and <br />(c)Third Party Confidentiality. Except as otherwise limited in this Agreement, Business <br />Associate may disclose Protected Health Information for the proper management and administration of <br />Business Associate or to carry out the legal responsibilities of Business Associate, provided that if Business <br />Associate discloses any Protected Health Information to a third party for such purpose, the Business <br />Associate shall enter into a written agreement with such third party requiring the following: <br />A.Disclosure only as Required by Law; or <br />B.Business Associate obtains reasonable assurances from the person to whom the <br />information is disclosed that the information will remain confidential and will be used or <br />further disclosed only as Required by Law or for the purpose for which it was disclosed to <br />the person, and the person notifies Business Associate of any instances of which it is aware <br />in which the confidentiality, integrity, and or availability of the Protected Health <br />Information has been breached immediately upon becoming aware. <br />(d)Business Associate may provide data aggregation services relating to the health care <br />operations of Covered Entity pursuant to any agreements between the Parties evidencing their business <br />relationship as permitted by 45 CFR § 164.504(e)(2)(i)(B). <br />(e)Other Uses Strictly Limited. Nothing in this Agreement shall permit the Business <br />Associate to share Protected Health Information with Business Associate’s affiliates or contractors except <br />for the purposes of the Service Agreement(s) between the Covered Entity and Business Associate(s) <br />identified in Section I (a) of this Agreement. <br />DocuSign Envelope ID: DB3028D2-AD5E-4CCF-84B3-305C2A760199