Browse
Search
Agenda 05-06-25; 6-a - Opioid Advisory Committee Settlement Fund Use Recommendations
OrangeCountyNC
>
BOCC Archives
>
Agendas
>
Agendas
>
2025
>
Agenda - 05-06-2025 Business Meeting
>
Agenda 05-06-25; 6-a - Opioid Advisory Committee Settlement Fund Use Recommendations
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
5/1/2025 1:21:21 PM
Creation date
5/1/2025 1:07:55 PM
Metadata
Fields
Template:
BOCC
Date
5/6/2025
Meeting Type
Business
Document Type
Agenda
Agenda Item
6-a
Document Relationships
Agenda for May 6, 2025 BOCC Meeting
(Message)
Path:
\BOCC Archives\Agendas\Agendas\2025\Agenda - 05-06-2025 Business Meeting
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
138
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
36 <br /> Business Associate will forward the individual's request to Covered Entity within three (3) <br /> working days to be fulfilled by Covered Entity. <br /> 7. If Business Associate receives a request pursuant to 45 CFR 164.526 to make any <br /> amendment(s)to PHI in a designated record set directly from the individual,then Business <br /> Associate will forward the individual's request to Covered Entity within three (3) working <br /> days to be fulfilled by Covered Entity. <br /> 8. Maintain and make available upon request within three (3) working days the information <br /> required to provide an accounting of disclosures to Covered Entity as necessary to satisfy <br /> Covered Entity's obligations under 45 CFR 164.528. If Business Associate receives a request <br /> to provide an accounting of disclosures directly from the individual,then Business Associate <br /> will forward the individual's request to Covered Entity within three (3) working days to be <br /> fulfilled by Covered Entity. <br /> 9. Make its internal practices, books, and records relating to the use of PHI received from <br /> Covered Entity, or created or received by Business Associate on behalf of Covered Entity, <br /> available to the Secretary of DHHS and Covered Entity for purposes of determining <br /> compliance with HIPAA. <br /> 10. To the extent practicable, mitigate any harmful effects that are known to Business Associate <br /> of a use or disclosure of PHI or a breach of Unsecured PHI in violation of this Addendum. <br /> 11. Use and disclose an individual's PHI only if such use or disclosure is in compliance with the <br /> applicable requirements of 45 CFR 164.504(e) and the terms of this Addendum. <br /> 12. Refrain from exchanging any PHI with any entity of which Business Associate knows of a <br /> pattern of activity or practice that constitutes a breach as defined by North Carolina State <br /> Law, HIPAA, or this Addendum. <br /> 13. To the extent Business Associate is to carry out one or more of Covered Entity's obligation(s) <br /> under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply <br /> to Covered Entity in the performance of such obligation(s). <br /> B. Breach Notification: <br /> In the event that Business Associate discovers any use or disclosure of PHI not provided for by <br /> the Agreement, including breaches of Unsecured PHI as required at 45 CFR 164.410, and any <br /> security incident of which it becomes aware, Business Associate agrees to take the following <br /> measures within three (3) working days after Business Associate first becomes aware of the <br /> incident: <br /> 1. To notify Covered Entity of any incident involving the acquisition, access, use or disclosure of <br /> Unsecured PHI in a manner not permitted under 45 CFR Part E. Such notice by Business <br /> Associate shall be provided without unreasonable delay, except where a law enforcement <br /> official determines that a notification would impede a criminal investigation or cause <br /> damage to national security. For purposes of clarity for this provision, Business Associate <br /> must notify Covered Entity of any such incident within the above timeframe even if Business <br /> Associate has not conclusively determined within that time that the incident constitutes a <br /> breach as defined by HIPAA. For purposes of this Addendum, Business Associate is deemed <br /> to have become aware of the breach as of the first day on which such breach is known or <br /> reasonably should have been known to such entity or associate of Business Associate, <br /> including any person, other than the individual committing the breach,that is an employee, <br /> officer or other agent of Business Associate or an associate of Business Associate. <br /> 12 <br />
The URL can be used to link to this page
Your browser does not support the video tag.