Orange County NC Website
Browse       Search
<br />3 <br /> <br />O. “Security Rule” means the Security Standards for the Protection of Electronic Health <br />Information provided in 45 CFR Part 160 & Part 164, Subparts A and C. <br />P. “Unsecured Protected Health Information” or “Unsecured PHI” means any “protected health <br />information” as defined in 45 CFR §§164.501 and 160.103 that is not rendered unusable, <br />unreadable or indecipherable to unauthorized individuals through the use of a technology <br />or methodology specified by the HHS Secretary in the guidance issued pursuant to the <br />HITECH Act and codified at 42 USC §17932(h).(A full definition section matching the PDF <br />will be inserted here.) <br />2. Use and Disclosure of PHI. <br />A. Except as otherwise provided in this BAA, Business Associate may use or disclose PHI as <br />reasonably necessary to provide the services described in the Agreement to Covered Entity, <br />and to undertake other activities of Business Associate permitted or required of Business <br />Associate by this BAA or as required by law. <br />B. Except as otherwise limited by this BAA or federal or state law, Covered Entity authorizes <br />Business Associate to use the PHI in its possession for the proper management and <br />administration of Business Associate’s business and to carry out its legal responsibilities. <br />Business Associate may disclose PHI for its proper management and administration, <br />provided that (i) the disclosures are required by law; or (ii) Business Associate obtains, in <br />writing, prior to making any disclosure to a third party (a) reasonable assurances from this <br />third party that the PHI will be held confidential as provided under this BAA and used or <br />further disclosed only as required by law or for the purpose for which it was disclosed to <br />this third party and (b) an agreement from this third party to notify Business Associate <br />immediately of any breaches of the confidentiality of the PHI, to the extent it has knowledge <br />of the breach. <br />C. Business Associate will not use or disclose PHI in a manner other than as provided in this <br />BAA, as permitted under the Privacy Rule, or as required by law. Business Associate will use <br />or disclose PHI, to the extent practicable, as a limited data set or limited to the minimum <br />necessary amount of PHI to carry out the intended purpose of the use or disclosure, in <br />accordance with Section 13405(b) of the HITECH Act (codified at 42 USC §17935(b)) and <br />any of the act’s implementing regulations adopted by HHS, for each use or disclosure of PHI. <br />D. Upon request, Business Associate will make available to Covered Entity any of Covered <br />Entity’s PHI that Business Associate or any of its agents or subcontractors have in their <br />possession. <br />E. Business Associate may use PHI to report violations of law to appropriate Federal and State <br />authorities, consistent with 45 CFR §164.502(j)(1). <br />3. Safeguards Against Misuse of PHI. Business Associate will use appropriate safeguards to <br />prevent the use or disclosure of PHI other than as provided by the Agreement or this BAA , and <br />Business Associate agrees to implement administrative, physical, and technical safeguards that <br />reasonably and appropriately protect the confidentiality, integrity , and availability of the <br />Electronic PHI that it creates, receives, maintains , or transmits on behalf of Covered Entity. <br />Docusign Envelope ID: 570451FC-66D7-4F0D-A133-FD52C5F42668Docusign Envelope ID: 2F0A6F2B-A88D-43A2-97AA-4CF0CF9C3EE6