Minutes - April 16, 2012 Regular Meeting

Home Browse Search

BK.0002 PG:0890 Consolidated Agreement -FY 13 Page 17 of 22 g. "Secretary" shall mean the Secretary of the United States Department of Health and Human Services or his designee. h. "Security Incident" shall have the same meaning as the tern "security incident" in 45 CFR 164.304. i. Unless otherwise defined in this Agreement, terms used herein shall have the same meaning as those terms have in the Privacy and Security Rules. 3. OBLIGATIONS OF BUSINESS ASSOCIATE a. Business Associate agrees to not use or disclose electronic protected health information or other protected health information other than as permitted or required by this Agreement or as required by law. b. Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information and other protected health information that it creates, receives, maintains, or transmits on behalf of a Covered Entity, as required by the Privacy and Security Rules. c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of electronic protected health information or other protected health information by a Business Associate in violation of the requirements of this Agreement. d. Business Associate agrees to report to Covered Entity (i) any use or disclosure of electronic protected health information or other protected health information not provided for by this Agreement of which it becomes aware and (ii) any security incident of which it becomes aware. e. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides electronic protected health information and/or other protected health information received from, or created or received by Business Associate on behalf of Covered Entity (i) agrees to be bound by the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information, and (ii) agrees to implement reasonable and appropriate safeguards to protect such information. f. Business Associate agrees to provide access, at the request of Covered Entity, to electronic protected health information and other protected health information in a Designated Record Set to a Covered Entity or, as directed by a Covered Entity, to an individual in order to meet the requirements under 45 CFR 164.524. g. Business Associate agrees, at the request of a Covered Entity, to make any amendment(s) to electronic protected health information and other protected health information in a Designated Record Set that a Covered Entity directs or agrees to pursuant to 45 CFR 164.526. h. Unless otherwise prohibited by law, Business Associate agrees to make internal practices, books, and records, including policies and procedures concerning electronic protected health information and other protected health information, relating to the use and disclosure of electronic protected health information and other protected health information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy and Security Rules. i. Business Associate agrees to document such disclosures of electronic protected health information and other protected health information related to such disclosures as would be required for Covered Entity to respond to a request by an individual for an accounting of disclosures of electronic protected health information and other protected health information in accordance with 45 CFR 164.528, and to provide this information to Covered Entity or an individual to permit such a response.