My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Minutes - April 16, 2012 Regular Meeting
public access
>
Clerk
>
MINUTES
>
2012
>
Minutes - April 16, 2012 Regular Meeting
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
5/16/2012 8:40:39 AM
Creation date
5/16/2012 8:37:03 AM
Metadata
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
62
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
BK:00024 PG:0893 <br />Consolidated Agreement -FYI3 Page 20 of 22 <br />AMENDMENT TO THE NORTH CAROLINA DEPARTMENT OF HEALTH AND HUMAN <br />SERVICES BUSINESS ASSOCIATE ADDENDUM TO CONSOLIDATED AGREEMENT <br />This document amends North Carolina Department of Health and Human Services Business Associate <br />Addendum to th Consolidated Agreement. This amendment is made effective the I' day of July, 2012, <br />by and betwee )AQeO�ta 1 name of Local Health Department or "Covered <br />Entity") and the Division of Public Health ( "Business Associate ") (collectively the "Parties ") for the <br />purpose of specifying the breach reporting and notification requirements following an unauthorized <br />disclosure of unsecured Protected Health Information (PHI). <br />I. DEFINITIONS: <br />The terms defined below shall have the following meaning in this Amendment: <br />a. "Breach" means the acquisition, access, use, or disclosure of PHI in a manner not permitted <br />under the HIPAA Privacy Rule which compromises the security or privacy of the PHI. For the <br />purpose of this definition, "compromises the security or privacy of the PHP' means poses a <br />significant risk of financial, reputational, or other harm to the individual. A use or disclosure <br />of PHI that does not include the identifiers listed at § 164.514(e)(2), limited data set, date of <br />birth, and zip code does not compromise the security or privacy of the PHI. <br />Breach excludes: <br />• Any unintentional acquisition, access or use of PHI by a workforce member or person <br />acting under the authority of a Covered Entity (CE) or Business Associate (BA) if such <br />acquisition, access, or use was made in good faith and within the scope of authority and <br />does not result in further use or disclosure in a manner not permitted under the HIPAA <br />Privacy Rule. <br />Any inadvertent disclosure by a person who is authorized to access PHI at a CE or BA to <br />another person authorized to access PHI at the same CE or BA, or organized health care <br />arrangement in which the CE participates, and the information received as a result of such <br />disclosure is not further used or disclosed in a manner not permitted under the HIPAA <br />Privacy Rule; or <br />A disclosure of PHI where a CE or BA has a good faith belief that an unauthorized person <br />to whom the disclosure was made could not have expected to use or further disclose that <br />information. <br />b. "HITECH Act' means the "Health Information Technology for Economic and Clinical Health <br />( "HITECH ") Act, Title XIII of Division A of the American Recovery and Reinvestment Act of <br />2009 (P.L. 111 -5). <br />c. "Security breach" means an incident of unauthorized access to and acquisition of unencrypted and <br />un- redacted records or data containing personal information where illegal use of the personal <br />information has occurred or is reasonably likely to occur or that creates a material risk of harm to a <br />consumer. Any incident of unauthorized access to and acquisition of encrypted records or data <br />
The URL can be used to link to this page
Your browser does not support the video tag.