My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Business Associate Agreement & Data Services Agreement - SEMMA Health, Inc.
sbend
>
Public
>
Public Works
>
Board of Works Documents
>
2017
>
Agreement, Contracts, Proposals
>
Business Associate Agreement & Data Services Agreement - SEMMA Health, Inc.
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/28/2025 4:15:08 PM
Creation date
5/24/2017 1:22:43 PM
Metadata
Fields
Template:
Board of Public Works
Document Type
Contracts
Document Date
5/23/2017
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
20
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
B. Limitations on Disclosure of PHI: Business Associate shall not use or disclose <br />PHI other than as permitted or required by this Agreement or as Required by Law. <br />Business Associate shall not use or disclose PHI in a manner that would violate the <br />Privacy Rule if done by Covered Entity, unless expressly permitted to do so <br />pursuant to the Privacy Rule and this Agreement. <br />C. Obligations on Behalf of Covered Entity. To the extent Business Associate carries out <br />an obligation for which Covered Entity is responsible under the Privacy Rule, Business <br />Associate must comply with the requirements of the Privacy Rule that apply to Covered <br />Entity in the performance of such obligation. <br />D. HIPAA Safeguards: <br />1. Business Associate shall use appropriate safeguards to prevent use or <br />disclosure of PHI other than as permitted by this Agreement or as Required <br />by Law. <br />2. Business Associate shall comply with the Security Rule and implement <br />reasonable and appropriate Administrative, Physical, and Technical <br />Safeguards to protect the Confidentiality, Integrity, and Availability of <br />EPHI and to prevent the use or disclosure of EPHI other than as permitted <br />by the Agreement and this BAA or as Required by Law. <br />E. Reporting of Disclosures of Protected Health Information in Violation of <br />HIPAA. Business Associate shall report to Covered Entity in writing any use or <br />disclosure of PHI not permitted by this Agreement promptly after becoming aware <br />of such use or disclosure. <br />F. Reporting of Security Incidents.Business Associate shall report to Covered Entity <br />any successful Security Incident promptly upon becoming aware of such incident. For <br />purposes of this Agreement, an "unsuccessful" Security Incident is an unsuccessful attempt <br />to breach the security of Business Associate's systems that Business Associate determines <br />was targeted at Business Associate's systems storing Covered Entity's EPHI, and includes <br />general "pinging" or "denial of service" attacks that are not determined to have been <br />directed at such EPHI, and such unsuccessful Security Incidents shall be deemed as having <br />been reported. <br />G. Reporting of Breaches of Unsecured PHI <br />Notification Re uirement. To the extent Business Associate accesses, maintains, <br />retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses <br />Unsecured PHI, it will, following the discovery of a Breach of such information, <br />notify Covered Entity of such Breach without unreasonable delay and in no case <br />later than 60 days after discovery of the Breach. <br />2. Discovery of Breach. For purposes of reporting a Breach to Covered Entity, the <br />discovery of a Breach shall occur on the first day on which such Breach is known <br />to Business Associate or, by exercising reasonable diligence, would have been <br />known to or suspected by the Business Associate. Business Associate will be <br />
The URL can be used to link to this page
Your browser does not support the video tag.