Laserfiche WebLink
(1) Protected Health information fPHt>. "Protected Health Information (PHI)" shall have the same meaning as the <br />term "protected health information" in 45 CFR §160.103, limited to the Information created or received by <br />Business Associate from or on behalf of a Covered Entity pursuant to this Agreement. <br />(j) Reyuireq By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR <br />§164.103. <br />(k) Secreta . "Secretary" shall mean the Secretary of the Department of Health and Human Services or his <br />designee, <br />(t) Standards for Electronic Transactlons Rule. "Standards for Electronic Transactions Rule° means the final <br />regulations issued by HHS concerning standard transactions and code sets under the Administration <br />Simplification provisions of HIPAA, 45 CFR Part 160 and Part 162. <br />(m) Security InoldenY. "Security Incident" shall have the same meaning as the term "security incident" In.45 CFR <br />§164.304, <br />(n) Security Ru/a. "Security Rule" shall mean the Security Standards and Implementation Specifications at 45 <br />CFR Part 160 and Part 164, subpart C. <br />(o) Subcontractor. "Subcontractor" shall have the same meaning as the term "subcontractor" in 45 CFR §160.103, <br />(p) Transaction, "Transaction" shall have the meaning given the term "transaction" in 45 CFR §160.103 <br />(q) Unsecured Protected Health information. "Unsecured Protected Health Information" shall have the meaning <br />given the term "unsecured protected health information" in 45 CFR §164.402. <br />11, Safeguarding Privacy and Security of Protected Health Informatiori <br />(a) Permitted Uses and Disclosures. The Business Associate is permitted to use and disclose Protected Health <br />Information that it creates or receives on the Covered. Entity's behalf or receives from the Covered Entity (or <br />another businessassociate of the Covered Entity) and to request Protected Health Information on the Covered <br />Entity's behalf (collectively, "Covered Entity's Protected Health Information") only: <br />(1) Functions and Activities on the Covered Entity's Behalf. To perform those services referred to in the <br />services agreement. <br />(11) Business Associate's Operations. For the Business Associate's proper management and administration <br />or to carry out the Business Associate's legal responsibilities, provided that, with respect to disclosure of the <br />Covered Entity's Protected Health Information, either: <br />(A) The disclosure is Required by Law; or <br />(B) The Business Associate obtains reasonable assurance from any person or entity to which the Business <br />Associate will disclose the Covered Entity s Protected Health Information that the person or entity will; <br />(1) Hold the Covered Entitys Protected Health information in confidence and use or further disclose <br />the Covered Entity's Protected Health Information only for the purpose for which the Business <br />Associate disclosed the Covered Entity's Protected Health Information to the person or entity or as <br />Required by Law; and <br />(2) Promptly notify the Business Associate (who will in turn notify the Covered Entity in accordance <br />with the breach notification provisions) of any Instance of which the person or entity becomes aware in <br />which the confidentiality of the Covered Entity's Protected Health Information was breached. <br />(C) To de -Identify the information In accordance with 45 CFR 164.514(a) — (c) as necessary to perform <br />those services required under the.Agreement. <br />2 <br />