My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
25A - AGMT FOR FLEX SPENDING
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2020
>
10/20/2020
>
25A - AGMT FOR FLEX SPENDING
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/14/2020 3:08:32 PM
Creation date
10/14/2020 3:02:14 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Human Resources
Item #
25A
Date
10/20/2020
Destruction Year
2025
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
37
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID: CFCE3443-EF37-4FD4-8DCD-D85D559F77AE <br />existence of a business associate agreement between Covered Entity, on the one hand, and, <br />on the other hand, another business associate of Covered Entity. Where required by service <br />agreements and/or business associate agreements prepared by other business associates, <br />Covered Entity shall expressly authorize transmission of PHI to Business Associate. Covered <br />Entity promptly shall notify Business Associate of any changes to its relationships with other <br />business associates with which Business Associate may have dealings in fulfilling its duties <br />hereunder. <br />3. Duties of Business Associate Relative to PHI. <br />a. Business Associate shall not use or disclose PHI other than as permitted or required by this <br />Agreement or as Required by Law, and otherwise comply with all applicable provisions of <br />the Privacy Rule. <br />b. Business Associate shall use appropriate safeguards, and comply with Subpart C of 45 CFR <br />Part 164 with respect to electronic protected health information, to prevent use or <br />disclosure of protected health information other than as provided for by this Agreement, <br />and otherwise comply with all applicable provisions of the Security Rule. <br />c. Business Associate will report to Covered Entity any use or disclosure of Protected Health <br />Information not provided for by this Agreement of which it becomes aware, including <br />Security Incidents of which Business Associate becomes aware. Business Associate shall <br />not, however be required to report to Covered Entity the ongoing existence and <br />occurrence of "Attempted but Unsuccessful Security Incidents," defined as activity such as <br />pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful <br />log -on attempts, denial of service and any combination of the above, so long as no such <br />incident results in unauthorized access, use or disclosure of Electronic PHI as defined under <br />the HIPAA Rules. <br />d. Business Associate promptly shall notify Covered Entity of a Breach of Unsecured PHI upon <br />Business Associate's discovery of same. Business Associate will treat any Breach as being <br />discovered in accordance with 45 CFR § 164.410. Business Associate's notification to <br />Covered Entity hereunder shall: <br />(1) Be made to Covered Entity without unreasonable delay and in no event later than 60 <br />calendar days after discovery of the Breach, except where a law enforcement official <br />determines that a notification would impede a criminal investigation or cause damage <br />to national security; <br />4 _. <br />/GDE <br />111111........... 41N\Il fl <br />Document Generated on June 16, 2020 <br />City of Santa Ana Business Associate Agreement <br />Client Initials: <br />Page 7 <br />25A-30 <br />
The URL can be used to link to this page
Your browser does not support the video tag.