My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2019-097C
CBCC
>
Official Documents
>
2010's
>
2019
>
2019-097C
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
12/27/2019 1:36:00 PM
Creation date
7/23/2019 3:31:25 PM
Metadata
Fields
Template:
Official Documents
Official Document Type
Agreement
Approved Date
06/18/2019
Control Number
2019-097C
Agenda Item Number
12.D.1.
Entity Name
Save on SP, LLC
Subject
specialty pharmacy co-pay assistance program
arrangement with Express Scripts Holding Company
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
9
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
information created, received, maintained, transmitted or accessed by Business Associate for or on behalf <br />of Covered Entity. <br />1.6 Unsecured Protected Health Information ("Unsecured PHI"). "Unsecured Protected Health <br />Information" means PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized <br />individuals through the use of a technology or methodology specified by the Secretary in guidance issued <br />under section 13402(h)(2) of Pub. L. 111-5. <br />SECTION 2 — OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE <br />2.1 Prohibition on Unauthorized Use or Disclosure. Business Associate will not use or disclose PHI <br />other than as required to perform its obligations pursuant to the Program, as permitted or required by this <br />BAA, or as required by law. <br />2.2 Safeguards. Business Associate will implement appropriate administrative, technical, and <br />physical safeguards (including written policies and procedures) and comply, where applicable, with subpart <br />C of Part 164 of HIPAA to prevent the use or disclosure of PHI other than as provided for by this BAA. <br />2.3 Duty to Identify, Mitigate, Document, and Report. With respect to (i) a use or disclosure of PHI <br />by Business Associate in violation of the requirements of this BAA, (ii) a discovered Breach of Unsecured <br />PHI, or (iii) a suspected or known security incident, excluding inconsequential incidents that occur on a <br />daily basis such as scans or "pings" that are not allowed past Business Associate's firewalls (collectively <br />referred to hereinafter as "Occurrences"), Business Associate agrees: <br />(a) Identify. To identify and appropriately respond to any suspected or known Occurrences; <br />(b) Mitigate. Mitigate, to the extent practicable, any harmful effect known to Business <br />Associate related to any Occurrences; <br />(c) Document. Document any Occurrences and the outcome; <br />(d) Report. Report any Occurrences to Covered Entity in writing within ten (10) business <br />days of the Occurrence; and <br />(e) Additional Requirements. Comply with the additional requirements of Section 4.1 of <br />this BAA. <br />2.4 Subcontractors and Agents. Business Associate agrees to ensure that any subcontractors or <br />agents that create, receive, maintain, or transmit PHI for the Business Associate on behalf of the Covered <br />Entity agree in writing to restrictions and conditions that are no less stringent than those that apply to the <br />Business Associate pursuant to this BAA with respect to such information and will implement reasonable <br />and appropriate safeguards to protect it. If Business Associate learns of a pattern of activity or practice of <br />a subcontractor that constitutes a breach or violation of the subcontractor's obligation under the contract or <br />other arrangement with Business Associate, Business Associate must take reasonable steps to cure the <br />breach or end the violation, as applicable, and if such steps are unsuccessful, terminate the contract or <br />arrangement if feasible. <br />
The URL can be used to link to this page
Your browser does not support the video tag.