My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2021-074B
CBCC
>
Official Documents
>
2020's
>
2021
>
2021-074B
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/22/2021 12:13:29 PM
Creation date
6/11/2021 3:23:37 PM
Metadata
Fields
Template:
Official Documents
Official Document Type
Agreement
Approved Date
05/11/2021
Control Number
2021-074B
Agenda Item Number
12.D.1.
Entity Name
Employer Direct Healthcare, LLC
Subject
Surgeryplus Services Agreement
Addition of SurgeryPlus Benefit as Optional Benefit
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
38
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID: 29EAB906-1936-4BAB-83BE-97C974F00293 <br />(1) the disclosure is Required by Law; <br />(G) Business Associate makes the disclosure pursuant to an agreement consistent <br />with Section 6 of this BA Agreement; or <br />(iii) Business Associate makes the disclosure pursuant to a written confidentiality <br />agreement under which the third -party is required to: (A) protect the confidentiality of the Protected Health <br />Information; (a) only use or further disclose the Protected Health Information as Required by Law or for the purpose <br />for which it was disclosed to the third -party; and (C) notify Covered Entity of any acquisition, aoress, use, or <br />disclosure of Protected Health Information in a manner not permitted by the confidentiality agreement. <br />(c) Business Associate may use Protected Health information to provide Data Aggregation <br />services relating to the Health Care Operations of Covered Entity if required or permitted under the Service <br />Agreement. <br />(d) Business Associate may -de -identify any and all Protected Health Information obtained by - <br />Business Associate under this BA Agreement or the Service Agreement at any location, and use such de -Identified <br />data, all in accordance with the de -Identification requirements of the Privacy Rule. <br />3. Safeituards. Business Associate shall use appropriate safeguards to prevent the use or disclosure <br />of Protected Health Information other than as permitted or required by this BA Agreement. In addition, Business <br />Associate shall implement Administrative Safeguards, Physical Safeguards and Technical Safeguards that reasonably <br />and appropriately protect the Confidentiality, Integrity and Availability of Electronic Protected Health Information <br />that It creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall comply with <br />the HIPAA Security Rule with respect to Electronic Protected Health Information. <br />4. Minimum hinggary Standard. To the extent required by the "minimum necessary" requirements <br />of HIPAA, Business Associate shall only request, use and disclose the minimum amount of Protected Health <br />information necessary to accomplish the purpose of the request, use or disclosure. <br />S. Mitigation Business Associate shall take reasonable steps to mitigate, to the extent practicable, <br />any harmful effect (that is known to Business Associate) of a use or disclosure of Protected Health Information by <br />Business Associate in violation of this BA Agreement or HIPAA. <br />6. Sypcontractors. Business Associate shall enter Into a written agreement meeting the <br />requirements of 45 C.F.R. §§ 164.504(e) and 164.314(a)(2) with each Subcontractor (Including, without limitation, a <br />Subcontractor that is an agent under applicable law) that creates, receives, maintains or transmits Protected Health <br />information on behalf of Business Associate. Business Associate shall ensure that the written agreement with each <br />Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive <br />as the restrictions and conditions that apply to Business Associate under this BA Agreement. <br />7. Reporting Requirements. <br />(a) Business Associate shall, without unreasonable delay, but in no event later than three (3) <br />business days after becoming aware of any acquisition, access, use, or disclosure of Protected Health information in <br />violation of this BA Agreement by Business Associate, its employees, other agents or contractors, or by a thlyd-party <br />to which Business Associate disclosed Protected Health Information (each, an "Unauthorized Use or Disclosure), <br />report such Unauthorized Use or Disclosure to Covered Entity. <br />(b) Business Associate shall, without unreasonable delay, but in no event later than three (3) <br />business days after becoming aware of any Security Incident, report It to Covered Entity. Notwithstanding the <br />foregoing, pings, port scans, and similar routine attempts on Business Associate's firewall that are successfully <br />blocked shall not require reporting due to the infeasibility of recording and reporting all such pings, port scans, and <br />other routine events. <br />-2- <br />yl� <br />
The URL can be used to link to this page
Your browser does not support the video tag.