My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
05/11/2021
CBCC
>
Meetings
>
2020's
>
2021
>
05/11/2021
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
8/16/2021 10:57:56 AM
Creation date
8/16/2021 10:54:54 AM
Metadata
Fields
Template:
Meetings
Meeting Type
BCC Regular Meeting
Document Type
Agenda Packet
Meeting Date
05/11/2021
Meeting Body
Board of County Commissioners
Board of County Commissioners
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
151
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
V) the disclosure is Required by Law, <br />(ii) Business Associate makes the disclosure pursuant to an agreement consistent <br />with Section 6 of this BA Agreement; or <br />(iii) Business Associate makes the disclosure pursuant to a written confidentiality <br />agreement under which the third -party is required to: (A) protect the confidentiality of the Protected Health <br />Information; (B) only use or further disclose the Protected Health Information as Required by Law orfor the purpose <br />for which it was disclosed to the third -party; and (C) notify Covered Entity of any acquisition, access, use, or <br />disclosure of Protected Health Information in a manner not permitted by the confidentiality agreement. <br />(c) Business Associate may use Protected Health Information to provide Data Aggregation <br />services relating to the, Health Care Operations of Covered Entity if required or permitted under the Service <br />Agreement. <br />(d) Business Associate may de -identify any and all Protected Health Information obtained by <br />Business Associate under this BA Agreement or the.Service Agreement at any location, and use such de -identified <br />data, all in accordance with the de -identification requirements of the Privacy Rule. <br />3. Safeguards. Business Associate shall use appropriate safeguards to prevent the use or disclosure <br />of Protected Health Information other than as permitted or required by this BA Agreement. In addition, Business <br />Associate shall implement Administrative Safeguards, Physical Safeguards and Technical Safeguards that reasonably <br />and appropriately protect the Confidentiality, Integrity and Availability of Electronic Protected Health Information <br />that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall comply with <br />the HIPAA Security Rule with respect to Electronic Protected Health Information. <br />4. Minimum Necessary Standard. To.the extent required by the "minimum necessary" requirements <br />of HIPAA, Business Associate shall only request, use and disclose the minimum amount of Protected Health <br />Information necessary to accomplish the purpose of the request, use or disclosure. <br />5. Mitigation. Business Associate shall take reasonable steps to mitigate, to the extent practicable, <br />any harmful effect (that is known to Business Associate) of a use or disclosure of Protected Health Information by <br />Business Associate in violation of this BA Agreement or HIPAA. <br />6. Subcontractors. Business Associate shall enter into a written agreement meeting the <br />requirements of 45 C.F.R. §§ 164.504(e) and 164.314(a)(2) with each Subcontractor (including, without limitation, a <br />Subcontractor that is an agent under applicable law) that creates, receives, maintains or transmits Protected Health <br />Information on behalf of Business Associate. Business Associate shall ensure that the written agreement with each <br />Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive <br />as the restrictions and conditions that apply to Business Associate under this BA Agreement. <br />7. Reporting Reauirements. <br />(a) Business Associate shall, without unreasonable delay, but in no event later than three (3) <br />business days after becoming aware of any acquisition, access, use, or disclosure of Protected Health Information in <br />violation of this BA Agreement by Business Associate, its employees, other agents or contractors, or by a third -party <br />to which Business Associate disclosed Protected Health Information (each, an "Unauthorized Use or Disclosure"), <br />report such Unauthorized Use or Disclosure to Covered Entity. <br />(b) Business Associate shall, without unreasonable delay, but in no event later than three (3) <br />business days after becoming aware of any Security Incident, report it to Covered Entity. Notwithstanding the <br />foregoing, pings, port scans, and similar routine attempts on Business Associate's firewall that are successfully <br />blocked shall not require reporting due to the infeasibility of recording and reporting all such pings, port scans, and <br />other routine events. <br />2_ <br />70 <br />
The URL can be used to link to this page
Your browser does not support the video tag.