Laserfiche WebLink
f. Electronic Health Record shall have the same meaning as the term "electronic protected health <br />information" in the American Recovery and Reinvestment Act of 2009, § 13400(5). <br />g. Electronic Protected Health Information shall have the meaning given such term in 45 CFR <br />§ 160.103. <br />h. Genetic Information shall have the meaning given to such term in 45 CFR § 160.103. <br />i. Health Care Operations shall have the meaning given to such term under the Privacy and <br />Security Rule, including 45 C.F.R. § 164.581. <br />j. Health Care Provider shall have the meaning given such term in 45 C.F.R. § 160.103. <br />k. HIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law <br />104-91, as amended, and related HIPAA regulations at 45 C.F.R. §§ 160-164. <br />1. Individual shall have the meaning given to the term under the Privacy and Security Rule, <br />including, but not limited to, 45 C.F.R. § 160.103. It shall also include a person who qualifies <br />as a personal representative in accordance with 45 C.F.R. §164.582(g). <br />m. Payment shall have the meaning given such term in 45 C.F.R. § 164.581. <br />n. Privacy and Security Rule shall mean the Standards for Privacy of Individually Identifiable <br />Health Information and Security Standards for the Protection of Electronic Protected Health <br />Information that are codified at 45 C.F.R. parts 160 and 164, subparts A, C, and E. <br />o. Protected Health Information or PHI shall have the meaning given such term under the Privacy <br />and Security Rule in 45 C.F.R. § 160.103. It shall include any information created or received <br />by Business Associate from or on behalf of Client. <br />p. Required By Law shall have the meaning given to the term under the Privacy or Security Rule. <br />q. Security Incident shall mean the attempted or successful unauthorized access, use, disclosure, <br />modification, or destruction of information or interference with system operations in an <br />information system as provided in 45 C.F.R. § 164.304. <br />r. Subcontractor shall have the meaning given to the term under 45 CFR § 160.103. <br />s. Unsecured PHI shall have the meaning given to such term under the Privacy and Security <br />Regulations at 45 C.F.R. §164.402. Specifically, unsecured PHI shall mean PHI that is not <br />secured by a technology standard approved by the Secretary of HHS that renders PHI unusable, <br />unreadable, or indecipherable to unauthorized individuals. <br />d. Obligations of Business Associate <br />a. Permitted Uses. Business Associate shall not use or disclose PHI except for the purpose of <br />performing Business Associate's obligations under the Agreement or as Required by Law or <br />authorized by the Individual who is the subject of the PHI. <br />b. Permitted Disclosures. Business Associate may disclose PHI for the purpose of performing <br />Business Associate's obligations under the Agreement and BAA. So long as such use or <br />disclosure does not violate the Privacy and Security Rule, the Agreement, or this BAA, <br />Business Associate may use PHI (a) as is necessary for the proper management and <br />administration of Business Associate's organization, or (b) to carry out the legal responsibilities <br />of Everside, and (c) to fulfill its responsibilities under the Agreement. If Business Associate <br />discloses PHI to a third party, Business Associate must obtain, prior to making any such <br />disclosure, (i) reasonable written assurances from such third party that such PHI will be held <br />confidential as provided pursuant to this BAA and only disclosed as Required by Law or for <br />the purposes for which it was disclosed to such third party, and (ii) a written agreement from <br />e 2022 [verside I lealth. LLC. All rights reserved Confidential. <br />24 <br />