My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2023-130AD
CBCC
>
Official Documents
>
2020's
>
2023
>
2023-130AD
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
12/28/2023 10:32:16 AM
Creation date
12/28/2023 10:31:14 AM
Metadata
Fields
Template:
Official Documents
Official Document Type
Agreement
Approved Date
06/20/2023
Control Number
2023-130AD
Agenda Item Number
12.D.1.
Entity Name
Ameritas Life Insurance Corp.
Subject
Administrative Service Agreement for Group Insurance for Plan Year 2023/2024
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
21
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
xvii) "Security Rule" shall mean the standard for Security of Individually Identifiable Health <br />Information codified at 45 CFR Parts 160, 162 and 164. <br />xviii) "Security Incident" has the meaning in 45 CFR § 164.304, which is the attempted or <br />successful unauthorized access, use, disclosure, modification, or destruction of <br />information or interference with system operations. <br />xix) "Subcontractor" shall have the meaning given to such term at 45 CFR § 160.103 and <br />includes any agent/agency relationships. <br />xx) "Unsecured Protected Health Information" (or "unsecured PHI") shall mean Protected <br />Health Information has the meaning as set forth in 45 C.F.R. 164.402.that is not rendered <br />unusable, unreadable, or indecipherable to unauthorized individuals through the use of a <br />technology or methodology specified by the Secretary in the regulations or guidance issued <br />pursuant to 42 U. S.C. §§17932(h)(2). <br />xxi) "Unsuccessful Security Incident" shall mean, without limitation, pings and other broadcast <br />attacks on Business Associate's firewall, port scans, unsuccessful log -on attempts, denial of <br />service attacks, and any combination of the above, so long as no such incident results in <br />unauthorized access, use, disclosure, modification or destruction of PER or intentional <br />interference with system operations in an information system that contains PHI. <br />b) Catch-all Definition. Terms used, but not otherwise defined, in this Addendum shall have the <br />same meaning as those terms in the Privacy Rule and Security Rule. <br />2) Obligations of Business Associate. <br />a) Permitted Uses. Business Associate shall not use PHI except for the purpose of performing <br />Business Associate's obligations under the Service Agreement and as permitted or required by <br />this BAA. Further, Business Associate shall not use PHI in any manner that would constitute <br />a violation of the Privacy Rule if so used by Covered Entity. However, Business Associate <br />may (i) use PHI for the proper management and administration of Business Associate and to <br />carry out the legal responsibilities of Business Associate, and (ii) provide Data Aggregation <br />services relating to the health care operations of Covered Entity if such services are provided <br />by Business Associate to Covered Entity under the Service Agreement. <br />b) Permitted Disclosures. Business Associate shall not disclose PHI in any manner that would <br />constitute a violation of HITECH and HIPAA (including without limitation the Privacy Rule) <br />if disclosed by Covered Entity. However, Business Associate may disclose PHI in a manner <br />permitted pursuant to the Service Agreement, for the proper management and administration <br />of Business Associate; and as required by law. Additionally, Business Associate may disclose <br />PHI in a manner allowed by law if Covered Entity specifically authorizes the disclosure. In no <br />event shall Business Associate be permitted to receive remuneration, either directly or <br />indirectly, in exchange for PHI, except as may be approved by Covered Entity in its sole <br />discretion and then, only to the extent permitted by 42 U.S.C. § 17935(d). To the extent that <br />Business Associate discloses PHI to a third party, Business Associate must prior to making any <br />such disclosure obtain, (i) reasonable assurances from such third party that such PHI will be <br />held confidential as provided pursuant to this BAA and only disclosed as required by law or <br />
The URL can be used to link to this page
Your browser does not support the video tag.