My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2025-126B
CBCC
>
Official Documents
>
2020's
>
2025
>
2025-126B
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
9/8/2025 2:36:28 PM
Creation date
9/8/2025 1:20:50 PM
Metadata
Fields
Template:
Official Documents
Official Document Type
Amendment
Approved Date
06/03/2025
Control Number
2025-126B
Agenda Item Number
13.D.1.
Entity Name
Surgery Plus
Subject
Second Amendment to Surgery Plus Services Agreement
Document Relationships
2025-126
(Cover Page)
Path:
\Official Documents\2020's\2025
2025-126A
(Cover Page)
Path:
\Official Documents\2020's\2025
2025-126C
(Agenda)
Path:
\Official Documents\2020's\2025
2025-126D
(Agenda)
Path:
\Official Documents\2020's\2025
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
42
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID: 29EAB906-1936-4BAB-83BE-97C974F00293 <br />A TRUE COPY <br />CERTIFICATION ON LAST PAGE <br />"''`!AN L. BUTLER, CLERK <br />(1) the disclosure is Required by law; <br />(ii) Business Associate makes the disclosure pursuant to an agreement consistent <br />with Section 6 of this BA Agreement; or <br />(iii) Business Associate makes the disclosure pursuant to a written confidentiality <br />agreement under which the third -party is required to: (A) protect the confidentiality of the Protected Health <br />information; (0) only use or further disclose the Protected Health Information as Required by Law or for the purpose <br />for which it was disclosed to the third -party; and (C) notify Covered Entity of any acquisition, access, use, or <br />disclosure of Protected Health Information in a manner not permitted by the confidentiality agreement. <br />(c) Business Associate may use Protected Health Information to provide Data Aggregation <br />services relating to the Health Care Operations of Covered Entity if required or permitted under the Service <br />Agreement. <br />(d) Business Associate maybe -identify any and all Protected Health Information obtained by <br />Business Associate under this BA Agreement or the Service Agreement at any location, and use such de -identified <br />data, all in accordance with the de -identification requirements of the Privacy Rule. <br />3. Sam. Business Associate shall use appropriate safeguards to prevent the use or disclosure <br />of Protected Health Information other than as permitted or required by this BA Agreement. In addition, Business <br />Associate shall implement Administrative Safeguards, Physical Safeguards and Technical Safeguards that reasonably <br />and appropriately protect the Confidentiality, Integrity and Availability of Electronic Protected Health Information <br />that It creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall comply with <br />the HIPAA Security Rule with respect to Electronic Protected Health Information. <br />4. Minimum Necessary Standard. To the extent required by the "minimum necessary" requirements <br />of HIPAA, Business Associate shall only request, use and disclose the minimum amount of Protected Health <br />information necessary to accomplish the purpose of the request, use or disclosure. <br />5. Mitigation. Business Associate shall take reasonable steps to mitigate, to the extent practicable, <br />any harmful effect (that is known to Business Associate) of a use or disclosure of Protected Health information by <br />Business Associate in violation of this BA Agreement or HIPAA. <br />6. Subcontractors. Business Associate shall enter into a written agreement meeting the <br />requirements of 45 C.F.R. §§ 164.504(e) and 164.314{a)(2) with each Subcontractor (including, without limitation, a <br />Subcontractor that is an agent under applicable law) that creates, receives, maintains or transmits Protected Health <br />information on behalf of Business Associate. Business Associate shall ensure that the written agreement with each <br />Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive <br />as the restrictions and conditions that apply to Business Associate under this BA Agreement. <br />7. Reporting Requirements. <br />(a) Business Associate shall, without unreasonable delay, but in no event later than three (3) <br />business days after becoming aware of any acquisition, access, use, or disclosure of Protected Health Information in <br />vlolation of this BA Agreement by Business Associate, its employees, other agents or contractors, or by a third -party <br />to which Business Associate disclosed Protected Health Information (each, an 'Unauthorized Use or Disclosure'), <br />report such Unauthorized Use or Disclosure to Covered Entity. <br />(b) Business Associate shall, without unreasonable delay, but in no event later than three (3) <br />business days after becoming aware of any Security Incident, report it to Covered Entity. Notwithstanding the <br />foregoing, pings, port scans, and similar routine attempts on Business Assoclate's firewall that are successfully <br />blocked shall not require reporting due to the Infeasibility of recording and reporting all such pings, port scans, and <br />other routine events. <br />51 <br />
The URL can be used to link to this page
Your browser does not support the video tag.