Laserfiche WebLink
include certain conditions to the Adopting Employer's receipt of PHI and that Adopting Employer <br /> agrees to those conditions. By adopting this Plan document, the Adopting Employer certifies that <br /> the Plan has been amended as required by the Privacy Rules and that it agrees to the following <br /> conditions, thereby allowing the Plan to disclose PHI to the Adopting Employer. The Adopting <br /> Employer agrees to: <br /> (a) Not use or further disclose PHI other than as permitted or required by the Plan document <br /> or as required by law; <br /> (b) Ensure that any agents,including a subcontractor,to whom the Plan provides PHI received <br /> from the Plan agree to the same restrictions and conditions that apply to the Adopting <br /> Employer with respect to such PHI; <br /> (c) Not use or disclose PHI for employment related actions and decisions unless authorized by <br /> an individual; <br /> (d) Not use or disclose PHI in connection with any other benefit or employee benefit plan of <br /> the Adopting Employer unless authorized by an individual; <br /> (e) Report to the Plan any PHI use or disclosure of which it becomes aware that is inconsistent <br /> with the uses or disclosures permitted hereunder and/or may constitute a"breach"as that <br /> term is defined in HIPAA; <br /> (f) Make PHI available for access by the individual who is the subject of the PHI in accordance <br /> with HIPAA; <br /> (g) Make PHI available for amendment and incorporate any amendments to PHI in accordance <br /> with HIPAA; <br /> (h) Make available the information required to provide an accounting of disclosures in <br /> accordance with HIPAA; <br /> (i) Make internal practices, books and records relating to the use and disclosure of PHI <br /> received from Plan available to the HHS Secretary for the purposes of determining the <br /> Plan's compliance with HIPAA; and <br /> (j) If feasible, return or destroy all PHI received for the Plan that the Adopting Employer still <br /> maintains in any form, and retain no copies of such PHI when no longer needed for the <br /> purpose for which disclosure was made (or if return or destruction is not feasible, limit <br /> further uses and disclosures to those purposes that make the return or destruction <br /> infeasible). <br /> 7.3 Adopting Employer's Obligations under Security Rules. If the Adopting Employer creates, <br /> receives, maintains, or transmits ePHI (other than enrollment and disenrollment information and <br /> Summary Health Information, which are not subject to these restrictions), the Adopting Employer <br /> will: <br /> (a) Implement administrative, physical, and technical safeguards that reasonably and <br /> appropriately protect the confidentiality, integrity, and availability of ePHI; <br /> (b) Ensure that any agents, including subcontractors, who create, receive, maintain, or <br /> transmit ePHI on behalf of the Plan implement reasonable and appropriate security <br /> measures to protect the ePHI; <br /> ©2017 Hitesman&Wold,P.A. 23 <br /> Funded Post-Employment HRA Basic Plan Document(Single Employer Non-ERSA) <br />