Laserfiche WebLink
2.3. Other Permitted Disclosures. Except as otherwise limited by this Agreement, Business <br />Associate may disclose to a third party PHI it receives or creates in its capacity as a business <br />associate of Covered Entity for the proper management and administration of Business <br />Associate, provided that: <br />2.3.1. The disclosure is Required By Law; or <br />2.3.2. Business Associate obtains reasonable assurances from the third party to whom the <br />information is disclosed that (i) the PHI will remain confidential and used or further <br />disclosed only as Required By Law or for the purpose for which it was disclosed to the <br />third party, and (ii) the third party notifies Business Associate of any instances of which <br />it is aware in which the confidentiality of the information has been breached. <br />2.4. De -Identified Information. Health information that has been de -identified in accordance with <br />the requirements of 45 C.F.R. §§ 164.514 and 164.502(d) and is therefore not Individually <br />Identifiable Health Information ("De -Identified Information") is not subject to the provisions <br />of this Agreement. Covered Entity may disclose PHI to Business Associate to use for the <br />purpose of creating De -Identified Information, whether or not the De -Identified Information is <br />to be used by Covered Entity. <br />3. Obligations and Activities of Business Associate Regarding PHI. <br />3.1. Limitations on Uses and Disclosures. Business Associate will not use or further disclose PHI <br />other than as permitted or required by this Agreement or as Required By Law. <br />3.2. Safeguards. Business Associate will use appropriate safeguards to prevent use or disclosure of <br />the PHI other than as provided for by this Agreement. <br />3.3. Mitigation. Business Associate will mitigate, to the extent practicable, any harmful effect that <br />is known to Business Associate of a use or disclosure of PHI by Business Associate or <br />subcontractor or agent of Business Associate in violation of the requirements of this <br />Agreement. <br />3.4. Reporting. Business Associate will immediately report to Covered Entity in writing, any use <br />or disclosure of the PHI not provided for by this Agreement of which it becomes aware. <br />3.5. Agents and Subcontractors. Business Associate will ensure that any agent, including any <br />subcontractor to whom Business Associate provides PHI that was created for or received from <br />or on behalf of Covered Entity, has executed an agreement containing the same restrictions and <br />conditions that apply through this Agreement to Business Associate with respect to such <br />information. Business Associate will ensure only those who reasonably need to know such <br />information in order to perform Services receive such information and, in such case, only the <br />minimum amount of such PHI is disclosed as is necessary for such performance. <br />3.6. Access. Where PHI held by Business Associate is contained in a Designated Record Set, within <br />fifteen (15) days of receiving a written request from Covered Entity, Business Associate will <br />make such PHI available to Covered Entity or, as directed by Covered Entity, to an Individual, <br />that is necessary for Covered Entity to respond to Individuals' requests for access to PHI in <br />Page 3 of 9 <br />