Laserfiche WebLink
accordance with 45 C.F.R. § 164.524. Business Associate will provide such PHI in an <br /> electronic format upon request by Covered Entity unless it is not readily producible in such <br /> format in which case Business Associate will provide Covered Entity a readable electronic <br /> format as agreed to by Covered entity and Individual, <br /> 3.7. Compliance with Requirements. To the extent Business Associate is to carry out Covered <br /> Entity's obligation under HIPAA, Business Associate will comply with the requirement <br /> applicable to such obligation. <br /> 3.8. Amendment of PHI. Where PHI held by Business Associate is contained in a Designated <br /> Record Set,within fifteen(15)days of receiving a written request from Covered Entity or an <br /> Individual,Business Associate will make any requested amendment(s)or correction(s)to PHI <br /> in accordance with 45 C.F.R. § 164.526. <br /> 3.9. Disclosure Documentation. Business Associate will document its disclosure of PHI and <br /> information related to such disclosures as would be required for Covered Entity to respond to <br /> a request by an Individual for an accounting of disclosures of PHI in accordance with C.F.R. § <br /> 164.528. <br /> 3.10. Accounting of Disclosures. Within thirty(30)days of receiving a request from Covered Entity, <br /> Business Associate will provide to Covered Entity information collected in accordance with <br /> Section 3.8 of this Agreement, as necessary to permit Covered Entity to make an accounting <br /> of disclosures of PHI about an Individual in accordance with 45 C.F.R. § 164.528. <br /> 3.1 1. Access to Business Associate's Internal Practices. Business Associate will make its internal <br /> practices, books, and records, including policies and procedures and PHI, relating to the use <br /> and disclosure of PHI, including EPHI, created, used, disclosed, received, maintained, <br /> accessed, or transmitted by Business Associate on behalf of Covered Entity, available to the <br /> Secretary or to Covered Entity, in a time and manner designated by the Secretary or reasonably <br /> specified by Covered Entity, for purposes of the Secretary determining Business Associate or <br /> Covered Entity's compliance with the HIPAA Privacy Regulations and HIPAA Security <br /> Regulations, <br /> 3.12. Breach Notification. Business Associate, following the discovery of a Breach of Unsecured <br /> Protected Health Information,shall notify Covered Entity of such Breach.Except as otherwise <br /> required by law,Business Associate shall provide such notice in writing without unreasonable <br /> delay,and in no case later than ten(10)calendar days after discovery of the Breach. <br /> 3.12.1. Notice to Covered Entity required by this Section 3.12 shall include (i) to the extent <br /> possible, the names of the individual(s) whose Unsecured Protected Health <br /> Information has been, or is reasonably believed by Business Associate to have been <br /> accessed,acquired,used or disclosed during the Breach;(ii)a brief description of what <br /> happened including the date of the Breach and the date of the discovery of the Breach, <br /> if known; (iii) a description of the types of Unsecured Protected Health Information <br /> that were involved in the Breach;(iv)a brief description of what Business Associate is <br /> doing or will be doing to investigate the Breach to mitigate harm to the individual(s) <br /> and to protect against further Breaches; and (v) any other information that Covered <br /> Page 4of9 <br />