Laserfiche WebLink
8. To the extent that Systems Design West, LLC is to carry out any of the Covered Entity's <br /> obligations under the HIPAA Privacy Rule, Systems Design West, LLC shall comply with the <br /> requirements of the Privacy Rule that apply to the Covered Entity when it carries out that <br /> obligation; <br /> 9. Make its internal practices, books, and records relating to the use and disclosure of PHI and <br /> PII received from, or created or received by Systems Design West, LLC on behalf of the <br /> Covered Entity, available to the Secretary of the Department of Health and Human Services <br /> for purposes of determining Systems Design West, LLC and the Covered Entity's compliance <br /> with HIPAA and the HITECH Act; <br /> 10. Restrict the use or disclosure of PHI and PII if the Covered Entity notifies Systems Design <br /> West, LLC of any restriction on the use or disclosure of PHI and PII that the Covered Entity <br /> has agreed to or is required to abide by under 45 CFR §164.522; and <br /> 11. If the Covered Entity is subject to the Red Flags Rule (found at 16 CFR §681.1 et seq.), <br /> Systems Design West, LLC agrees to assist the Covered Entity in complying with its Red Flags <br /> Rule obligations by: (a) implementing policies and procedures to detect relevant Red Flags <br /> (as defined under 16 CFR §681.2); (b) taking all steps necessary to comply with the policies <br /> and procedures of the Covered Entity's Identity Theft Prevention Program; (c) ensuring that <br /> any agent or third party who performs services on its behalf in connection with covered <br /> accounts of the Covered Entity agrees to implement reasonable policies and procedures <br /> designed to detect, prevent, and mitigate the risk of identity theft; and (d) alerting the <br /> Covered Entity of any Red Flag incident (as defined by the Red Flag Rules) of which it <br /> becomes aware, the steps it has taken to mitigate any potential harm that may have <br /> occurred, and provide a report to the Covered Entity of any threat of identity theft as a <br /> result of the incident. <br /> 12. Comply with all current rules and regulations pertaining to the OIG Compliance Program for <br /> ambulance suppliers and special bulletin regarding LEIE recommended screening of <br /> employees and any subcontractors. <br /> D. Permitted Uses and Disclosures by Systems Design West, LLC <br /> To the extent necessary to perform the services required under the PSA, Systems Design West, <br /> LLC may use or disclose PHI and PII as required by law and consistent with the Minimum <br /> Necessary standard—specifically, the use and disclosure of PHI and PII will be limited to the <br /> minimum necessary for accomplishing the intended purpose of the use and disclosure.The <br /> specific uses and disclosures of PHI and PII that may be made by Systems Design West, LLC on <br /> behalf of the Covered Entity include: <br /> 1. The preparation of invoices to patients, carriers, insurers and others responsible for <br /> payment or reimbursement of the services provided by the Covered Entity to its patients; <br /> Business Associate Agreement-3 <br />