Laserfiche WebLink
<br /> <br /> <br />6 <br />c) Availability of Disclosure Information. Business Associate will maintain the Disclosure <br />Information for at least six (6) years following the date of the accountable disclosure to which the Disclosure <br />Information relates (three (3) years for disclosures related to an Electronic Health Record, starting with the <br />date specified by the Department of Health and Human Services (HHS)). Business Associate will make the <br />Disclosure Information available to Covered Entity within fifteen (15) calendar days following Covered Entity’s <br />request for such Disclosure Information to comply with an Individual’s request for disclosure accounting. <br />Effective as of the date specified by HHS with respect to disclosures related to an Electronic Health Record, <br />Business Associate will provide the accounting directly to an Individual making such a disclosure request, if a <br />direct response is requested by the Individual. <br />d) Business Associate will support Covered Entity in a manner that enables Covered Entity to <br />meet its obligations under 45 CFR § 164.528 as soon as practicable, but not later than sixty (60) days. <br />(6) Compliance with Electronic Transactions Rule. <br />a) If Business Associate conducts in whole or in part electronic transactions on behalf of <br />Covered Entity for which HHS has established standards, Business Associate will comply, and will require <br />any Representatives it involves with the conduct of such transactions to comply, with each applicable <br />requirement of the Electronic Transactions Rule. Business Associate will also comply with the National <br />Provider Identifier requirements, if and to the extent applicable. <br />(7) De-identified Information. <br />Business Associate may use and disclose de-identified health information only with the prior written approval <br />from the Covered Entity, and only if the PHI is de-identified in compliance with the HIPAA Rules. Moreover, <br />Business Associate will review and comply with the requirements of this Agreement. <br />(8) Notice of Privacy Practices. <br />Business Associate will abide by the limitations of Covered Entity’s Notice of Privacy Practices, of which it has <br />knowledge. Any use or disclosure permitted by this Agreement may be amended by changes to Covered <br />Entity’s Notice of Privacy Practices; provided, however, that the amended Notice of Privacy Practice will not <br />affect permitted uses and disclosures on which Business Associate relied prior to receiving notice of such <br />amended Notice of Privacy Practice. <br />(9) Withdrawal of Authorization. <br />If the use or disclosure of PHI under this Agreement is based upon an Individual’s specific authorization for <br />the use or disclosure of his or her PHI, and the Individual revokes such authorization, the effective date of <br />such authorization has expired, or such authorization is found to be defective in any manner that renders it <br />invalid, Business Associate will, if it has notice of such revocation, expiration, or invalidity, cease the use and <br />disclosure of the Individual’s PHI except to the extent it has relied on such use or disclosure, or if an exception <br />under the HIPAA Rules expressly applies. <br />(10) Knowledge of HIPAA Rules. <br />Business Associate will review and understand the HIPAA Rules as it applies to Business Associate, and to <br />comply with the applicable requirements of the HIPAA Rules, as well as any applicable amendments.