My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2025/04/09 Council Agenda Packet
>
Council Agenda Packets
>
2025
>
2025/04/09 Council Agenda Packet
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
4/10/2025 8:32:47 AM
Creation date
4/10/2025 8:30:23 AM
Metadata
Fields
Template:
Council Agenda Packet
Date
4/9/2025
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
109
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Download electronic document
View images
View plain text
<br /> <br />13 <br /> <br />Incidents”), aggregate the data and, upon the Covered Entity’s written request, <br />report to the Covered Entity in accordance with the reporting requirements <br />identified in this Agreement. <br /> <br />(iii) Business Associate shall take all commercially reasonable steps to <br />mitigate, to the extent practicable, any harmful effect that is known to Business <br />Associate resulting from any unauthorized access, use, disclosure, modification, or <br />destruction of PHI. <br /> <br />(iv) Business Associate shall Permit termination of this BAA if the Covered <br />Entity determines that Business Associate has violated a material term of this BAA <br />with respect to Business Associate’s security obligations and Business Associate is <br />unable to cure the violation. <br /> <br />(v) Upon Covered Entity’s request, Business Associate shall provide Covered <br />Entity with access to and copies of documentation regarding Business Associate’s <br />safeguards for PHI and Electronic PHI. <br /> <br />(vi) Notice Timeline. Business Associate shall notify Covered Entity as soon as <br />practicable, but in no event later than five (5) business days after discovery, any <br />unauthorized access, use, disclosure, modification, or destruction of PHI (including <br />any Successful Security Incident) that is not permitted by this BAA, by applicable <br />law, or permitted in writing by Covered Entity, whether such non-compliance is by <br />(or at) Business Associate or by (or at) a Business Associate Subcontractor. <br /> <br />(vii) Notice of Breach. Business Associate shall notify Covered Entity following <br />discovery and without unreasonable delay but in no event later than five (5) <br />business days following discovery, any Breach of Unsecured Protected Health <br />Information, whether such Breach is by Business Associate or by Business Associate <br />Subcontractor. <br /> <br />a. As provided for in 45 C.F.R. § 164.402, Business Associate <br />recognizes and agrees that any acquisition, access, use or disclosure of PHI <br />in a manner not permitted under the HIPAA Privacy Rule (Subpart E of 45 <br />C.F.R. Part 164) is presumed to be a Breach. As such, Business Associate shall <br />(i) notify Covered Entity of any non-permitted acquisition, access, use or <br />disclosure of PHI, and (ii) assist Covered Entity in performing (or at Covered <br />Entity’s direction, perform) a risk assessment to determine if there is a low <br />probability that the PHI has been compromised. <br /> <br />b. Business Associate shall cooperate with Covered Entity in meeting <br />the Covered Entity’s obligations under the HIPAA Requirements and any <br />other security breach notification laws. Business Associate shall follow its
The URL can be used to link to this page
Your browser does not support the video tag.