Laserfiche WebLink
a) Business Associate shall comply with all applicable federal and state laws <br /> and regulations relating to maintaining and safeguarding the confidentiality of PHI and implement <br /> administrative, physical and technical safeguards, consistent with the size and complexity of <br /> Business Associate's operations that reasonably and appropriately protect the confidentiality, <br /> integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of <br /> Providence. Business Associate shall comply with such safeguards as of the applicable dates <br /> pursuant to HIPAAJHITECH and ARRA and their respective implementing regulations. Such <br /> safeguards shall include, without limitation, implementing written policies and procedures in <br /> compliance with HIPAA/HITECH and ARRA,conducting a security risk assessment,and training <br /> Business Associate workforce members who will have access to PHI with respect to the policies <br /> and procedures required by HIPAA/HITECH and ARRA. <br /> b) Business Associate warrants that Business Associate,its directors,officers, <br /> subcontractors, workforce members, affiliates, agents, and representatives: (1) shall use or <br /> disclose PHI only in connection with fulfilling its duties and obligations under this Agreement and <br /> the Service Agreement;(2)shall not use or disclose PHI other than as permitted or required by this <br /> Agreement, the Service Agreement, or required by law; and(3) shall not use or disclose PHI in. <br /> any manner that violates applicable federal and state laws or would violate such laws if used or <br /> disclosed in such manner by Providence; and (4) shall otherwise comply with the terms of this <br /> Agreement. <br /> c) Subject to the restrictions set forth in the previous paragraph and throughout <br /> this Agreement, Business Associate may use the PHI received from Providence if necessary for <br /> (1)the proper management and administration of Business Associate; or(2)to carry out the legal <br /> responsibilities of Business Associate pursuant to the Service Agreement. <br /> d) Business Associate acknowledges that all PHI created, received, <br /> maintained, accessed or transmitted between Business Associate and Providence shall be and <br /> remain the sole property of Providence,including any and all forms thereof developed by Business <br /> Associate in the course of its fulfillment of its obligations pursuant to the Agreement and Service <br /> Agreement. <br /> e) Business Associate agrees that no PHI may be created, received, <br /> maintained,accessed or transmitted outside of the United States of America. <br /> f} Business Associate further represents that,to the extent Business Associate <br /> requests that Providence disclose PHI to Business Associate,such request is only for the minimum <br /> necessary PHI for the accomplishment of the Business Associate's authorized purpose under the <br /> Service Agreement. <br /> g} Business Associate shall provide adequate training to its workforce <br /> members and subcontractors to ensure compliance with this subsection. <br /> h) Business Associate shall also comply with any additional security <br /> requirements contained in ARRA or subsequent rules promulgated by HHS that are applicable to <br /> Business Associates. <br /> 2 <br />