Laserfiche WebLink
16IPaue <br /> f. "Health Care Operations" shall have the same meaning as the term "Health Care Operations" in <br /> 45 CFR Section 164.501. <br /> g. "HITECH ACT" shall mean the provisions of Title XIII, Subtitle D of the American Recovery and <br /> Reinvestment Act of 2009. Any reference to the HITECH Act shall also include any related <br /> regulations issued by the Department of Health and Human Services. <br /> h. "Individual" shall have the same meaning as the term "individual" in 45 CFR Section 160.103 and <br /> shall include a person who qualifies as a personal representative in accordance with 45 CFR <br /> Section 164.502(g). <br /> "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information <br /> that is codified at 45 CFR Parts 160 and 164, subparts A and E. <br /> j. "Protected Health Information" or"PHI" shall mean any information, whether oral or recorded in <br /> any form or medium: (i)that relates to the past, present or future physical or mental condition of <br /> an individual; the provision of health care to an individual; or the past, present or future payment <br /> for the provision of health care to an individual; and (ii)that identifies the individual or with <br /> respect to which there is a reasonable basis to believe the information can be used to identify the <br /> individual, and shall have the meaning given to such term under 45 CFR Section 160.103. <br /> Protected Health Information shall be limited to the information created or received by Business <br /> Associate from or on behalf of Client. <br /> k. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR <br /> Section 164.103. <br /> "Secretary" shall mean the Secretary of the Department of Health and Human Services or his or <br /> her designee. <br /> m. "Security Rule" shall mean the Security Standards for the Protection of Electronic Protected <br /> Health Information under HIPAA that is codified at 45 CFR Parts 160 and 164, subparts A and C. <br /> n. "Unsecured PHI" shall mean Protected Health Information that is not secured through the use of <br /> a technology or methodology that renders such Protected Health Information unusable, <br /> unreadable or indecipherable to unauthorized individuals, as specified in guidance issued <br /> pursuant to Section 13402(h) of the HITECH Act, including the Breach Notification Rule. <br /> 2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE. <br /> a. Permitted Uses and Disclosures. Business Associate agrees to not use or disclose Protected <br /> Health Information other than as permitted or required by this Agreement or as Required By Law. <br /> Business Associate recognizes that the Protected Health Information is and shall remain the <br /> Covered Entity's property except as set forth in the Service Agreement. Business Associate agrees <br /> that it acquires no title or rights to the Protected Health Information as a result of this Agreement. <br /> To the extent required by the Privacy Rule, Business Associate shall only request, use and/or <br /> disclose the minimum amount of Protected Health Information necessary to accomplish the <br /> purpose of the request, use and/or disclosure. The determination of what constitutes the <br /> minimum necessary amount of Protected Health Information shall be determined in accordance <br /> VEBA Administrative Service Agreement (405512) <br />