Laserfiche WebLink
17IPa `ge <br /> with the provisions of the Privacy Rule, as amended by Section 13405(b) of the HITECH Act. <br /> Business Associate shall not use or disclose Protected Health Information that is genetic <br /> information for underwriting purposes, as set forth in the regulations issued pursuant to <br /> Section 105 of the Genetic Nondiscrimination Act of 2008. Business Associate will comply with all <br /> provisions of GINA as are applicable to Covered Entity. <br /> b. Safeguards. Business Associate agrees to use administrative, physical and technical safeguards <br /> that reasonably and appropriately protect the confidentiality, integrity and availability of <br /> Protected Health Information, in electronic or any other form, that it creates, receives, maintains <br /> or transmits under this Agreement, in accordance with the Privacy Rule and the Security Rule to <br /> prevent the use or disclosure of Protected Health Information other than as provided for by this <br /> Agreement. Business Associate shall fully comply with the Security Rule with regard to electronic <br /> Protected Health Information. <br /> c. Reporting of Improper Use or Disclosure. Business Associate agrees to report to Covered Entity of <br /> the discovery of any use or disclosure of Protected Health Information not provided for by this <br /> Agreement of which it becomes aware, including a Breach of Unsecured Protected Health <br /> Information as required by 45 CFR 164.410. Business Associate shall also report any Security <br /> Incident of which it becomes aware to Covered Entity. The term "Security Incident" shall not <br /> include inconsequential incidents that occur on a daily basis, such as scans, "pings" or other <br /> unsuccessful attempts to penetrate computer networks or servers containing electronic Protected <br /> Health Information. <br /> d. Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect <br /> that is known to Business Associate of a use or disclosure of Protected Health Information by <br /> Business Associate in violation of the requirements of this Agreement. <br /> e. Agents and Subcontractors. Business Associate agrees to require that any agents or <br /> subcontractors that create, receive, maintain or transmit Protected Health Information on behalf <br /> of Business Associate in relation to Covered Entity agree in writing (in the form of a business <br /> associate contract) to at least as restrictive conditions and requirements that apply through this <br /> Agreement to Business Associate with respect to such information, including the implementation <br /> of reasonable and appropriate measures for safeguarding Protected Health Information. <br /> f. Access to Individuals. Business Associate agrees to provide access to Protected Health <br /> Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an <br /> Individual in order to meet the requirements under 45 CFR Section 164.524. Further, if an <br /> Individual requests a copy of Protected Health Information in a specific electronic format, <br /> Business Associate shall comply with such request, if readily producible, in accordance with the <br /> requirements of 45 CFR Section 164.524. <br /> g. Amendments to Protected Health Information. Business Associate agrees to make any <br /> reasonable amendment(s) to Protected Health Information in a Designated Record Set that the <br /> Covered Entity directs or agrees to pursuant to 45 CFR Section 164.526 at the request of Covered <br /> Entity or an Individual. <br /> h. Access by Covered Entity. Business Associate agrees to make internal practices, books and <br /> records including policies and procedures and Protected Health Information, relating to the use <br /> and disclosure of Protected Health Information received from, or created or received by Business <br /> VEBA Administrative Service Agreement (405512) <br />