Laserfiche WebLink
18IPage <br /> Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary <br /> determining Covered Entity's compliance with HIPAA. <br /> Disclosure Documentation. Business Associate agrees to document such disclosures of Protected <br /> Health Information and information related to such disclosures as would be required for Covered <br /> Entity to respond to a request by an Individual for an accounting of disclosures of Protected <br /> Health Information in accordance with 45 CFR Section 164.528. Business Associate agrees to <br /> provide to Covered Entity or an Individual information collected in accordance with this <br /> subsection to permit Covered Entity to respond to a request by an Individual for an accounting of <br /> disclosures of Protected Health Information in accordance with 45 CFR Section 164.528. <br /> j. Training. Business Associate agrees to train its employees who handle Covered Entity's Protected <br /> Health Information about the Business Associate's obligations and permitted uses and disclosures <br /> under this Agreement. <br /> k. Compliance with the HITECH Act. To the extent not already referenced in this Agreement, the <br /> requirements applicable to Business Associate under the HITECH Act are hereby incorporated by <br /> reference into the Agreement. Business Associate agrees to comply, as of the applicable effective <br /> dates of each such HIPAA obligation under the HITECH Act applicable to Business Associate, with <br /> the requirements imposed by the HITECH Act, including any applicable guidance issued by the <br /> Department of Health and Human Services relating to the HITECH Act and HIPAA. <br /> Delegated Obligations. To the extent Business Associate is to carry out one or more of Covered <br /> Entity's obligations under Subpart E of 45 CFR Part 164, Business Associate agrees to comply with <br /> the requirements of Subpart E that apply to Covered Entity in the performance of such <br /> obligations. <br /> 3. PERMITTED USES BY BUSINESS ASSOCIATE. <br /> a. Service Agreement. Except as otherwise limited in this Agreement, Business Associate may use <br /> or disclose Protected Health Information to perform functions, activities, or services for, or on <br /> behalf of, Covered Entity as specified in the Service Agreement, provided that such use or <br /> disclosure would not violate the Privacy Rule if done by Covered Entity or the minimum necessary <br /> policies and procedures of the Covered Entity. <br /> b. Other Permitted Usage. Except as otherwise limited in this Agreement, Business Associate may <br /> use Protected Health Information for the proper management and administration of the Business <br /> Associate or to carry out the legal responsibilities of the Business Associate. In addition, Business <br /> Associate may use Protected Health Information to provide Data Aggregation services as <br /> permitted by 45 CFR Section 164.504(e)(2)(i)(B). <br /> 4. OBLIGATIONS OF COVERED ENTITY. <br /> a. Change in Privacy Practices. Covered Entity shall notify Business Associate of any limitation(s) in <br /> its notice of privacy practices of Covered Entity in accordance with 45 CFR Section 164.520, to the <br /> extent that such limitation may affect Business Associate's use or disclosure of Protected Health <br /> Information. Additionally, Covered Entity shall notify Business Associate of any limitation(s) or <br /> restriction(s) in its security practices to the extent that such limitation may affect Business <br /> Associate's use or disclosure of Protected Health Information. <br /> VEBA Administrative Service Agreement (405512) <br />