Laserfiche WebLink
ar BIM Audit Services <br /> 3.6 Delegation of Covered Entity's Duties. To the extent Business Associate is to carry out <br /> Covered Entity's obligations under the Privacy Rule, Business Associate will comply with the <br /> requirements of the Privacy Rule in performance of such obligations. <br /> 3.7 Access to Networks. Business Associate agrees that while present at any Covered Entity <br /> facility and/or when accessing the Covered Entity's computer network(s), it and all of its <br /> employees, agents, representatives and subcontractors shall at all times comply with any network <br /> access and other security practices, procedures and/or policies established by the Covered Entity <br /> including,without limitation,those established pursuant to HIPAA's Security Rules. <br /> 3.8 Reporting. Business Associate shall provide Covered Entity with information regarding <br /> all unauthorized uses and disclosures of PHI by Business Associate, its employees or <br /> subcontractors not permitted by this Agreement and of which it becomes aware, including <br /> Breaches of Unsecured PHI as required by the Breach Notification Rule, and the remedial action <br /> taken or proposed to be taken with respect to such prohibited use or disclosure. <br /> 3.9 Mitigation. Business Associate shall mitigate,to the extent practicable,any harmful effect <br /> that is known to Business Associate of a use or disclosure of PHI by Business Associate in <br /> violation of the requirements of this Agreement. <br /> 3.10 Access to PHI. Business Associate shall, at the request of Covered Entity, provide PHI in <br /> a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an individual in <br /> order to meet the requirements of an individual's right of access and requests for access to his or <br /> her PHI. If the PHI is maintained electronically and the individual requests an electronic copy,the <br /> Business Associate must provide the PHI in the form and format requested if readily producible, <br /> or, if not, in a readable electronic form and format as agreed to by the Business Associate and <br /> individual. <br /> 3.11 Accounting of Disclosures. Business Associate shall document such disclosures of PHI <br /> and information related to such disclosures as would be required for Covered Entity to respond to <br /> a request by an individual for an accounting of disclosures of PHI; and provide to Covered Entity <br /> or an individual, information collected in accordance with this Agreement, to permit Covered <br /> Entity to respond to a request by an individual for an accounting of disclosures of PHI by providing <br /> the requested documentation of disclosures promptly to Covered Entity. <br /> If it is determined that the Business Associate maintains an electronic health record as defined by <br /> the HITECH Act,the Business Associate will,in addition to documenting disclosures for purposes <br /> other than for treatment,payment,or health care operations,document disclosures for the purposes <br /> of treatment,payment,or health care operations in accordance with the provisions of the HITECH <br /> Act. <br /> 3.12 Amendment to PHI. Business Associate shall make any amendment(s) to PHI in a <br /> Designated Record Set that Covered Entity directs or agrees to at the request of Covered Entity or <br /> an individual,and in the time and manner designated by Covered Entity. <br /> 3.13 Unauthorized Uses and Disclosures. In the event Business Associate becomes aware of a <br /> Security Incident involving EPHI, by itself or any of its agents or subcontractors, Business <br /> Associate shall promptly notify Covered Entity, in writing, of such Security Incident. For any <br /> Business Associate Agreement 4 <br />