Laserfiche WebLink
Business Associate agrees not to Use or further Disclose PHI other than as permitted or required <br /> by this Agreement, or as required by law. <br /> 2.2 Adequate Safeguards for PHI. Business Associate warrants that it shall implement and <br /> maintain appropriate safeguards to prevent the Use or Disclosure of PHI in any manner other <br /> than as permitted by this Agreement. <br /> 2.3 Adequate Safeguards for EPHI. Business Associate warrants that it shall implement and <br /> maintain administrative,physical, and technical safeguards that reasonably and appropriately <br /> protect the confidentiality, integrity, and availability of any electronic protected health <br /> information("EPHI")that it creates, receives, maintains, or transmits on behalf of the Covered <br /> Entity. <br /> 2.4 Reporting Non-Permitted Use or Disclosure. Business Associate shall within five <br /> business days in writing notify Covered Entity's Privacy Official or Director of Human <br /> Resources of each Use or Disclosure of PHI, of which Business Associate becomes aware (other <br /> than Security Incidents, covered under the terms set forth below),that is made by Business <br /> Associate, its employees,representatives, agents or subcontractors that is not specifically <br /> permitted by this Agreement or by law. In addition, Business Associate shall report to the <br /> Covered Entity any Security Incident of which it becomes aware as follows: a)reports of <br /> successful unauthorized access shall be made within five business days; and b)reports of <br /> attempted unauthorized access shall be made in a reasonable time and manner considering the <br /> nature of the information to be reported and subject to mutual agreement of the parties. <br /> 2.5 Availability of Internal Practices, Books and Records to Government Agencies. Business <br /> Associate agrees to make its internal practices, books and records relating to the Use and <br /> Disclosure of PHI available to the Secretary of the federal Department of Health and Human <br /> Services for purposes of determining Covered Entity's compliance with the Privacy Regulations <br /> and Security Regulations. Business Associate shall immediately notify Covered Entity of any <br /> requests made by the Secretary and provide Covered Entity with copies of any documents <br /> produced in response to such request, if allowed by law to do so. <br /> 2.6 Access to and Amendment of PHI and Accounting of Disclosures. Business Associate <br /> agrees to make available PHI (a) as required by 45 CFR Section 164.524; (b) for amendment and <br /> incorporate any amendments to PHI as required by 45 CFR Section 164.526; and(c)to provide <br /> an accounting of disclosures as required by 45 CFR Section 164.528, and to the extent applicable <br /> Section 13405(c)of Title XII, Subtitle D of the Health Information Technology for Economic <br /> and Clinical Health("HITECH")Act, codified at 42 U.S.C. §17932. <br /> 2.7 Privacy-Related Services Regarding Requests by Individuals. Upon receipt, Covered <br /> Entity shall, no later than five(5) business days following receipt of a request,provide notice to <br /> and forward any and all individual requests received pursuant to 45 CFR Sections 164.522, <br /> 164.524, 164.526 or 164.528 (collectively referred to as the "Requests") to Business Associate <br /> at its last known address. <br /> Schedule 4, Page 2 <br />