Business Associate Agreement Template - Maine Department Of Health And Human Services Page 4
ADVERTISEMENT
1
2
3
4
5
6
7Department’s Director of Healthcare Privacy or her designee within twenty-four (24)
hours of when the Business Associate becomes aware of an actual or suspected incident
or breach. In the event that a breach is determined to have occurred under the authority
of the Business Associate, Business Associate will cooperate promptly with the
Department to provide all specific information required by the Department for mandatory
notification purposes.
d. Subcontractors and Agents. In accordance with 45 CFR 164.502(e)(1)(ii) and
164.308(b)(2), if applicable, Business Associate shall ensure that any third parties, agents
or subcontractors (together, “Subcontractors”) that use, disclose, create, acquire, receive,
maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions,
conditions, and requirements that apply to Business Associate with respect to such PHI.
Business Associate shall obtain and maintain a written agreement with each
Subcontractor that has or will have access, through Business Associate, to the
Department’s PHI, ensuring that the Subcontractor agrees to be bound to the same
restrictions, terms and conductions that apply to Business Associate under this
Agreement.
e. Mitigation. The Business Associate shall exhaust, at its sole expense, all reasonable
efforts to mitigate any harmful effect known to the Business Associate arising from the
use or disclosure of PHI by Business Associate in violation of the terms of this
Agreement.
f. Accounting of Disclosures. To the extent required by the terms of this Agreement,
Business Associate will maintain and make available the information and/or
documentation required to provide an accounting of disclosures as necessary to satisfy
the Department’s obligations under 45 CFR 164.528.
g. Access. In the event that Business Associate creates or maintains PHI in a designated
record set, Business Associate will use commercially reasonable efforts to make PHI
available in the format requested, and as necessary to satisfy the Department’s obligation
under 45 C.F.R. 164.524, within 30 days from the time of request. Business Associate
will inform the Department of the individual’s request within 5 (five) business days of the
request.
h. Amendment. In the event that Business Associate creates or maintains PHI in a
designated record set, Business Associate agrees to make any amendment(s) to the PHI as
directed or agreed to by the Department, or take other measures as necessary to satisfy
the Department’s obligations under 45 CFR 164.526, in such time period and in such
manner as the Department may direct.
i. Restrictions. Upon notification from the Department, Business Associate shall adhere to
any restrictions on the use or disclosure of PHI agreed to by or required of the
Department pursuant to 45 CFR 164.522.
j. Audit by the Department or the HHS Secretary. The Business Associate will make its
internal practices, books and records relating to the use or disclosure of PHI received
4 of 7
ADVERTISEMENT
0 votes
Related Articles
Related forms
State Of Maine Department Of Health And Human Services Division Of Licensing And Regulatory Services Medical Use Of Marijuana Program Caregiver Application
Medical
State Of Maine Temporary Officiate Application Form - Maine Department Of Health And Human Services
Legal
Medication Management Services Only - Continued Stay Review Form - Maine Department Of Health And Human Services
Legal
Related Categories
Parent category: Business