b. Disclose
P HI
f or
t he
p roper
m anagement
a nd
a dministration
o f
B usiness
A ssociate,
provided
t hat
d isclosures
a re
( i)
R equired
B y
L aw,
o r
( ii)
B usiness
A ssociate
o btains
reasonable
a ssurances
f rom
t he
p erson
t o
w hom
t he
i nformation
i s
D isclosed
t hat
i t
will
r emain
c onfidential
a nd
u sed
o r
f urther
D isclosed
o nly
a s
R equired
B y
L aw
o r
for
t he
p urpose
f or
w hich
i t
w as
D isclosed
t o
t he
p erson,
a nd
t he
p erson
w ill
n otify
Business
A ssociate
o f
a ny
i nstances
o f
w hich
i t
i s
a ware
i n
w hich
t he
c onfidentiality
of
t he
i nformation
h as
b een
b reached;
a nd
c. Use
P HI
t o
r eport
v iolations
o f
l aw
t o
a ppropriate
F ederal
a nd
S tate
a uthorities,
consistent
w ith
§ 164.502(j)(1).
6.
O bligations
o f
H IPAA
C ustomer
a. HIPAA
C ustomer
i s
o bliged
t o
u tilize
B usiness
A ssociate’s
s ervices
i n
a
w ay
t hat
ensures
t hat
H IPAA
C ustomer
i s
i n
c ompliance
w ith
t he
P rivacy
R ule.
b. HIPAA
C ustomer
s hall
n otify
B usiness
A ssociate
o f
a ny
l imitation(s)
i n
i ts
n otice
o f
privacy
p ractices
o f
H IPAA
C ustomer
i n
a ccordance
w ith
4 5
C FR
1 64.520,
t o
t he
extent
t hat
s uch
l imitation
m ay
a ffect
B usiness
A ssociate’s
U se
o r
D isclosure
o f
P HI.
c. HIPAA
C ustomer
s hall
n otify
B usiness
A ssociate
o f
a ny
c hanges
i n,
o r
r evocation
o f,
permission
b y
I ndividual
t o
U se
o r
D isclose
P HI,
t o
t he
e xtent
t hat
s uch
c hanges
m ay
affect
B usiness
A ssociate’s
U se
o r
D isclosure
o f
P HI.
d. HIPAA
C ustomer
s hall
n otify
B usiness
A ssociate
o f
a ny
r estriction
t o
t he
U se
o r
Disclosure
o f
P HI
t hat
H IPAA
C ustomer
h as
a greed
t o
i n
a ccordance
w ith
4 5
C FR
164.522,
t o
t he
e xtent
t hat
s uch
r estriction
m ay
a ffect
B usiness
A ssociate’s
U se
o r
Disclosure
o f
P HI.
e. HIPAA
C ustomer
s hall
n ot
r equest
B usiness
A ssociate
t o
U se
o r
D isclose
P HI
i n
a ny
manner
t hat
w ould
n ot
b e
p ermissible
u nder
t he
P rivacy
R ule
i f
d one
b y
H IPAA
Customer.
f.
HIPAA
C ustomer
a grees
n ot
t o
u se
B usiness
A ssociate’s
s ervices
f or
t he
t ransmission
or
s torage
o f
e PHI
e xcept
i n
m odes
o r
l ocations
a ctively
s afeguarded
b y
B usiness
Associate
a s
p otential
e PHI,
a s
d efined
i n
S ection
2 .
g. HIPAA
C ustomer
a grees
t o
i ndemnify
a nd
h old
h armless
B usiness
A ssociate,
i ts
directors,
o fficers,
s hareholders,
p arents,
s ubsidiaries,
a ffiliates,
a nd
a gents,
f rom
and
a gainst
a ll
l osses,
e xpenses,
d amages
a nd
c osts,
i ncluding
r easonable
a ttorneys’
fees,
r esulting
f rom
H IPAA
C ustomer
' s
f ailure
t o
f ulfill
i ts
o bligations
u nder
t his
Agreement
a nd
t o
u se
B usiness
A ssociate’s
s ervices
i n
s uch
a
m anner
a s
t o
p revent
the
u nauthorized
d isclosure
o f
P HI.
h. HIPAA
C ustomer
a grees
t o
n otify
B usiness
A ssociate
o f
a ny
o f
i ts
u sers
w hose
P HI
should
n ot
b e
D isclosed
t o
i nsurers
o r
H ealth
P lans
d ue
t o
t he
f act
t hat
t hey
p ay
i n
full
f or
t heir
o wn
i nsurance
a nd
h ave
r equested
c onfidentiality.