Business Associate Agreement Template Page 2
ADVERTISEMENT
1
2
3Associate may use or disclose the PHI received or created by it (a) to perform its obligations under this
Agreement, (b) to perform Reimbursement Services for, or on behalf of, Covered Entity as specified in
the Underlying Arrangement, and (c) to provide data aggregation functions to or for the benefit of
Covered Entity. Business Associate may create, use, and disclose Limited Data Sets for research, public
health, and health care operations purposes, and may de-identify PHI. Business Associate shall not
attempt to identify individuals whose data is included in a Limited Data Set or attempt to contact them in
violation of HIPAA. Business Associate may use the PHI received by it to manage and administer its
business or to carry out its legal responsibilities. Business Associate may disclose the PHI received by it
to manage and administer its business or to carry out its legal responsibilities if: (a) the disclosure is
required by law, or (b) Business Associate obtains reasonable assurances from the person to whom the
information is disclosed that it will be held confidentially and used or further disclosed only as required
by law or for the purpose for which it is disclosed to the person, and the person agrees to notify the
Business Associate of any instances of which the person is aware that the confidentiality of the PHI has
been breached. Covered Entity shall not ask Business Associate to use or disclose PHI in any manner that
would not be permissible under HIPAA if done by Covered Entity.
4.
Safeguards. Business Associate agrees to develop, document, use, and keep current
appropriate physical, administrative, and technical safeguards as required by 45 CFR §§164.308-164.316,
sufficient to prevent any use or disclosure of electronic PHI other than as permitted or required by this
Agreement.
5.
Minimum Necessary. To the extent required by HIPAA, Business Associate will limit
any use, disclosure, or request for use or disclosure of PHI to the minimum amount necessary to
accomplish the intended purpose of the use, disclosure, or request.
6.
Report of Improper Use or Disclosure. Business Associate shall report to Covered Entity
any information of which it becomes aware concerning any use or disclosure of PHI that is not permitted
by this Agreement and any security incident of which it becomes aware.
Individual Access. In accordance with an individual’s right to access to their own PHI in
7.
a designated record set under 45 CFR §164.524 and the individual’s right to copy or amend such records
under 45 CFR §164.524 and §164.526, Business Associate shall make available all PHI in a designated
record set to Covered Entity to enable the Covered Entity to provide access to the individual to whom that
information pertains or such individual’s representative.
8.
Amendment of and Access to PHI.
Business Associate shall make available for
amendment PHI in a designated record set and shall incorporate any amendments to PHI in a designated
record set in accordance with 45 CFR §164.526 and in accordance with any process mutually agreed to by
the parties.
9.
Accounting.
Business Associate agrees to document such disclosures of PHI and
information related to such disclosures as would be required for Covered Entity to respond to an
individual’s request for an accounting of disclosures of their PHI in accordance with 45 CFR §164.528.
Business Associate agrees to make available to Covered Entity the information needed to enable Covered
Entity to provide the individual with an accounting of disclosures as set forth in 45 CFR §164.528.
10.
DHHS Access to Books, Records, and Other Information. Business Associate shall make
available to the U.S. Department of Health and Human Services ("DHHS"), its internal practices, books,
and records relating to the use and disclosure of PHI received from, or created or received by Business
Associate on behalf of, Covered Entity for purposes of determining the Covered Entity’s compliance with
HIPAA.
Page - 2 -
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business