(iv) The extent to which the risk to the protected health information has been mitigated.ġ.2 “Designated Record Set” shall mean a group of records maintained by or for the Covered Entity that is (i) the medical records and billing records about Individuals maintained by or for the Covered Entity, (ii) the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for the Covered Entity or (iii) used, in whole or in part, by or for the Covered Entity to make decisions about Individuals. (iii) Whether the protected health in-formation was actually acquired or viewed and (ii) The unauthorized person who used the protected health information or to whom the disclosure was made (i) The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification (iii)A disclosure of protected health information where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.Įxcept as provided in paragraph (B) of this definition, an acquisition, access, use, or disclosure of protected health information in a manner not otherwise permitted is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been com-promised based on a risk assessment of at least the following factors: (ii) Any inadvertent disclosure by a person who is authorized to access PHI at Covered Entity or Business Associate to another person authorized to access PHI at the same Covered Entity or Business Associate, or organized health care arrangement in which the Covered Entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under subpart E of Part II, 45 C.F.R. (i)Any unintentional acquisition, access, or use of PHI by a workforce member or person acting under the authority of a Covered Entity or a Business Associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted under subpart E of Part II, 45 C.F.R. (B) EXCEPTIONS – The term “breach” does not include: (A) IN GENERAL – The term “breach” means the acquisition, access, use, or disclosure of PHI in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. Terms used, but not otherwise defined, in this HIPAA Agreement shall have the meanings set forth below. ![]() To fulfill the obligations to the Covered Entity pursuant to either an existing or contemporaneously executed HIPAA Agreement for services to be provided to Covered Entity, the Parties enter into this HIPAA Agreement to protect PHI and, intending to be bound, hereby agree to the following: Parts 160, 162 and 164, require a Covered Entity to enter into a written agreement with a Business Associate in order to protect the privacy and security of individually identifiable health information maintained by a Covered Entity (“Protected Health Information,” or “PHI”). Parts 160 and 164, and the HIPAA Security Rule (“Security Rule”), 45 C.F.R. The Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the HIPAA Privacy rule (“Privacy Rule”), 45 C.F.R. (the “Business Associate”), (Business Associate and Covered Entity each a “Party” and collectively the “Parties”). ![]() This Business Associate Agreement (the “HIPAA Agreement”), effective upon the Contract Date of your Service Agreement and/or Order Form (the “Effective Date”), is entered into by and between you (the “Covered Entity”) and Pretaa, Inc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |