My WebLink
|
Help
|
About
|
Sign Out
Home
2015_1130_CCpacket
Roseville
>
City Council
>
City Council Meeting Packets
>
2015
>
2015_1130_CCpacket
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
12/21/2015 3:05:31 PM
Creation date
11/25/2015 3:11:48 PM
Metadata
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
244
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
3.1.4. Designated Record Set. If Business Associate maintains PHI in a Designated <br />Record Set: <br />(a) Access Request. Business Associate will provide PHI in a Designated <br />Record Set to Covered Entity in order for Covered Entity to meet its <br />obligations under 45 C.F.R. § 164.524. <br />(b) Requests to Amend Designated Record Set. Business Associate will, upon <br />written request from Covered Entity, amend PHI in a Designated Record <br />Set, in order for Covered Entity to meet its obligations under <br />45 C.F.R. § 164.526. <br />3.1.5. Accounting for Disclosures. If Business Associate Discloses PHI that the <br />Covered Entity must account for to an Individual under 45 C.F.R. § 164.528, <br />Business Associate must document and keep sufficient records of each Disclosure <br />so that Covered Entity can provide the required accounting. In arder far Covered <br />Entity to meet its obligations under 45 C.F.R. § 164.528, Business Associate will <br />provide the documentation to Covered Entity upon written request. <br />3.1.6. Reporting to Covered Entity. Except as provided in (b), Business Associate <br />must report in writing to Covered Entity any Use or Disclosure of PHI not <br />permitted or required by this BAA and any Security Incident involving Covered <br />Entity's Electronic PHI, of which Business Associate becomes aware. <br />(a) Business Associate will provide any and all information reasonably <br />requested by Covered Entity with regard to any unauthorized Use, <br />Disclosure, or Security Incident. This Section 3.1.6 applies in addition to, <br />and whether or not there is a Breach of Unsecured PHI, as provided in <br />Section 3.1.7. <br />(b) An attempt by a third party to probe or test the vulnerability of Business <br />Associate's information system or to interfere with that system that does <br />not result in penetration of the firewall or perimeter security measures of <br />Business Associate's system is not considered a"Security Incident" far <br />purposes of Business Associate's reporting obligations under this BAA. <br />3.1.7. Notification of Breach of Unsecured PHI. Business Associate must provide <br />written notice to the Covered Entity of any Breach of Unsecured PHI by Business <br />Associate or Subcontractor ("BA Breach"), within 30 days of Business <br />Associate's discovery of the BA Breach, or earlier if required by law. Each party <br />agrees to cooperate with the other party's investigation of a Breach of Unsecured <br />PHI, and each party bears the costs of its own investigation. <br />3.1.8. Performance by Business Associate of Covered Entity Obligation. To the <br />extent Business Associate is carrying out an obligation of Covered Entity under <br />the Privacy Regulation, Business Associate will comply with the requirements of <br />the Privacy Regulation that would be applicable to Covered Entity in performance <br />of that obligation. <br />1032762-6 <br />18 <br />
The URL can be used to link to this page
Your browser does not support the video tag.