Page 66 - Privacy

Page 66 - Privacy_Program

P. 66

CFO with Director of DP160.6a (a) not use or further disclose PHI other than as permitted or required by the
Information contract or as required by law;
Technology, Privacy
and Data Security

CFO with Director of DP160.6b (b) use appropriate safeguards to prevent use or disclosure of PHI other than as
Information provided for by its contract;
Technology, Privacy
and Data Security

CFO with (c) report to the organization any use or disclosure of the information not
Director of Information DP160.6c provided for by its contract of which it becomes aware;
Technology, Privacy and
Data Security

CFO with Director of DP160.6d (d) ensure any agents, including subcontractors, to whom it provides PHI
Information received from, or created or received by a business associate on behalf of,
Technology, Privacy the covered entity agrees to the same restrictions and conditions that
and Data Security apply to the business associate with respect to such information;

CFO with Director of DP160.6e (e) make available PHI in accordance with the individual's right to access such
Information information, including to incorporate any amendments to privacy restricted
Technology, Privacy information and to provide an accounting of disclosures in accordance with the
and Data Security individual's right to request an amendment or accounting of PHI;

CFO with Director of DP160.6f (f) make its internal practices, books, and records relating to the use and
Information disclosure of PHI received from, or created or received by the business associate
Technology, Privacy on behalf of the organization available to the Department of Health and Human
and Data Security Services for purposes of determining the organization’ compliance with HIPAA
regulations;

CFO with Director of DP160.6g (g) at termination of a contract, if feasible, return or destroy all PHI; received
Information from, created, or received by the business associate on behalf of the
Technology, Privacy organization; furthermore, business associates may not retain copies of such
and Data Security information; and

CFO with Director of DP160.6h (h) if such return or destruction is not feasible, extend the protections of the
Information contract to the information and limit further uses and disclosures to those
Technology, Privacy purposes that make the return or destruction of the information infeasible.
and Data Security
CFO with Director of DP160.7 Contracts or agreements between the organization and a business associate
Information may permit the business associate to do the following:
Technology, Privacy
and Data Security
CFO with Director of DP160.7a (a) provide data aggregation services relating to the health care operations of
Information the covered entity;
Technology, Privacy
and Data Security

CFO with Director of DP160.7b (b) use the information received in its capacity as a business associate to the
Information organization, if necessary for the proper management and administration of the
Technology, Privacy business associate or to carry out the legal responsibilities of the business
and Data Security associate;

GES CONFIDENTIAL 62

61 62 63 64 65 66 67 68 69 70 71