Page 67 - Privacy

Page 67 - Privacy_Program

P. 67

CFO with Director of DP160.7c (c) use and disclose PHI if law requires the disclosure; and
Information Technology,
Privacy and Data Security
CFO with Director of DP160.7d (d) use and disclose PHI if the business associate obtains reasonable assurances
Information from the person to whom the information is disclosed that it will be held
Technology, Privacy confidentially and used or further disclosed only as required by law or for the
and Data Security purpose for which it was disclosed to the person. The person to whom the PHI is
disclosed must notify the business associates of any instances of which it is aware
that the confidentiality of the information has been breached.
CFO with Director of DP160.8 Contracts or agreements between the organization and a business associate will
Information prohibit a business associate to use or disclose PHI in a manner that would
Technology, Privacy violate HIPAA privacy regulations.
and Data Security
CFO with Director of DP160.9 Before omitting a termination authorization from its other arrangements, the
Information organization will ensure that the authorization is inconsistent with statutory
Technology, Privacy obligations of the organization or its business associate.
and Data Security
CFO with Chief Officers DP160.10 The organization will take reasonable steps to ensure that third parties that
access, process, or receive PHI under the organization's control take equivalent
steps as the organization does to protect that data.
CFO with Director of DP160.11 The organization will ensure contracts or other arrangements between the
Information organization and its business associates comply with the policies and
Technology, Privacy procedures described herein and pursuant to 45 C.F.R. §164.504(e).
and Data Security

GES CONFIDENTIAL 63

62 63 64 65 66 67 68 69 70 71 72