Laserfiche WebLink
ATTACHMENT A <br />HIPAA AND DATA SECURITY REQUIREMENTS <br />d. Use for Proper Management and Administration. Business Associate may Use PHI for <br />the proper management and administration of the Business Associate or to carry out <br />the legal responsibilities of the Business Associate. <br />e. Disclosure for Proper Management and Administration. Business Associate may <br />disclose PHI for the proper management and administration of Business Associate or <br />to carry out the legal responsibilities of the Business Associate, provided the <br />disclosures are required by law, or Business Associate obtains reasonable assurances <br />from the person to whom the information is disclosed that the information will remain <br />confidential and used or further disclosed only as required by law or for the purposes <br />for which it was disclosed to the person, and the person notifies the Business <br />Associate of any instances of which it is aware in which the confidentiality of the <br />information has been Breached. <br />f. Impermissible Use or Disclosure of PHI. Business Associate shall report to DOC in <br />writing all Uses or disclosures of PHI not provided for by this Agreement within one (1) <br />business day of becoming aware of the unauthorized Use or disclosure of PHI, <br />including Breaches of unsecured PHI as required at 45 CFR 164.410 (Notification by <br />a Business Associate), as well as any Security Incident of which it becomes aware. <br />Upon request by DOC, Business Associate shall mitigate, to the extent practicable, <br />any harmful effect resulting from the impermissible Use or disclosure. <br />g. Failure to Cure. If DOC learns of a pattern or practice of the Business Associate that <br />constitutes a violation of the Business Associate's obligations under the terms of this <br />Agreement and reasonable steps by DOC do not end the violation, DOC shall <br />terminate this Agreement, if feasible. In addition, If Business Associate learns of a <br />pattern or practice of its Subcontractors that constitutes a violation of the Business <br />Associate's obligations under the terms of their contract and reasonable steps by the <br />Business Associate do not end the violation, Business Associate shall terminate the <br />Subcontract, if feasible. <br />h. Termination for Cause. Business Associate authorizes immediate termination of this <br />Agreement by DOC, if DOC determines that Business Associate has violated a <br />material term of this Business Associate Agreement. DOC may, at its sole option, <br />offer Business Associate an opportunity to cure a violation of this Business Associate <br />Agreement before exercising a termination for cause. <br />i. Consent to Audit. Business Associate shall give reasonable access to PHI, its internal <br />practices, records, books, documents, electronic data and/or all other business <br />information received from, or created or received by Business Associate on behalf of <br />DOC, to the Secretary of DHHS and/or to DOC for use in determining compliance with <br />HIPAA privacy requirements. <br />j. Obligations of Business Associate Upon Expiration or Termination. Upon expiration or <br />termination of this Agreement for any reason, with respect to PHI received from DOC, <br />Washington State K14078 Page 3 of 19 <br />Department of Corrections Attachment A 26RAD <br />