Laserfiche WebLink
REV:01-20-23 MI <br />to permit Covered Entity to respond to a written request by an Individual for an <br />accounting of disclosures of PHI in accordance with 45 CFR 164.528. <br />2.12. Business Associate agrees to provide access, at the request of Covered Entity and <br />within ten (10) Business Days after receipt of written request, to PHI in the custody <br />and control of Business Associate in a Designated Record Set, to Covered Entity or, as <br />directed by Covered Entity, to an Individual in order to meet the requirements under <br />45 CFR 164.524. If PHI is maintained in a Designated Record Set electronically, and <br />an electronic copy of such PHI is requested, Business Associate will provide an <br />electronic copy in the form and format requested if it is readily producible in such <br />form and format. If it is not readily producible in such format, Business Associate <br />will work with the Covered Entity or, at the Covered Entity’s request, the individual to <br />determine an alternative form and format that enable Covered Entity to meet its <br />electronic access obligations under 45 CFR 164.524. <br />2.13. Business Associate agrees to make any amendment(s) to PHI in a Designated Record <br />Set in the custody or control of Business Associate within ten (10) Business Days after <br />receiving written request from the Covered Entity or, upon Covered Entity’s request, <br />as requested in writing by an Individual pursuant to 45 CFR 164.526. <br />2.14. In the event that Business Associate transmits or receives any Covered Electronic <br />Transaction on behalf of the Covered Entity, it shall comply with all applicable <br />provisions of the Standards for Electronic Transactions Rule to the extent Required by <br />Law, and shall ensure that any subcontractors or agents that assist Business Associate <br />in conducting Covered Electronic Transactions on behalf of the Covered Entity agree <br />in writing to comply with the Standards for Electronic Transactions Rule to the extent <br />Required by Law. <br />2.15. Business Associate shall not directly or indirectly receive payment in exchange for <br />any PHI of an Individual unless Covered Entity or Business Associate received a valid <br />authorization from the Individual, in accordance with 45 CFR 164.508, unless <br />permitted under the HIPAA rules. <br />2.16. Business Associate shall not use PHI for marketing purposes without a valid <br />authorization from the affected Individuals, unless such communication is permitted <br />under the HIPAA rules <br />2.17. Business Associate shall not use or disclose genetic information for underwriting <br />purposes in violation of the HIPAA rules. <br />3.Permitted Uses and Disclosures by Business Associate <br />3.1. Except as otherwise limited in this Agreement, Business Associate may use or <br />disclose PHI to perform functions, activities, or services for, or on behalf of, Covered <br />Entity related to the Administrative Services Agreement between Business Associate <br />and Covered Entity. <br />3.2. Except as otherwise limited in this Agreement, Business Associate may disclose PHI <br />for the proper management and administration of Business Associate, provided that <br />such disclosures are Required by Law, or Business Associate obtains reasonable <br />assurances from the person to whom the information is disclosed that it will remain <br />confidential and be used or further disclosed only as Required by Law or for the <br />purpose for which it was disclosed to the person, and the person notifies Business <br />Associate of any instance of which it is aware in which the confidentially of the <br />information has been Breached. <br />3.3. Except as otherwise limited in this Agreement, Business Associate may use PHI to <br />provide Data Aggregation services to Covered Entity as permitted by 45 CFR <br />164.504(e)(2)(i)(B). <br />ATTY/AGR.2023.010/Navia Benefit Solutions (Navia Services (Dental HRA) 2023) (Page 39 of 42)