2.2 Safety precautions. Business Associate is committed to implementing and implementing appropriate administrative, physical and technical security measures to prevent the use or disclosure of PPHs; and (b) to adequately protect the confidentiality, integrity and availability of the ePHI that creates, receives, manages or transmits business associate on behalf of the insured entity. These security measures include a written information security directive, a security incident response plan, regular safety awareness training and confidentiality/non-disclosure agreements with independent subcontractors and consultants with whom Business Associate has delegated tasks under this AGENCY. The Business Associate Agreement is required by HIPAA to grant a third party (3rd) (“Business Associate”) access to protected health information (PHI) by a medical office (“covered facility”). It outlines the rules under which personal medical records can be transmitted in accordance with federal law. After the authorization, the business partner is responsible for the protection of all protected health information shared with specific instructions in case of security violation. It is strictly forbidden for the counterpart to sell or use health information prohibited for the subsystem. NOW, taking into account these premises and the following mutual commitments and agreements, the entity and business partner are hereafter agreed: [the parties may add additional features to the counterparty`s breach notification obligations, for example. B a stricter period for the counterparty in order to report a possible violation to the entity concerned and/or whether the counterparty will deal with infringement notifications to individuals, the Civil Rights Office (OCR) and possibly the media on behalf of the entity concerned. In the event of termination of the agreement, for whatever reason, the counterparty may, with respect to the protected health information obtained by the insured organization or have been established, maintained or received by a counterparty on behalf of an insured company, the following reasons: (f) [optional] Counterparties may disclose protected health information for the proper management and management of the counterparty or assume the legal responsibilities of the counterparty; if the information is required by law or if the consideration receives reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and will not be disclosed or disseminated until then, in accordance with the law or for the purposes for which it was communicated to the person, and the person informs the counterpart of any cases of which he or she is aware. confidentiality of the information has been breached.

[Optional] The covered entity cannot ask the counterparty to use or disclose protected health information in a manner that would not be authorized under Part E of 45 CFR Part 164 if this is done by an insured company. [include an exception if the counterparty uses or discloses protected health information and the agreement contains provisions relating to data aggregation, management and management, as well as the legal responsibilities of the counterparty.] 1.6. “HITECH Act” is subtitle D of the Health and Health and Health Sciences Act, provisions of the American Recovery and Reinvestment Act of 2009, 42 U.S.C.