Laserfiche WebLink
City of Tukwila My WebLink |HelpSearch Tips |About |Sign Out
A. Obligations and Activities of the Agency <br />The Agency agrees not to use or disclose protected health information other than <br />as permitted or required by this Contract, HIPAA and the Health Information <br />Technology for Economic and Clinical Health Act HITECH). The Agency shall <br />use and disclose protected health information only if such use or disclosure, <br />respectively, is in compliance with each applicable requirement of 45 CFR <br />164.504(e). The Agency is directly responsible for full compliance with the privacy <br />provisions of HIPAA and HITECH that apply to business associates. <br />2. The Agency agrees to implement administrative, physical, and technical <br />safeguards that reasonably and appropriately protect the confidentiality, integrity, <br />and availability of the protected health information that it creates, receives, <br />maintains, or transmits on behalf of the County as required by 45 CFR, Part 164, <br />Subpart C. The Agency is directly responsible for compliance with the security <br />provisions of HIPAA and HITECH that apply to business associates, including <br />sections 164.308, 164.310, 164.312, and 164.316 of title 45 CFR. <br />3. Within two (2) business days of the discovery of a breach as defined at 45 CFR <br />164.402 the Agency shall notify the County of any breach of unsecured protected <br />health information. The notification shall include the identification of each <br />individual whose unsecured protected health information has been, or is <br />reasonably believed by the Agency to have been, accessed, acquired, or <br />disclosed during such breach; a brief description of what happened, including the <br />date of the breach and the date of the discovery of the breach, if known; a <br />description of the types of unsecured protected health information that were <br />involved in the breach (such as whether full name, social security number, date of <br />birth, home address account number, diagnosis, disability code, or other types of <br />information were involved); any steps individuals should take to protect <br />themselves from potential harm resulting from the breach; a brief description of <br />what the Agency is doing to investigate the breach, to mitigate harm to <br />individuals, and to protect against any further breaches; the contact procedures of <br />the Agency for individuals to ask questions or learn additional information, which <br />shall include a toll free number, an e-mail address, Web site, or postal address; <br />and any other information required to be provided to the individual by the County <br />pursuant to 45 CFR 164.404, as amended. A breach shall be treated as <br />discovered in accordance with the terms of 45 CFR 164.410. The information <br />shall be updated promptly and provided to the County as requested by the <br />County. <br />4. The Agency agrees to mitigate; to the extent practicable, any harmful effect that <br />is known to the Agency of a use or disclosure of protected health information by <br />the Agency in violation of the requirements of this Contract or the law. <br />5. The Agency agrees to report in writing all unauthorized or otherwise improper <br />disclosures of protected health information or security incident to the County <br />within two days of the Agency knowledge of such event. <br />6. The Agency agrees to ensure that any agent, including a subcontractor, to whom <br />it provides protected health information received from, or created or received by <br />the Agency on behalf of the County, agrees to the same restrictions and <br />conditions that apply through this Contract to the Agency with respect to such <br />information. <br />City of Tukwila Page 16 of 19 2011 Contract <br />