Armin Hohenadler

2.3 Legal Advertisements. If Business Associates believes that it is a legal obligation to disclose PHI, it will inform the customer as soon as possible after becoming aware of this obligation and, in any event, at least ten (10) business days prior to the proposed publication, of the legal requirement that protected health information be disclosed. If the Customer objects to the disclosure of such Protected Health Information, the Business Partner will authorize the Customer to exercise any legal rights or remedies that the Customer may have to object to the disclosure of the Protected Health Information, and the Business Partner agrees to provide the Customer, at the Customer`s expense, such assistance as the customer may reasonably require. If the customer does not respond, the counterparty is authorized to disclose the protected health information if it deems it appropriate to comply with the law. Neither Party shall be entitled to re-elect this Agreement without the written consent of the other Party. [The agreement could also provide that the counterparty could, in the event of termination, transmit the protected health information to another counterparty of the covered entity and/or add conditions relating to the obligations of a counterparty, obtain or insure protected health information produced, received or maintained by subcontractors.] The HIPC allows for the inclusion of additional rights of a counterparty, for example.B. the counterparty`s authorisation to use and disclose protected health information for the proper management and management of the counterparty and to provide data aggregation services concerning the healthcare of the undertaking concerned. The permitted uses and advertisements of the counterparty, as required by the Health Insurance Portability and Accountability Act (PPTE) and the provisions adopted therein, are as follows: in the event of termination of this Agreement for any reason, the consideration shall be, in respect of protected health information received from the covered entity or produced by counterparties on behalf of the covered entity, for this reason, it is preferable for BAAs to include language such as „as soon as the infringement was discovered or should have been detected“ in the „Notification of infringements“ section of the agreement. General provision. The data protection rule requires that a covered entity receive satisfactory assurances from its counterparty that the counterparty adequately protects the protected health information it receives or produces on behalf of the covered entity.

Satisfactory assurances must be made in writing, whether in the form of a contract or other agreement between the covered entity and the counterparty. As to what it means to have `routine access` to [PHI] to determine which types of data transmission services are counterparties to simple channels, such a provision will be fact-specific, depending on the type of services provided and the extent to which the undertaking needs access to [PHI] to provide the service to the undertaking concerned. . . .