Minimum required. Counterparty undertakes to make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary to achieve the intended objectives, in accordance with the counterparty`s policies and procedures. (h) document and, within thirty (thirty) days of receipt of the covered undertaking`s written request, provide the covered undertaking with the information necessary for the covered undertaking to carry out an accounting of protected health information on a person or, if the covered undertaking so orders, to provide such information directly to a person; all this is in accordance with the rules of the HIPC and in accordance with the requirements for the accounting of disclosures made by electronic healing, th record; When analysing the likelihood that unlawful use or disclosure would compromise PHI, the undertakings and counterparties concerned should consider analysing whether the person who used the information or to whom the disclosure was made was an unauthorized person. If the minimum breach required occurs in the case of disclosure to a counterparty or as an internal use within an entity or covered counterparty, the fact that the information was not obtained by a third party would be part of the risk assessment and would support the low probability that PHI was compromised. While some minimally necessary infringements may fall within exceptions to the definition of infringements, these derogations must be carefully analysed before an undertaking or counterparty concerned notifies a minimum standard infringement. CONSIDERING that the parties have previously entered into certain agreements (“agreements”) for the provision of services (which may include transaction services and the maintenance of hardware and/or software products) (“Services”) that involve the use and/or disclosure of protected health information; and the 2013 amendments also describe that the minimum standard required is a prerequisite for the permitted use of PHI; Therefore, where a counterparty does not apply the required minimum standards, the counterparty does not make use or disclosure authorised in accordance with the HIPC. (c) data accounting. The counterparty undertakes to keep the documentation of the information necessary for the provision of an accounting of the PHI data in accordance with point 45 C.F.R. . .
- No hay categorías