Hipaa Privacy Data Use Agreement (Page 2 of 2) in pdf

4. Report of Improper Use or Disclosure. Recipient shall immediately report to Covered Entity any

information of which it becomes aware concerning any use or disclosure of PHI or Limited Data Set

information that is not permitted by this Agreement or under HIPAA. This report shall identify the

nature of the violating use or disclosure, the PHI or Limited Data Set information used or disclosed,

who made the violating use or received the disclosure, what corrective action Recipient has or will

take to prevent further violations, including any mitigation, and provide any other information as

Covered Entity may request.

5. Termination Rights; Mitigation. Recipient acknowledges and agrees that Covered Entity shall

have the right to terminate this Agreement in accordance with this #5 and #6 in the event

Recipient breaches or fails to comply with the requirements set forth in this Agreement. In

addition, Covered Entity may immediately terminate the Agreement, if Covered Entity determines,

in its reasonable discretion, that Recipient has failed to comply with a material term of the

Agreement required by HIPAA or is substantially not in compliance with the requirements of HIPAA.

In addition to its obligations under this Agreement, Recipient shall take any other reasonable

actions available to it to mitigate any detrimental effects of such violation or failure to comply.

6. Breach; Knowledge. If Covered Entity knows of a pattern of activity or practice of Recipient that

constitutes a breach or violation of Recipient’s obligations under this Agreement, Covered Entity

and/or Recipient shall take any steps reasonably necessary to cure such breach and make

Recipient comply, and, if such steps are unsuccessful, Covered Entity shall either (a) terminate this

Agreement, if feasible, or (b) if cure and termination are not feasible, discontinue disclosure of

Limited Data Set information to Recipient and report the breach or violation to DHHS. If Recipient

as a covered entity, as defined by HIPAA, violates the terms and conditions of this Agreement or

any other agreement in its capacity as a recipient of Limited Data Set information or business

associate of another covered entity, Recipient will be, for purposes of #5 of this Agreement,

substantially not in compliance with HIPAA.

7. Return of PHI and Limited Data Set Information. Recipient agrees that upon termination of

this Agreement, and if feasible, Recipient shall, at its expense, (a) return or destroy all PHI and

Limited Data Set information received from, or created or received by Recipient or any of

Recipient’s subcontractors or agents on behalf of, Covered Entity that Recipient or its

subcontractors or agents maintain or control in any form or manner and retain no copies of such

information or, (b) if such return or destruction is not feasible, immediately notify Covered Entity of

the reasons return or destruction are not feasible, and extend indefinitely the protection of this

Agreement to such PHI and Limited Data Set information and limit further uses and disclosures to

those purposes that make the return or destruction of the PHI and Limited Data Set information

not feasible.

Acknowledged and agreed to by:

____________________________

________________________________

Recipient:

Covered Entity:

Date:

Company: EchoScribe Inc.

Company:

Hipaa Privacy Data Use Agreement Page 2