Laserfiche WebLink
<br />(6) Make available Protected Health Information for amendment by <br />individual Plan members and incorporate any amendments to Protected <br />Health Information in accordance with Section 164.526 of the Privacy <br />Standards; <br /> <br />(7) Make available the Protected Health Information required to <br />provide an accounting of disclosures to individual Plan members in <br />accordance with Section 164.528 of the Privacy Standards; <br /> <br />(8) Make its internal practices, books and records relating to the use <br />and disclosure of Protected Health Information received from the Plan <br />available to the Department of Health and Human Services for purposes <br />of determining compliance by the Plan with the Privacy Standards; <br /> <br />(9) If feasible, return or destroy all Protected Health Information <br />received from the Plan that the Employer still maintains in any form, and <br />retain no copies of such information when no longer needed for the <br />purpose for which disclosure was made, except that, if such return or <br />destruction is not feasible, limit further uses and disclosures to those <br />purposes that make the return or destruction of the information infeasible; <br />and <br /> <br />(10) Ensure the adequate separation between the Plan and members <br />of the Employer's workforce, as required by Section 164.504(f)(2)(iii) of <br />the Privacy Standards and set out in (d) above. <br /> <br />11.18 COMPLIANCE WITH HIPAA ELECTRONIC SECURITY STANDARDS <br /> <br />Under the Security Standards for the Protection of Electronic Protected Health <br />Information (45 CFR Part 164.300 et. seq., the "Security Standards"): <br /> <br />(a) Implementation. The Employer agrees to implement reasonable <br />and appropriate administrative, physical and technical safeguards to protect the <br />confidentiality, integrity and availability of Electronic Protected Health Information <br />that the Employer creates, maintains or transmits on behalf of the Plan. <br />"Electronic Protected Health Information" shall have the same definition as set <br />out in the Security Standards, but generally shall mean Protected Health <br />Information that is transmitted by or maintained in electronic media. <br /> <br />(b) Agents or subcontractors shall meet security standards. The <br />Employer shall ensure that any agent or subcontractor to whom it provides <br />Electronic Protected Health Information shall agree, in writing, to implement <br />reasonable and appropriate security measures to protect the Electronic Protected <br />Health Information. <br /> <br />(c) Employer shall ensure security standards. The Employer shall <br />ensure that reasonable and appropriate security measures are implemented to <br />comply with the conditions and requirements set forth in Section 11.17. <br /> <br />29 <br />