 |
|
| OUHSC Information Technology Department |
|
|
|
  |
Business Associates Contract: Supporting documents: Full policy The University may permit a business associate to create, receive, maintain, or transmit sensitive data on the behalf of the University only if it obtains satisfactory assurances the business associate will appropriately safeguard the information. When another entity is acting as a business associate of the University, the business associate must appropriately and reasonably protect the sensitive data that it creates, receives, maintains or transmits on behalf of the University. There should be a written agreement between the two parties which ensures the business associate will appropriately and reasonably safeguard the sensitive information. When a written agreement is not possible, the University must make a good faith attempt to obtain satisfactory assurances that the business associate will safeguard the University’s sensitive data, as would be required by a business associate contract, and to document the attempt and any reasons that these assurances cannot be obtained. The transmission of sensitive data by the University to a health care provider concerning anything related to or regarding the treatment of an individual does not require a business associate agreement. All business associate agreements must be documented and must follow the standard business associate agreement language of the University. New contracts with existing business associates do not have to be obtained specifically for this purpose, if existing written contracts adequately address the applicable requirements or can be amended to do so.. |
 |
|
|
 |
 Copyright © 2006 The Board of Regents of the University of Oklahoma, All Rights Reserved.-
Disclaimer | Copyright |
