[Parties may wish to add further clarifications regarding the counterparty`s notification obligations in the event of an infringement, for example. B a stricter period for the counterparty to report a potential infringement to the company concerned and/or if the counterparty processes, on behalf of the company concerned, notifications of infringements to individuals, to the HHS Office for Civil Rights (OCR) and possibly to the media.] [Option 2 – where the agreement authorises the counterparty to use or disclose protected health information for its own management and management or to exercise its legal responsibilities and the counterparty must retain protected health information for those purposes after termination of the contract] Exceptions to the Business Associate Standard. The confidentiality rule contains the following exceptions to the counterparty standard. See 45 CFR 164.502(s). In such situations, the entity concerned shall not be required to enter into a counterparty contract or any other written agreement before the protected health information can be transmitted to the natural or legal person. To comply with the HIPC, a counterparty agreement must contain a description of the permitted and necessary uses and information of PHI by the counterparty. The counterparty agreement must also require, inter alia, that the counterparty: [In addition to other permitted purposes, the parties must indicate whether the counterparty has the right to use protected health information to de-identify the information referred to in 45 CFR 164.514(a)-c). The parties may also wish to indicate how the counterparty will anonymize the information and the uses and disclosures of anonymous information authorized by the counterparty.] C. What provisions must be included in a counterparty contract? This document contains examples of counterparty arrangements that make it easier for companies and covered counterparties to meet counterparty contract requirements. . . .