1. The Collection Bureau shall carry out its obligations under this Agreement in compliance with the privacy regulations pursuant to Public Law 104-191 of August 21, 1996, known as the Health Insurance Portability and Accountability Act of 1996, Subtitle F – Administrative Simplification, Sections 261, et seq., as amended ("HIPAA"), to protect the privacy of any personally identifiable protected health information ("PHI") that is collected, processed or learned as a result of the Collection Services provided hereunder. In conformity therewith, The Collection Bureau agrees that it will:

Not use or further disclose PHI except as permitted under this Agreement or required by law;

Use appropriate safeguards to prevent use or disclosure of PHI except as permitted by this Agreement;

To mitigate, to the extent practicable, any harmful effect that is known to "Covered Entity" of a use or disclosure of PHI by "Covered Entity" in violation of this Agreement.

Report to "Covered Entity" any use or disclosure of PHI not provided for by this Agreement of which The Collection Bureau becomes aware;

Ensure that any agents or subcontractors to whom The Collection Bureau provides PHI, or who have access to PHI, agree to the same restrictions and conditions that apply to The Collection Bureau with respect to such PHI;

Make additional acquired PHI available to "Covered Entity";

Incorporate any amendments to PHI when notified to do so by "Covered Entity";

Provide an accounting of all uses or disclosures of PHI made by The Collection Bureau as required under the HIPAA privacy rule within 60 days;

Upon request, make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining The Collection Bureau’s and "Covered Entity’s" compliance with HIPAA; and

At the termination of this Agreement, return or destroy all PHI received from, or created or received by The Collection Bureau on behalf of "Covered Entity", and if return is infeasible, the protections of this agreement will extend to such PHI.

2. The specific uses and disclosures of PHI that may be made by The Collection Bureau on behalf of "Covered Entity" includes:

The preparation of invoices to patients, carriers, insurers and others responsible for payment or reimbursement of the services provided by "Covered Entity" to its patients;

Preparation of reminder notices and documents pertaining to collections of overdue accounts;

The submission of supporting documentation to carriers, insurers and other payers to substantiate the health care services provided by "Covered Entity" to its patients or to appeal denials of payment for same.

Uses required for the proper management of the The Collection Bureau as a business associate.

Other uses or disclosures of PHI as permitted by HIPAA privacy rule.

3. Notwithstanding any other provisions of this Agreement, this Agreement may be terminated by "Covered Entity", in its sole discretion, if "Covered Entity" determines that The Collection has violated a term or provision of this Agreement pertaining to "Covered Entity’s" obligations under the HIPAA privacy rule, or if The Collection Bureau engages in conduct which would, if committed by "Covered Entity", would result in a violation of the HIPAA privacy rule by "Covered Entity"