Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.</p> </li> </ul> <p> <strong>2. Use and Disclosure of PHI</strong>&nbsp;We may use PHI for our management, administration, data aggregation, analytics and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to them, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the HIPAA Privacy Rule. </p> <p>We use third party cloud service provider. HIPAA compliant region provided by cloud service provider is used for hosting and processing PHI shared by Covered Entity. In the event that PHI must be disclosed to any other subcontractors or agents, we ensure that those subcontractors or agents agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.</p> <p>We may also use PHI to report violations of law to appropriate federal and state authorities.</p> <p> <strong>