By mutual agreement between the parties, the counterparty may retain the IHP and will continue to extend all safeguards, restrictions and restrictions contained in this BAA to the counterparty`s use and/or disclosure of PHI, for as long as the counterparty manages such PHI. The HIPC does not specify which party must pay to report violations. An entity concerned may transfer payment responsibility to the counterparty. A lawyer may revise the text of this provision in accordance with commercial practice. 2.2 Security Measures. The counterparty undertakes to take and use appropriate administrative, physical and technical security measures to (a) prevent the use or disclosure of the PHI; (b) adequately protect the confidentiality, integrity and availability of the ePHI that the counterparty creates, receives, maintains or transfers on behalf of the covered entity. . . .