Administrative Safeguards. Custodian has implemented, and agrees to maintain, commercially reasonable administrative safeguards that include, but are not limited to, (i) security awareness training designed to ensure understanding of responsibilities in guarding against security events and unauthorized use or access to Confidential Information, (ii) logging procedures to proactively monitor user and system activity, (iii) due diligence processes for any approved subcontractors processing Confidential Information, (iv) access termination procedures for timely revocation of access, (v) periodic user entitlement review processes, (vi) software development and change management processes, and (vii) security incident management policies and procedures for the detection, investigation, notification, evidence preservation and remediation of any security incident.
Administrative Safeguards. On or before September 23, 2013 (the “Compliance Date”), Business Associate shall have (i) implemented policies and procedures to prevent, detect, contain, and correct security violations in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(1)(ii); (ii) identified a security official who is responsible for the development and implementation of the policies and procedures required by 45 C.F.R. Part 164, Subpart C “Security Standards for the Protection of Electronic Protected Health Information” (the “EPHI Security Standards”); (iii) implemented policies and procedures to ensure appropriate access to Covered Entity’s Electronic Protected Health Information by its employees, agents or representatives as provided under 45 C.F.R. § 164.308(a)(4), and to prevent its employees, agents or representatives who should not have access under the standards set forth at 45 C.F.R. § 164.308(a)(4) from obtaining access to Covered Entity’s Electronic Protected Health Information in accordance with the implementation specifications set forth in 45 C.F.R. § 164.308(a)(3)(ii); (iv) implemented policies and procedures for authorizing access to Covered Entity’s Electronic Protected Health Information that is consistent with the requirements of 45 C.F.R. Part 164, Subpart E “Privacy of Individually Identifiable Health Information” in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(4)(ii); (v) implemented a security awareness and training program for all of its employees and agents (including its directors and officers) in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(5)(ii); (vi) implemented policies and procedures to address “Security Incidents” in accordance with the implementation specification set forth at 45 C.F.R. § 164.308(a)(6)(ii); and
Administrative Safeguards. SSA and OPM will restrict access to the data matched and to any data created by the match to authorized employees and officials who need it to perform their official duties in connection with the uses of the data authorized in this agreement. Further, SSA and OPM will advise all personnel who have access to the data matched and to any data created by the match of the confidential nature of the data, the safeguards required to protect the data, and the civil and criminal sanctions for noncompliance contained in the applicable Federal laws.
Administrative Safeguards. “Administrative Safeguards” shall mean the Standards for the Protection of Electronic Protected Health Information at 45 CFR §164.308.
Administrative Safeguards. SSA and OCSE will restrict access to the data matched and to any data created by the match to only those users (e.g., employees, contractors, etc.) who need it to perform their official duties in connection with the uses of the data authorized in this agreement. Further, SSA and OCSE will advise all personnel who have access to the data matched and to any data created by the match of the confidential nature of the data, the safeguards required to protect the data, and the civil and criminal sanctions for noncompliance contained in the applicable federal laws.
Administrative Safeguards. USAC and CHFS will comply with the existing and future requirements set forth by the Privacy Act (5 U.S.C. § 552a(o)), FISMA, 44 U.S.C. §§ 3551-3559, related OMB circulars and memoranda such as Circular A-130, Managing Federal Information as a Strategic Resource (July 28, 2016), and NIST directives, including any amendments published after the effective date of this Agreement. These laws, directives, and regulations include requirements for safeguarding federal information systems and personally identifiable information used in business processes, and related reporting requirements. Specifically, FISMA requirements apply to all federal contractors, organizations, or entities that possess or use federal information, or that operate, use, or have access to federal information systems on behalf of an agency. USAC and CHFS will restrict access to the data matched and to any data created by the match to only those authorized employees, contractors and officials who need it to perform their official duties for the uses of the data authorized in this Agreement. USAC and CHFS will also notify such authorized users of the civil and criminal sanctions for noncompliance contained in the applicable federal laws.
Administrative Safeguards. Access to the records matched and to any records created by the match is restricted to only those authorized employees and officials who need them to perform their official duties in connection with the uses of the information authorized in this agreement. Further, all personnel with access to the records matched and to any records created by the match are advised of the confidential nature of the information, the safeguards required to protect the records, and the civil and criminal sanctions for noncompliance contained in the applicable Federal laws. Only authorized personnel will transmit or transport the records used to conduct the match and those created by the match.
Administrative Safeguards. BUSINESS ASSOCIATE shall implement policies and procedures to prevent, detect, contain, and correct security violations, and reasonably preserve and protect the confidentiality, integrity and availability of EPHI, and enforce those policies and procedures, including sanctions for anyone not found in compliance;
Administrative Safeguards. Adopting policies and procedures regarding the safeguarding of Protected Health Information; and enforcing those policies and procedures, including sanctions for anyone not found in compliance;
Administrative Safeguards. CMS and VHA will restrict access to the matched data and to any data created by the match to only those Authorized Users of the Hub, e.g. Administering Entities and their employees, agents, officials, contractors, etc., who need it to perform their official duties in connection with the uses of data authorized in this Agreement. Further, CMS and VHA will advise all personnel who will have access to the data matched and to any data created by the match of the confidential nature of the data, the safeguards required to protect the data, and the civil and criminal sanctions for noncompliance contained in the applicable Federal laws.
