Contractors Duties Regarding Confidential Information Sample Clauses

Contractors Duties Regarding Confidential Information. Contractor must Limit access to CI to only Authorized Users for an Authorized Purpose (the services that HHS has hired the contractor to perform) Train its Workforce on privacy and security Sanction its Workforce who violate the DUA Not re-identify de-identified CI Be responsible for its subcontractors and have them sign the Subcontractor Attachment to the DUA Maintain privacy and security policies and procedures andaccountings of disclosures of, and amendments to, PHI. Return or Destroy CI upon termination of DUA at HHS’ electionArticle 3 (Cont.)  Safeguard CI Provide an Initial Security Inquiry or System Security Plan to HHS that documents contractor’s security controls and identifies security risks Establish and implement administrative, procedural, technical and physical safeguards that protect HHS CI Identify a Privacy Official and an Information Security Official to beresponsible for the implementation of the DUA and contact with HHS Maintain a list of Authorized Users Respond to HHS requests for information and cooperate withinvestigations and audits Securely transmit CI (may include encryption) Comply with applicable laws, regulations, security controls and policies
Contractors Duties Regarding Confidential Information