Common use of Data and Information Control Clause in Contracts

Data and Information Control. Confidentiality. Contractor agrees to hold in strict confidence and will not disclose any Data obtained by the Contractor as a result of the Contract, without the written permission of the University. Contractor must assume that all University information, documents, data, source codes, software, models, know-how, trade secrets, or other material is confidential. Contractor shall not use or disclose Data received from or on behalf of University except as required by law, or as otherwise authorized in writing by University. Similarly, Contractor agrees that any and all Data exchanged shall be used expressly and solely for the purposes enumerated in the Agreement. Data shall not be distributed, repurposed or shared across other applications, environments, or business units of Contractor, or passed to other vendors or interested parties except on a case-by-case basis as specifically agreed to in writing by University. The Contractor must return all originals of any Data provided by the University and destroy any copies the Contractor has made on termination or expiration of this Contract. The Contractor will be liable for the disclosure of any confidential information. The parties agree that the disclosure of confidential information of the University may cause the University irreparable damage for which remedies other than injunctive relief may be inadequate, and the Contractor agrees that in the event of a breach of the obligations hereunder, the University shall be entitled to temporary and permanent injunctive relief to enforce this provision without the necessity of proving actual damages. This provision shall not, however, diminish or alter any right to claim and recover damages. Security & Safety Rules. When using or possessing Data provided by the University or accessing University networks and systems, Contractor, its employees, subcontractors and agents must comply with all applicable federal, state and local laws as well as University rules, policies, and regulations regarding University-provided IT resources, data security and integrity. When on any property owned or controlled by the University, Contractor must comply with all security and safety rules, regulations, and policies applicable to people on those premises. Patient Privacy. To the extent applicable to a Contract, the parties hereto agree to comply with the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH ACT”), the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996, as codified at 42 USC § 1320d through d-8 (“HIPAA”) and any current and future regulations promulgated under either the HITECH Act or HIPAA including without limitation the federal privacy regulations contained in 45 CFR Parts 160 and 164 (the “Federal Privacy Regulations”), the federal security standards contained in 45 CFR Parts 160, 162 and 164 (the “Federal Security Regulations”) and the federal standards for electronic Transactions Regulations”), all as may be amended from time to time, and all collectively referred to herein as “HIPAA Requirements.” The parties further agree not to use or disclose any Protected Health Information (as defined in 45 CFR § 164.501) or Individually Identifiable Health Information (as defined in 42 USC § 1320d), other than as permitted by HIPAA Requirements and the terms of a Contract. The parties agree to enter into any further agreements as necessary to facilitate compliance with HIPAA Requirements.