Common use of Electronic PHI Clause in Contracts

Electronic PHI. If Business Associate receives, creates, transmits, or maintains Electronic PHI on behalf of Covered Entity, Business Associate will, in addition, do the following: (1) Develop, implement, maintain, and use appropriate administrative, physical, and technical safeguards in compliance with Section 1173(d) of the Social Security Act, Title 42, Section 1320(s) or the United States Code and Title 45, Part 162 and 164 of CFR to preserve the integrity and confidentiality of all electronically maintained or transmitted PHI received from or on behalf of Covered Entity. (2) Document and keep these security measures current and available for inspection by Covered Entity. (3) Ensure that any agent, including a subcontractor, to whom the Business Associate provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect it. (4) Report to the Covered Entity any Security Incident of which it becomes aware. For the purposes of this BAA and the Agreement, Security Incident means, as set forth in 45 C.F.R. Section 164.304, “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” Security incident shall not include, (a) unsuccessful attempts to penetrate computer networks or servers maintained by Business Associate, or (b) immaterial incidents that occur on a routine basis, such as general “pinging” or “denial of service” attacks.

Electronic PHI. If Business Associate receives, creates, transmits, transmits or maintains Electronic PHI on behalf of Covered Entity, Business Associate Associates will, in addition, do the following: (1) Develop, implement, maintain, maintain and use appropriate administrative, physical, and technical safeguards in compliance with Section 1173(d) of the Social Security Act, Title 42, Section 1320(s) or the United States Code and Title 45, Part 162 and 164 of CFR to preserve the integrity and confidentiality of all electronically maintained or transmitted PHI received from or on behalf of Covered Entity. (2) Document and keep these security measures current and available for inspection by Covered Entity. (3) Ensure that any agent, including a subcontractor, to whom the Business Associate provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect it. (4) Report to the Covered Entity any Security Incident of which it becomes aware. For the purposes of this BAA and the Agreement, Security Incident means, as set forth in 45 C.F.R. Section 164.304, “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” Security incident shall not include, (a) unsuccessful attempts to penetrate computer networks or servers maintained by Business Associate, or (b) immaterial incidents that occur on a routine basis, such as general “pinging” or “denial of service” attacks.

Electronic PHI. If Business Associate receives, creates, transmits, or maintains Electronic PHI on behalf of Covered Entity, Business Associate will, in addition, do the following: (1) Develop, implement, maintain, and use appropriate administrative, physical, and technical safeguards in compliance with Section 1173(d) of the Social Security Act, Title 42, Section 1320(s) or the United States Code and Title 45, Part 162 and 164 of CFR to preserve the integrity and confidentiality of all electronically maintained or transmitted PHI received from or on behalf of Covered Entity. (2) Document and keep these security measures current and available for inspection by Covered Entity.Entity.‌ (3) Ensure that any agent, including a subcontractor, to whom the Business Associate provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect it. (4) Report to the Covered Entity any Security Incident of which it becomes aware. For the purposes of this BAA and the Agreement, Security Incident means, as set forth in 45 C.F.R. Section 164.304, “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” Security incident shall not include, , (a) unsuccessful attempts to penetrate computer networks or servers maintained by Business Associate, or (b) immaterial incidents that occur on a routine basis, such as general “pinging” or “denial of service” attacks.