Common use of Health Insurance Portability and Accountability Clause in Contracts

Health Insurance Portability and Accountability. Act (HIPAA): Contractor acknowledges that it may receive confidential information, Personal Identifying Information (PII), and Protected Health Information (PHI) through Contractor’s performance of its obligations under this Agreement. Contractor will comply with all laws and standards with respect to the access, use, protection, disclosure, and storage of such PII/PHI, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”)(45 C.F.R. Parts 160 and 164) under HIPAA. The definitions set forth in the Privacy Rule are incorporated by reference into this Agreement (45 C.F.R. § 160.103 and 164.501). Contractor shall maintain the confidentiality of PII/PHI and protect the privacy of the individuals to whom the records pertain. Pursuant to C.R.S. § 6-1-713 et seq., with respect to PII/PHI provided by County, Contractor will implement and maintain reasonable security procedures and practices that are (a) appropriate to the nature of the PII/PHI, and (b) reasonably designed to help protect the PII/PHI from unauthorized access, use, modification, disclosure, or destruction. If a security breach compromises PII/PHI, Contractor will notify County as quickly as possible, and without unreasonable delay, following discovery of a security breach. Contractor will cooperate with County in responding to the breach, including sharing information relevant to the breach. This provision shall survive expiration or termination of this Agreement. County is not required to mark confidential information or PII/PHI as confidential in order for Contractor’s obligations under this provision to apply. If Contractor is ever unsure as to the confidential nature of any information or documentation, Contractor shall seek clarification from County prior to using, disclosing, or communicating such information or documentation. Contractor will treat confidential information received under this Agreement with at least the same degree of care as it uses in maintaining its own confidential information, but no less than a reasonable degree of care. Contractor will comply with all applicable laws in its retention and use of confidential information under this Agreement. Contractor will only access the confidential information as necessary to perform the Work. Contractor will require that all of its employees, volunteers, and agents protect the confidential information against unauthorized use or disclosure. Contractor is prohibited from disclosing the confidential information to any third-party without the County’s consent. Contractor will maintain and adhere to adequate administrative, technical, and physical safeguards designed to protect confidential information against unauthorized access or disclosure. The administrative, technical, and physical safeguards must be: (1) no less rigorous than those maintained by Contractor for its own confidential information;