Common use of Implementation of Security Standards; Notice of Security Incidents Clause in Contracts

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”’) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate Distributor will use appropriate safeguards to prevent the use or disclosure of PHI PHJ other than as expressly permitted under this Agreement. Business Associate Distributor will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI PHl that it creates, receives, maintains or transmits on behalf of Covered EntityAtossa. Business Associate Distributor acknowledges that the HITECH Act requires Business Associate Distributor to comply with 45 C.F.R. §§§ 164.308, 164.310, 164.312 and 164.316 164.3l 6 as if Business Associate Distributor were a Covered Entity, and Business Associate Distributor agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH HlTECH Act. Furthermore, to the extent feasible, Business Associate Distributor will use commercially Commercially reasonable efforts to ensure that the technology safeguards used by Distributor to secure PHI through technology safeguards that will render such PHI PHl unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS 1-lliS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations regulation s or guidance promulgated by HHS or issued by including the National Institute for Standards and Technology (“NIST”''NTST'') standard s adopted by HHS concerning the protection of identifiable data such as PHI. Lastly, Business Associate Distributor will promptly report to Covered Entity Atossa any successful Successful Security Incident incident of which it becomes aware. At the request of Covered EntityAtossa, Business Associate Distributor shall identify: the date of the Security Incident, the scope of the Security Incident, the Business AssociateDistributor’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 200917,2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”’) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of A&M System, System Member or the applicable Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§Sections 164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH ActHIPAA Rules. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity A&M System any successful Security Incident of which it becomes aware. At the request of A&M System, System Member or the applicable Covered Entity, Business Associate shall identify: identify the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered EntityFacility. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§§ 164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to ensure that the technology safeguards used by Business Associate to secure PHI through technology safeguards that will render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity Facility any successful Security Incident of which it becomes aware. At the request of Covered EntityFacility, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate Contractor will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate Contractor will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered EntityNRLBH. Business Associate Contractor acknowledges that the HITECH Act requires Business Associate Contractor to comply with 45 C.F.R. §§§ 164.308, 164.310, 164.312 and 164.316 as if Business Associate Contractor were a Covered Entity, and Business Associate Contractor agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate Contractor will use commercially reasonable efforts to ensure that the technology safeguards used by Contractor to secure PHI through technology safeguards that will render such PHI Pill unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by including the National Institute for Standards and Technology (“NIST”) standards adopted by HHS concerning the protection of identifiable data such as PHI. Lastly, Business Associate Contractor will promptly report to Covered Entity NRLBH any successful Security Incident of which it becomes aware. At the request of Covered EntityNRLBH, Business Associate Contractor shall identify: the date of the Security Incident, the scope of the Security Incident, the Business AssociateContractor’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known. CONFIDENTIAL TREATMENT REQUESTED BY ATOSSA GENETICS INC.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§Sections 164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: identify the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered EntityEntity and/or pursuant to this Agreement or the Business Arrangements. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals persons unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful “Security Incident Incident” (as such term is defined in the relevant regulations) of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”’) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.

Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§§ 164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to ensure that the technology safeguards used by Business Associate to secure PHI through technology safeguards that will render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known. Business Associate and Covered Entity shall take reasonable measures to ensure the availability of all affirmative defenses under the HITECH Act, HIPAA, and other state and federal laws and regulations governing PHI and EPHI.