Common use of Information; Confidentiality Clause in Contracts

Information; Confidentiality. Grantee shall keep confidential, and cause all Subcontractors to keep confidential, all State Records, unless those State Records are publicly available. Grantee shall not, without prior written approval of the State, use, publish, copy, disclose to any third party, or permit the use by any third party of any State Records, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the State. If Grantee will or may have access to any State Confidential Information or any other protected information, Grantee shall provide for the security of all State Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. Grantee shall comply with all Colorado Office of Information Security (“OIS”) policies and procedures which OIS has issued pursuant to CRS §§24-37.5-401 through 406 and 8 CCR §1501-5 and posted at xxxx://xxx.xxxxx.xx.xx/ois, all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Grantee’s performance under this Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI- DSS); FBI Criminal Justice Information Service Security Addendum; Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges; and Electronic Information Exchange Security Requirements and Procedures for State and Local Agencies Exchanging Electronic Information with The Social Security Administration. Grantee shall immediately forward any request or demand for State Records to the State’s principal representative.

Information; Confidentiality. Grantee shall keep confidential, and cause all Subcontractors to keep confidential, all State Records, unless those State Records are publicly available. Grantee shall not, without prior written approval of the State, use, publish, copy, disclose to any third party, or permit the use by any third party of any State Records, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the State. If Grantee will or may have access to any State Confidential Information or any other protected information, Grantee shall provide for the security of all State Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. Grantee shall comply with all Colorado Office of Information Security (“OIS”) policies and procedures which OIS has issued pursuant to CRS §§24-37.5-401 through 406 and 8 CCR §1501-5 and posted at xxxx://xxx.xxxxx.xx.xx/oisxxxxx://xxx.xxxxxxxx.xxx/standards-policies-guides/technical-standards-policies, all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Grantee’s performance under this Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI- PCI-DSS); FBI Criminal Justice Information Service Security Addendum; Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges; and Electronic Information Exchange Security Requirements and Procedures for State and Local Agencies Exchanging Electronic Information with The Social Security Administration. Grantee shall immediately forward any request or demand for State Records to the State’s principal representative.

Information; Confidentiality. Grantee shall keep confidential, and cause all Subcontractors to keep confidential, all State Records, unless those State Records are publicly available. Grantee shall not, without prior written approval of the State, use, publish, copy, disclose to any third party, or permit the use by any third party of any State Records, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the State. If Grantee will or may have access to any State Confidential Information or any other protected information, Grantee shall provide for the security of all State Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. Grantee shall comply with all Colorado Office of Information Security (“OIS”) policies and procedures which OIS has issued pursuant to CRS §§24-24- 37.5-401 through 406 and 8 CCR §1501-5 and posted at xxxx://xxx.xxxxx.xx.xx/ois, all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Grantee’s performance under this Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI- PCI-DSS); FBI Criminal Justice Information Service Security Addendum; Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges; and Electronic Information Exchange Security Requirements and Procedures for State and Local Agencies Exchanging Electronic Information with The Social Security Administration. Grantee shall immediately forward any request or demand for State Records to the State’s principal representative.. Effective Date: 7/1/2019

Information; Confidentiality. Grantee shall keep confidential, and cause all Subcontractors to keep confidential, all State Records, unless those State Records are publicly available. Grantee shall not, without prior written approval of the State, use, publish, copy, disclose to any third party, or permit the use by any third party of any State Records, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the State. If Grantee will or may have access to any State Confidential Information or any other protected information, Grantee shall provide for the security of all State Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. Grantee shall comply with all Colorado Office of Information Security (“OIS”) policies and procedures which OIS has issued pursuant to CRS §§24-37.5-401 through 406 and 8 CCR §1501-5 and posted at xxxx://xxx.xxxxx.xx.xx/ois, all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Grantee’s performance under this Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI- PCI-DSS); FBI Criminal Justice Information Service Security Addendum; Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges; and Electronic Information Exchange Security Requirements and Procedures for State and Local Agencies Exchanging Electronic Information with The Social Security Administration. Grantee shall immediately forward any request or demand for State Records to the State’s principal representative.

Information; Confidentiality. Grantee shall keep confidential, and cause all Subcontractors to keep confidential, all State Records, unless those State Records are publicly available. Grantee shall not, without prior written approval of the State, use, publish, copy, disclose to any third party, or permit the use by any third party of any State Records, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the State. If Grantee will or may have access to any State Confidential Information or any other protected information, Grantee shall provide for the security of all State Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. Grantee shall comply with all Colorado Office of Information Security (“OIS”) policies and procedures which OIS has issued pursuant to CRS §§24-24- 37.5-401 through 406 and 8 CCR §1501-5 and posted at xxxx://xxx.xxxxx.xx.xx/oisxxxxx://xxx.xxxxxxxx.xxx/standards- policies-guides/technical-standards-policies, all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Grantee’s performance under this Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI- PCI-DSS); FBI Criminal Justice Information Service Security Addendum; Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges; and Electronic Information Exchange Security Requirements and Procedures for State and Local Agencies Exchanging Electronic Information with The Social Security Administration. Grantee shall immediately forward any request or demand for State Records to the State’s principal representative.