Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.
Safeguards for Personal Information Supplier agrees to develop, implement, maintain, and use administrative, technical, and physical safeguards, as deemed appropriate by DXC, to preserve the security, integrity and confidentiality of, and to prevent intentional or unintentional non-permitted or violating use or disclosure of, and to protect against unauthorized access to or accidental or unlawful destruction, loss, or alteration of, the Personal Information Processed, created for or received from or on behalf of DXC in connection with the Services, functions or transactions to be provided under or contemplated by this Agreement. Such safeguards shall meet all applicable legal standards (including any encryption requirements imposed by law) and shall meet or exceed accepted security standards in the industry, such as ISO 27001/27002. Supplier agrees to document and keep these safeguards current and shall make the documentation available to DXC upon request. Supplier shall ensure that only Supplier’s employees or representatives who may be required to assist Supplier in meeting its obligations under this Agreement shall have access to the Personal Information.
Confidentiality and Safeguarding Information 1. Each Party may have access to confidential information made available by the other. The provisions of the Florida Public Records Act, Chapter 119, F.S., and other applicable state and federal laws will govern disclosure of any confidential information received by the State of Florida.
Information Safeguards Business Associate will develop, document, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of and to prevent non-permitted use or disclosure of PHI created for or received from Recipient or its Subsidiaries. These safeguards must be appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities. Business Associate agrees that these safeguards will meet any applicable requirements set forth by the U.S. Department of Health and Human Services, including (as of the effective date or as of the compliance date, whichever is applicable) any requirements set forth in the final HIPAA security regulations. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate resulting from a use or disclosure of PHI by Business Associate in violation of the requirements of this Addendum.
Human and Financial Resources to Implement Safeguards Requirements 6. The Borrower shall make available necessary budgetary and human resources to fully implement the EMP and the RP.
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Access to Protected Health Information 7.1 To the extent Covered Entity determines that Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within two (2) business days after receipt of a request from Covered Entity, make the Protected Health Information specified by Covered Entity available to the Individual(s) identified by Covered Entity as being entitled to access and shall provide such Individuals(s) or other person(s) designated by Covered Entity with a copy the specified Protected Health Information, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.524.
Contact Information for Privacy and Security Officers and Reports 2.1 Business Associate shall provide, within ten (10) days of the execution of this Agreement, written notice to the Contract or Grant manager the names and contact information of both the HIPAA Privacy Officer and HIPAA Security Officer of the Business Associate. This information must be updated by Business Associate any time these contacts change.
Information Technology Accessibility Standards Any information technology related products or services purchased, used or maintained through this Grant must be compatible with the principles and goals contained in the Electronic and Information Technology Accessibility Standards adopted by the Architectural and Transportation Barriers Compliance Board under Section 508 of the federal Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended. The federal Electronic and Information Technology Accessibility Standards can be found at: xxxx://xxx.xxxxxx-xxxxx.xxx/508.htm.
Confidentiality and Safeguarding of University Records; Press Releases; Public Information Under this Agreement, Contractor may (1) create, (2) receive from or on behalf of University, or (3) have access to, records or record systems (collectively, University Records). Among other things, University Records may contain social security numbers, credit card numbers, or data protected or made confidential or sensitive by Applicable Laws. [Option (Include if University Records are subject to FERPA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Family Educational Rights and Privacy Act, 20 United States Code (USC) §1232g (FERPA) are addressed in Section 12.41.] [Option (Include if University is a HIPAA Covered Entity and University Records are subject to HIPAA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Health Insurance Portability and Accountability Act and 45 Code of Federal Regulations (CFR) Part 160 and subparts A and E of Part 164 (collectively, HIPAA) are addressed in Section 12.26.] Contractor represents, warrants, and agrees that it will: (1) hold University Records in strict confidence and will not use or disclose University Records except as (a) permitted or required by this Agreement, (b) required by Applicable Laws, or (c) otherwise authorized by University in writing; (2) safeguard University Records according to reasonable administrative, physical and technical standards (such as standards established by the National Institute of Standards and Technology and the Center for Internet Security [Option (Include if Section 12.39 related to Payment Card Industry Data Security Standards is not include in this Agreement.):, as well as the Payment Card Industry Data Security Standards]) that are no less rigorous than the standards by which Contractor protects its own confidential information; (3) continually monitor its operations and take any action necessary to assure that University Records are safeguarded and the confidentiality of University Records is maintained in accordance with all Applicable Laws and the terms of this Agreement; and (4) comply with University Rules regarding access to and use of University’s computer systems, including UTS165 at xxxx://xxx.xxxxxxxx.xxx/board-of-regents/policy-library/policies/uts165-information-resources-use-and-security-policy. At the request of University, Contractor agrees to provide University with a written summary of the procedures Contractor uses to safeguard and maintain the confidentiality of University Records.
