Privacy and Security Requirements. Blue Shield must adhere to the terms and conditions in the Information Privacy and Security Requirements which are incorporated as Exhibit E to this Agreement. Schedule A
Privacy and Security Requirements. The parties to the CPA Agreement are required to protect the Confidential Information in accordance with applicable direction and guidelines from the Treasury Board of Canada, or their equivalent in the case of the CPA, with respect to the protection of “Protected B” data, including guidance from CSE (ITSG-33) which aligns with the ISO 27001 framework. Further as a federal government institution, the CPA acknowledges that the Trust is subject to the Access to Information Act (Canada) and the Privacy Act (Canada) and therefore the CPA agrees to submit to whatever reasonable measures are necessary in order to ensure that the Trust can comply with these laws and their related regulations, policies, and directives (“ATIP Legislation”). As such, the CPA agrees: (i) to protect any Personal Information that it may access through the course of providing CPA Services under this CPA Agreement in a manner that is compatible with provisions of ATIP Legislation; and (ii) that it has in place appropriate privacy protection measures to safeguard all the Confidential Information that it has access to under this CPA Agreement. More specifically, the CPA shall, as required by the provisions of Section 12.10 of this CPA Agreement, comply with the security requirements described below at all times.
Privacy and Security Requirements. The Parties are required to protect the CMHC Information in accordance with applicable direction and guidelines from the Treasury Board of Canada (“TBS”), or their equivalent in the case of the Contractor, with respect to the protection of “Protected B” data, including guidance from CSE (ITSG‐33) which aligns with the ISO 27001 framework. Further as a federal government institution, the Contractor acknowledges that CMHC is subject to the Access to Information Act (Canada) and the Privacy Act (Canada) and therefore the Contractor agrees to submit to whatever measures are necessary in order to ensure that CMHC can comply with these laws and their related regulations, policies, and directives (“ATIP Legislation”). As such, the Contractor agrees: (i) to protect any Personal Information that it may access from CMHC Information provided through this Agreement in a manner that is compatible with provisions of ATIP Legislation; and (ii) will ensure that it has in place appropriate privacy protection measures to safeguard all CMHC Information that it has access to under this Agreement. More specifically, Contractor shall, as required by the provisions of Article VII of this Agreement, comply with the security requirements described below at all times: Physical Access:
Privacy and Security Requirements. If the Contractor is a “Business Associate” as defined at 45 C.F.R. § 160.103, it must comply with the privacy and security requirements for functioning as a “business associate” of the Department or as a “covered entity” under HIPAA and HITECH. In addition to executing this Contract, the Contractor must execute the Business Associate Agreement attached to this Contract as Attachment H.
Privacy and Security Requirements. The Company (and to the Knowledge of the Sellers, any third parties having authorized access to Personal Data or User Data) has complied with all Privacy and Security Requirements. The Company has all necessary rights and permissions from third parties (whether contractually, by law, or otherwise) to disclose and transfer all Personal Data or User Data to Parent and for Parent to use such Personal Data or User Data as contemplated under this Agreement in connection with the sale, use and/or operation of the products, services and businesses. The Company has not received any, nor are there any pending, written or oral complaints, claims, demands, inquiries, proceedings, or other notices, including any notices of any investigation, regarding the Company, initiated by any Person or any Governmental Authority alleging that any activity of the Company is in violation of Privacy and Security Requirements, including any Data Laws. None of the Personal Data is subject to the European Union’s General Data Protection Regulation.
Privacy and Security Requirements. Contractor and its employees, agents and subcontractors shall comply with laws, regulations, and plicies governing access to and use of Agency Data, Privacy and Security Requirements, as they are stated elsewhere in this Contract, and as such laws, regulations, and policies are updated or otherwise made available to Contractor.
Privacy and Security Requirements. There are numerous federal and state laws and regulations related to the privacy and security of personal health information. In particular, regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) establish privacy and security standards that limit the use and disclosure of individually identifiable health information (known as “protected health information”) and require the implementation of administrative, physical and technological safeguards to protect the privacy of protected health information and ensure the confidentiality, integrity and availability of electronic protected health information. We are directly subject to certain provisions of the regulations as a “Business Associate” through our relationships with customers. We are also directly subject to the HIPAA privacy and security regulations as a “Covered Entity” with respect to our operations as a healthcare clearinghouse and, if the Altegra Merger is completed, with respect to Altegra’s clinical care visit services. The privacy regulations established under HIPAA also provide patients with rights related to understanding and controlling how their health information is used and disclosed. To the extent permitted by applicable privacy regulations and our contracts with our customers, we may use and disclose protected health information to perform our services and for other limited purposes, such as creating de-identified information, but other uses and disclosures, such as marketing communications, require written authorization from the individual or must meet an exception specified under the privacy regulations. Determining whether data has been sufficiently de-identified to comply with the HIPAA privacy standards and our contractual obligations may require complex factual and statistical analyses and may be subject to interpretation. If we are unable to properly protect the privacy and security of protected health information entrusted to us, we could be found to have breached our contracts with our customers. Further, if we fail to comply with applicable HIPAA privacy and security standards, we could face civil and criminal penalties. HHS is required to perform compliance audits and has announced its intent to perform audits in 2015. In addition to enforcement by HHS, state attorneys general are authorized to bring civil actions seeking either injunctions or damages in response to violations that threaten the privacy of state residents. ...
Privacy and Security Requirements. The Contractor and State will establish written agreements for the requirements to specify applicable systems, tools, and approach to completion of privacy and security deliverables. The Contractor shall provide the following deliverables to the State at the frequencies listed below: NIST 800-53 Task name Periodicity Due to State Delivery Schedule Definition of Deliverables Third party supported services (Included or alternative) Definition of Alternatives and Exceptions Attestation due to the State AC-2 Weekly Privileged Account review Weekly (minimum) Quarterly End of March, June, Sep, Dec Letter to state for Contract or-maintained services Alternative Separate attestation letter for EVV SaaS AU-6 Audit log review Weekly (minimum) Quarterly End of March, June, Sep, Dec Letter to state for Contract or-maintained services Alternative Separate attestation letter for EVV SaaS AC-2 System Access review 180 days 180 days/6 months/ bi-annually End of June, End of December Letter to state for Contract or-maintained services Alternative Separate attestation letter for EVV SaaS AC-2 Roles review forseparation of duties Annual Annual End of June Letter to state for Contractor-maintained services Alternative Separate attestation letterfor EVV SaaS AT-2 Security Awarenesstraining Annual Annual End of July Letter to state for Contractor-maintained services Alternative Separate attestation letterfor EVV SaaS Documen t- wide Security Policy review Annual Annual End of June Letter to state for Contract or-maintained services Alternative Separate attestation letter for EVV SaaS Exercise to be Performed with the State IR-2/3 Incident Response Plan review & training – participation in IR tabletop exercise Annual Annual September Review of IR Plan and documented tabletop exercise results Alternative Separate attestation letter for EVV SaaS CP-3 Contingency planreview/test – participation in Annual Annual October Review of DR/BCP documentation Alternative Separate attestation letter for EVV SaaS DR/BCP tabletopexercise CP-2 Disaster recovery presentation and Review - participation in DR/BCP tabletop exercise Annual Annual October Review of DR/BCP documentation and DR test reports for MMIS core and PMM Alternative attestation letter for EVV SaaS with DR exercise summary available on request Deliverables due to the State CA-7 Continuous monitoring/Securitymetrics report Monthly Quarterly End of March, June, Sep, Dec Metrics tabin POAM workbook. Alternative Separate attestation ...
Privacy and Security Requirements. Customer will comply with all applicable laws concerning the Enformion Products, including without limitation applicable laws regulating how an organization manages, protects and distributes confidential information and laws restricting the collection, use, disclosure, processing and free movement of personal information (collectively, the “Privacy Regulations”). The Privacy Regulations include, to the extent applicable, the Federal “Privacy of Consumer Financial Information” Regulation (12 CFP Part 40) and Interagency Guidelines Establishing Information Security Standards (App B to 12 CFR Part 30), as amended from time to time, issued pursuant to the GLBA. Customer expressly agrees that it will comply with the use requirements applicable pursuant to the GLBA and similar laws, including without limitation each of the permissible use requirements set forth on Exhibit C attached hereto. Customer will maintain all appropriate administrative, physical and technological processes and equipment to store and protect the Enformion Products in a secure manner, including without limitation, maintaining an information security program that is designed to protect information processing system(s) and media containing the Enformion Products from internal and external security threats, and the Enformion Products from unauthorized use or disclosure. In addition and to the extent applicable, Customer specifically agrees to comply with each of the security requirements set forth on Exhibit B attached hereto. Enformion may, from time to time, provide written notice to Customer of updates to the security requirements set forth on Exhibit B, and Customer will comply with the updated security requirements following a mutually agreed upon and reasonable period of time. Customer acknowledges and agrees that Customer has an ongoing obligation to protect and preserve the confidentiality, privacy, security and integrity of the Enformion Products, and the standards embodied in this Agreement are merely minimum standards of conduct for Customer in furtherance of the foregoing continuing obligation.
Privacy and Security Requirements. The term “
