Common use of Safeguarding PHI Clause in Contracts

Safeguarding PHI. Contractor shall use appropriate Administrative Safeguards, Physical Safeguards and Technical Safeguards to prevent the use or disclosure of PHI other than as permitted by this BAA. Contractor shall maintain an appropriate level of security with regard to all personnel, systems, and administrative processes used by Contractor to transmit, store, process, or otherwise handle PHI. Contractor shall not transmit PHI over any open network unless the transmission is encrypted or otherwise secured according to the appropriate standard of care. Accordingly, Contractor shall (i) comply with the Security Rule; (ii) implement Administrative Safeguards, Physical Safeguards, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PHI that it creates, receives, maintains, or transmits on behalf of OHCA as required by section 164.314(a) of the Security Rule and in accordance with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework; and (iii) require that any agent or Subcontractor to whom Contractor delegates any function or activity it has undertaken to perform on behalf of OHCA, and to whom Contractor provides Electronic PHI received from, or created or received by Contractor on behalf of OHCA, agrees to implement reasonable and appropriate safeguards to protect such Electronic PHI. Further, to the extent that Contractor conducts any Transaction (as defined in 45 CFR 160.103) electronically on behalf of OHCA, it will comply with the applicable requirements in the Standards for Electronic Transactions under 45 CFR Parts 160 and 162.

Safeguarding PHI. Contractor shall use appropriate Administrative Safeguards, Physical Safeguards and Technical Safeguards to prevent the use or disclosure of PHI other than as permitted by this BAA. Contractor shall maintain an appropriate level of security with regard to all personnel, systems, and administrative processes used by Contractor to transmit, store, process, or otherwise handle PHI. Contractor shall not transmit PHI over any open network unless the transmission is encrypted or otherwise secured according to the appropriate standard of care. Accordingly, Contractor shall (i) comply with the Security Rule; (ii) implement Administrative Safeguards, Physical Safeguards, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PHI that it creates, receives, maintains, or transmits on behalf of OHCA as required by section 164.314(a) of the Security Rule and in accordance with the National Institute of Standards and Technology (“NIST”) Cybersecurity FrameworkRule; and (iii) require that any agent or Subcontractor to whom Contractor delegates any function or activity it has undertaken to perform on behalf of OHCA, and to whom Contractor provides Electronic PHI received from, or created or received by Contractor on behalf of OHCA, agrees to implement reasonable and appropriate safeguards to protect such Electronic PHI. Further, to the extent that Contractor conducts any Transaction (as defined in 45 CFR 160.103) electronically on behalf of OHCA, it will comply with the applicable requirements in the Standards for Electronic Transactions under 45 CFR Parts 160 and 162.