Common use of Security Provisions Clause in Contracts

Security Provisions. Business Associate will take the following measures: 3.9.1 Implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic PHI that it creates, receives, maintains or transmits on behalf of the Covered Entity as required by the Security Rule in accordance with 45 C.F.R § 164.308, 164.310, 164.312 and 164.316; 3.9.2 Ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect the electronic PHI; 3.9.3 Develop and enforce appropriate policies, procedures and documentation standards, including designation of a security official; and 3.9.4 Report to the Covered Entity any security incident (as defined in 45 C.F.R. § 164.304) of which it becomes aware, as well as any breach of unsecured PHI as discussed in Section 3.3 above. The Parties agree that the breach notification requirements of Section 3.3 satisfy any notice requirements of Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but unsuccessful security incidents, for which no additional notice to Covered Entity shall be required.