Security Rule “Security Rule” shall mean the Standards for the Protection of Electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.
Security Rule Obligations The following provisions of this section apply to the extent that Business Associate creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity.
Information Security Requirements In cases where the State is not permitted to manage/modify the automation equipment (server/computer/other) that controls testing or monitoring devices, the Contractor agrees to update and provide patches for the automation equipment and any installed operating systems or applications on a quarterly basis (at minimum). The Contractor will submit a report to the State of updates installed within 30 days of the installation as well as a Plan of Actions and Milestones (POA&M) to remediate any vulnerabilities ranging from Critical to Low. The contractor will provide an upgrade path or compensatory security controls for any operating systems and applications listed as beyond “end-of-life” or EOL, within 90 days of the EOL and complete the EOL system’s upgrade within 90 days of the approved plan.
Security Requirements 11.1 The Supplier shall comply, and shall procure the compliance of the Suppliers Personnel, with the Security Policy and the Security Plan and the Supplier shall ensure that the Security Plan produced by the Supplier fully complies with the Security Policy.
Security Cameras Security cameras have been installed throughout the Facility; however, they will not routinely be used in areas where there is an expectation of privacy, such as restrooms or patient care areas.
Electronic PHI Security Rule Obligations 5.1 With respect to Electronic PHI, Business Associate shall:
Documentation control Specify how documentation will be identified with an alpha numeric which indicates source, recipient, communication number etc. Provide details of any particular format or other constraints; for example that all contractual communications will be in the form of properly compiled letters or forms attached to e mails and not as a message in the e mail itself. State any particular routing requirements but note from TSC3 who issues what to whom.
Data Security Requirements A. Data Transport. When transporting Confidential Information electronically, including via email, the data will be protected by:
Security Badging Any Company employee, or any employee of its contractors or agents, that require unescorted access to the Security Identification Display Area (SIDA) to perform work under this Agreement will be badged with an Airport identification badge (hereinafter referred to as "Badge") provided by Authority’s ID Badging Department and will be subject to an FBI fingerprint-based criminal history records check (CHRC) and an annual Security Threat Assessment (STA). A new or renewed Badge will not be issued to an individual until the results of the CHRC and the STA are completed and indicate that the applicant has not been convicted of a disqualifying criminal offense. If the CHRC or STA discloses a disqualifying criminal offense, the individual’s new or renewed badge application will be rejected. The costs of the CHRC and the annual STA will be paid by Company. These costs are subject to change without notice, and Company will be responsible for paying any increase in the costs. All badged employees of Company and its contractors or agents will comply with Authority's regulations regarding the use and display of Badges. Company will be assessed a fine for each Badge that is lost, stolen, unaccounted for or not returned to Authority at the time of Badge expiration, employee termination, termination of the Agreement, or upon written request by Authority. This fine will be paid by Company within 15 days from the date of invoice. The fine is subject to change without notice, and Company will be responsible for paying any increase in the fine. If any Company employee is terminated or leaves Company’s employment, Authority must be notified immediately, and the Badge must be returned to Authority promptly.
Security Arrangements Infrastructure security of electric system equipment and operations and control hardware and software is essential to ensure day-to-day reliability and operational security. FERC expects the NYISO, the Connecting Transmission Owner, Market Participants, and Interconnection Customers interconnected to electric systems to comply with the recommendations offered by the President’s Critical Infrastructure Protection Board and, eventually, best practice recommendations from the electric reliability authority. All public utilities are expected to meet basic standards for system infrastructure and operational security, including physical, operational, and cyber-security practices.
