Common use of Destruction of Personal Data Clause in Contracts

Destruction of Personal Data. For any PHI received regarding an Eligible Beneficiary referred to Contractor by EOHHS who does not enroll in Contractor’s plan, the Contractor must destroy the PHI in accordance with standards set forth in National Institute of Science and Technology (NIST) Special Publication 800‑88, Guidelines for Media Sanitizations, and all applicable State and federal Privacy and security laws including HIPAA and its related implementing regulations, at 45 C.F.R. Parts 160, 162, and 164, as may be amended from time to time. The Contractor shall also adhere to standards described in OMB Circular No. A‑130, Appendix III‑‑Security of Federal Automated Information Systems and NIST Federal Information Processing Standard 200 entitled “Minimum Security Requirements for Federal Information and Information Systems” while in possession of all PHI. Research Data The Contractor must seek and obtain prior written authorization from CMS and EOHHS for the use of any data pertaining to this Contract for research or any other purposes not directly related to the Contractor’s performance under this Contract.

Destruction of Personal Data. For any PHI received regarding an Eligible Beneficiary referred to Contractor by EOHHS who does not enroll in Contractor’s plan, the Contractor must destroy the PHI in accordance with standards set forth in National Institute of Science and Technology (NIST) Special Publication 800‑88800-88, Guidelines for Media Sanitizations, and all applicable State state and federal Privacy and security laws including HIPAA and its related implementing regulations, at 45 C.F.R. Parts 160, 162, and 164, as may be amended from time to time. The Contractor shall also adhere to standards described in OMB Circular No. A‑130A-130, Appendix III‑‑Security III--Security of Federal Automated Information Systems and NIST Federal Information Processing Standard 200 entitled “Minimum Security Requirements for Federal Information and Information Systems” while in possession of all PHI. Research Data The Contractor must seek and obtain prior written authorization from CMS and EOHHS for the use of any data pertaining to this Contract for research or any other purposes not directly related to the Contractor’s performance under this Contract.