Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST’) concerning the protection of identifiable data such as PHI. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known.
Implementation of Security Standards; Notice of Security Incidents. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate acknowledges that the HITECH Act requires Business Associate to comply with 45 C.F.R. §§ 164.308, 164.310, 164.312, 164.314, and 164.316 as if Business Associate were a Covered Entity, and Business Associate agrees to comply with these provisions of the Security Standards and all additional security provisions of the HITECH Act. Furthermore, to the extent feasible, Business Associate will use commercially reasonable efforts to ensure that the technology safeguards used by Business Associate to secure PHI will render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009), or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Business Associate acknowledges and agrees that the HIPAA Omnibus Rule finalized January 25, 2013 at 78 Fed. Reg. 5566 requires Business Associate to comply with new and modified obligations imposed by that rule under 45 C.F.R. §164.306, 45 C.F.R. § 164.308, 45 C.F.R. § 163.310, 45 C.F.R. § 164.312, 45 C.F.R. § 164.316, 45 C.F.R. § 164.502, 45 C.F.R. § 164.504. Lastly, Business Associate will promptly report to Covered Entity any successful Security Incident of which it becomes aware. At the request of Covered Entity, Business Associate shall identify: the date of the Security Incident, the scope of the Security Incident, the Business Associate’s response to the Security Incident and the identification of the party responsible for causing the Security Incident, if known. Business Associate and Covered Entity shall take reasonable measures to ensure the availability of all affirmative defenses under the HITECH Act, HIPAA, and other state and federal laws and regulations governing PHI and EPHI.
Implementation of Security Standards; Notice of Security Incidents. BA will use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this BAA. BA will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of CE. BA acknowledges BA shall comply with 45 C.F.R. §§164.308, 164.310, 164.312 and 164.316, as if BA were a CE. To the extent feasible, BA will use commercially reasonable efforts to secure PHI through technology safeguards that render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI. BA will promptly report to CE any successful Security Incident of which it becomes aware. At the request of CE, BA shall identify: the date of the Security Incident, the scope of the Security Incident, BA’s response to the Security Incident, and the identification of the party responsible for causing the Security Incident, if known.
Implementation of Security Standards; Notice of Security Incidents. Subcontractor will comply with the Security Standards and, by way of example and not limitation, use appropriate safeguards to prevent the use or disclosure of PHI other than as expressly permitted under this Agreement. In accordance with the Security Standards, Subcontractor will implement administrative, physical, and technical safeguards that protect the confidentiality, integrity and availability of the PHI that it uses, discloses, accesses, creates, receives, maintains or transmits. To the extent feasible, Subcontractor will use commercially reasonable efforts to ensure that the technology safeguards used by Subcontractor to secure PHI will render such PHI unusable, unreadable and indecipherable to individuals unauthorized to acquire or otherwise have access to such PHI in accordance with HHS Guidance published at 74 Federal Register 19006 (April 17, 2009) or such later regulations or guidance promulgated by HHS or issued by the National Institute for Standards and Technology (“NIST”) concerning the protection of identifiable data such as PHI. Subcontractor will promptly report to TokenEx any Security Incident of which it becomes aware; provided, however, that TokenEx acknowledges and shall be deemed to have received notice from Subcontractor that there are routine occurrences of: (i) unsuccessful attempts to penetrate computer networks or services maintained by Subcontractor; and (ii) immaterial incidents such as “pinging” or “denial of services” attacks. At the request of TokenEx, Subcontractor shall identify: the date of the Security Incident, the scope of the Security Incident, Subcontractor’s response to the Security Incident, and to the extent permitted by law, the identification of the party responsible for causing the Security Incident, if known.
Implementation of Security Standards; Notice of Security Incidents. In compliance with the applicable Confidentiality Requirements, Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as permitted under this Exhibit. Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that it uses, discloses, creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate will promptly report to Covered Entity any Security Incident of which it becomes aware; provided, however, that Covered Entity acknowledges and shall be deemed to have received notice from Business Associate that there are routine occurrences of: (i) unsuccessful attempts to penetrate computer networks or services maintained by Business Associate; and (ii) immaterial incidents such as “pinging” or “denial of services” attacks.
