Common use of Access to Personal Information by Subcontractors Clause in Contracts

Access to Personal Information by Subcontractors. Supplier agrees to require any subcontractors or agents to which it discloses Personal Information under this Agreement or under any SOW to provide reasonable assurance, evidenced by written contract, that they will comply with the same or substantially similar confidentiality, privacy and security obligations with respect to such Personal Information as apply to Supplier under this Agreement or any SOW. Supplier shall confirm in writing to Gainwell that such contract is in place as a condition to ▇▇▇▇▇▇▇▇’▇ approval of use of a subcontractor in connection with any SOW. Upon request of Gainwell, Supplier will provide to Gainwell a copy of the subcontract or an extract of the relevant clauses. Supplier shall ensure that any failure on the part of any subcontractor or agent to comply with the Supplier obligations under this Agreement or any SOW shall be grounds to promptly terminate such subcontractor or agent. If during the term of this Agreement or any SOW, Gainwell determines, in its exclusive discretion, that any Supplier subcontractor or agent cannot comply with the Supplier obligations under this Agreement or with any SOW, then Gainwell may terminate this Agreement in whole or in part (with respect to any SOW for which such subcontractor or agent is providing services), if not cured by Supplier within the time prescribed in the notice of such deficiency. as permitted or required by this Agreement or as required by law; (b) use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Security Rule with regard to electronic PHI; (c) report to Gainwell any use or disclosure of PHI not provided for under this Agreement of which Supplier becomes aware, including breaches of unsecured protected health information as required by 45 CFR §164.410, (d) in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on Gainwell’s behalf, agree to the same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526;

Access to Personal Information by Subcontractors. Supplier agrees to require any subcontractors or agents to which it discloses Personal Information under this Agreement or under any SOW to provide reasonable assurance, evidenced by written contract, that they will comply with the same or substantially similar confidentiality, privacy and security obligations with respect to such Personal Information as apply to Supplier under this Agreement or any SOW. Supplier shall confirm in writing to Gainwell DXC that such contract is in place as a condition to ▇▇▇▇▇▇▇▇’▇ DXC’s approval of use of a subcontractor in connection with any SOW. Upon request of GainwellDXC, Supplier will provide to Gainwell DXC a copy of the subcontract or an extract of the relevant clauses. Supplier shall ensure that any failure on the part of any subcontractor or agent to comply with the Supplier obligations under this Agreement or any SOW shall be grounds to promptly terminate such subcontractor or agent. If during the term of this Agreement or any SOW, Gainwell DXC determines, in its exclusive discretion, that any Supplier subcontractor or agent cannot comply with the Supplier obligations under this Agreement or with any SOW, then Gainwell DXC may terminate this Agreement in whole or in part (with respect to any SOW for which such subcontractor or agent is providing services), if not cured by Supplier within the time prescribed in the notice of such deficiencydeficiency.‌ European Economic Area (“EEA”) Applicability. In the event that the General Data Protection Regulation (EU Regulation 2016/679) as permitted or required by this Agreement or amended from time to time applies to Supplier , Supplier shall comply with the GDPR Supplement as required by law; set forth herein on the DXC Supplier Portal at (b) use appropriate safeguards to prevent use or disclosure ▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇.▇▇▇▇▇▇▇▇▇▇/contact_us/downloads/General- Data-Protection-Regulation-GDPR.pdf). This GDPR Supplement sets out the terms and conditions for the Processing of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Security Rule with regard to electronic PHI; (c) report to Gainwell any use or disclosure of PHI not provided for under this Agreement of which Supplier becomes aware, including breaches of unsecured protected health information as required by 45 CFR §164.410, (d) in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted Personal Information by Supplier on Gainwell’s behalf, agree to behalf of DXC under the same restrictions and conditions that apply to Supplier with respect Agreement. This GDPR Supplement forms an integral part of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526;the Agreement.