Audit, Inspection and Enforcement Clause Samples

Audit, Inspection and Enforcement i. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment. ii. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered Entity’s efforts to audit Business Associate’s compliance with applicable HIPAA Rules. If, through audit or inspection, Covered Entity determines that Business Associate’s conduct would result in violation of the HIPAA Rules or is in violation of the Contract or this Agreement, Business Associate shall promptly remedy any such violation and shall certify completion of its remedy in writing to Covered Entity.
View SourceView Similar (81)
Audit, Inspection and Enforcement i. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment. ii. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered Entity’s efforts to audit Business Associate’s compliance with applicable HIPAA Rules. If, through audit or inspection, Covered Entity determines that Business Associate’s conduct would result in violation of the HIPAA Rules or is in violation of the Contract or this
View SourceView Similar (11)
Audit, Inspection and Enforcement. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment.
View SourceView Similar (7)
Audit, Inspection and Enforcement. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores, and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered Entity’s efforts to audit Business Associate’s compliance with applicable HIPAA Rules. If, through audit or inspection, Covered Entity determines that Business Associate’s conduct would result in violation of the HIPAA Rules or is in violation of the Contract or this Agreement, Business Associate shall promptly remedy any such violation and shall certify completion of its remedy in writing to Covered Entity. Appropriate Safeguards. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as provided in this Agreement. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures. Business Associate shall maintain the confidentiality of passwords and other data required for accessing this information. Business Associate shall extend protection beyond the initial information obtained from Covered Entity to any databases or collections of PHI containing information derived from the PHI. The provisions of this Section 3.l shall be in force unless PHI is de-identified in conformance to the requirements of the HIPAA Rules.
View SourceView Similar (4)
Audit, Inspection and Enforcement. (a) Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from Covered Entity or created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity, available to any state or federal agency, including the Secretary, for the purposes of determining compliance with HIPAA and any related regulations or official guidance. (b) With reasonable notice, Covered Entity and its authorized agents or contractors may audit and/or examine Business Associate’s facilities, systems, policies, procedures, and documentation relating to the security and privacy of Protected Health Information to determine compliance with the terms of this Agreement. Business Associate shall promptly correct any violation of this Agreement found by Covered Entity and shall certify in writing that the correction has been made. Covered Entity’s failure to detect any unsatisfactory practice does not constitute acceptance of the practice or a waiver of Covered Entity’s enforcement rights under this Agreement.
View SourceView Similar (3)
Audit, Inspection and Enforcement. With reasonable notice, CBIASC agrees to make internal practices, books and records, including policies and procedures relating to the use and disclosure of PHI received from Covered Business, or created or received by CBIASC on behalf of Covered Business, available to the Covered Business and the Secretary of the Department of Health and Human Services ("Secretary") to monitor compliance with the HIPAA Rules. CBIASC shall promptly correct any violation of the HIPAA Rules or this Agreement found by Covered Business, according to Covered Business's guidelines, and shall certify to Covered Business, in writing that it made the correction. Covered Business's failure to detect any unsatisfactory practice does not constitute acceptance of the practice or a waiver of Covered Business's enforcement rights under this Agreement.
View SourceView Similar (3)
Audit, Inspection and Enforcement a. Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity, available to any state or federal agency, including the Secretary, for the purposes of determining compliance with HIPAA and any related regulations or official guidance. b. With reasonable notice, Covered Entity and its authorized agents or contractors may audit and/or examine Business Associate’s facilities, systems, policies, procedures, and documentation relating to the security and privacy of PHI to determine compliance with the terms of this Exhibit. Business Associate shall promptly correct any violation of this Exhibit found by Covered Entity and shall certify in writing that the correction has been made. Covered Entity’s failure to detect any unsatisfactory practice does not constitute acceptance of the practice or a waiver of Covered Entity’s enforcement rights under the Agreement.
View SourceView Similar (2)
Audit, Inspection and Enforcement. CONTRACTOR agrees to make internal practices, books, and records relating to the use and disclosure of Napa County Confidential Information received from Napa County or created, received, maintained, or transmitted by CONTRACTOR on behalf of Napa County, available to any state or federal agency, for the purposes of determining compliance with applicable state and federal privacy laws and regulations.
View Source
Audit, Inspection and Enforcement. A. Audit:
View Source
Audit, Inspection and Enforcement. Business Associate agrees that upon reasonable notice of at least ten (10) business days, Covered Entity may audit the Business Associate’s security and privacy policies and procedures, including its security safeguards, to ensure the appropriate protections are in place for Covered Entity’s data. Such audit by Covered Entity may be performed by a third party of Covered Entity’s choosing and expense to perform compliance analysis of Business Associate’s practices with respect to the Privacy and Security Rules, including vulnerability or penetration testing or physical assessments of Business Associate's operations that relate to Covered Entity's PHI. The parties agree to cooperate so that such audits are coordinated to minimize any negative effect on the operation of Business Associate’s database, application or its systems as a result of such a review. Covered Entity will also provide Business Associate with a copy of the results of such testing. The fact that Covered Entity inspects, or fails to inspect, or has the right to audit or inspect Business Associate’s facilities, systems, books, records, agreements, policies and procedures does not relieve Business Associate of its responsibilities to comply with the Service Agreement, this BAA, and applicable HIPAA Regulations, nor does Covered Entity’s (i) failure to detect or (ii) failure to notify Business Associate of or to require Business Associate to remedy a detected unsatisfactory practice, constitute an acceptance of such practice by Covered Entity or a waiver of Covered Entity’s enforcement rights under the Service Agreement or this BAA. In addition, Business Associate agrees to use good faith efforts to retain the right to audit the privacy and security policies and procedures of its subcontractors who may use or disclose PHI.
View Source