Common use of CLIENT RECORDS AND CONFIDENTIALITY Clause in Contracts

CLIENT RECORDS AND CONFIDENTIALITY. The Entity shall maintain complete confidential records for the benefit of clients, sufficient to fulfill the provisions of the Scope of Work, and to document the services rendered under the Scope of Work. All records maintained pursuant to this provision shall be available for inspection by the DOH. The Entity shall protect the confidentiality, privacy and security of all confidential information and records and shall not release any confidential information to any other third party without the express written authorization of the client when the record is a client record, or the DOH. The Entity shall comply with the Federal Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) and applicable regulations and all other State and Federal rules, regulations and laws protecting the confidentiality of information. If the Entity may reasonably be expected to have access to Departments’ Protected Health Information (PHI) and is not a Covered Entity as defined by HIPAA, Entity shall execute the HIPAA/HITECH Business Associate Agreement as a separately executed mandatory agreement which is hereby incorporated by reference into and made part of this Agreement. Failure to execute the HIPAA/HITECH Business Associate Agreement when required by the DOH shall constitute grounds for termination of this Agreement in accordance with Article 9 of this Agreement

CLIENT RECORDS AND CONFIDENTIALITY. A. The Entity shall maintain complete confidential records for the benefit of clients, sufficient to fulfill the provisions of the Scope of Work, and to document the services rendered under the Scope of Work. All records maintained pursuant to this provision shall be available for inspection by the DOH. . B. The Entity shall protect the confidentiality, privacy and security of all confidential information and records and shall not release any confidential information to any other third party without the express written authorization of the client when the record is a client record, or the DOH. . C. The Entity shall comply with the Federal Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) and applicable regulations and all other State and Federal rules, regulations and laws protecting the confidentiality of information. If the Entity may reasonably be expected to have access to Departments’ Protected Health Information (PHI) and is not a Covered Entity as defined by HIPAA, Entity shall execute the HIPAA/HITECH Business Associate Agreement as a separately executed mandatory agreement which is hereby incorporated by reference into and made part of this Agreement. Failure to execute the HIPAA/HITECH Business Associate Agreement when required by the DOH DEPARTMENT shall constitute grounds for termination of this Agreement in accordance with Article 9 of this Agreement.