Confidentiality Protection of Sensitive Information Ferpa Hipaa Data Breach Notification Computer Systems Security Clause Samples

This clause establishes the obligations of parties to protect confidential and sensitive information, including compliance with specific privacy laws such as FERPA and HIPAA, and to maintain the security of computer systems. It typically requires parties to implement safeguards to prevent unauthorized access or disclosure of protected data, promptly notify the other party in the event of a data breach, and adhere to legal standards for handling educational and health information. The core function of this clause is to ensure the privacy and security of sensitive data, allocate responsibility for data protection, and provide a clear protocol for responding to security incidents.
Confidentiality Protection of Sensitive Information Ferpa Hipaa Data Breach Notification Computer Systems Security 
View SourceView Similar (6)

Related to Confidentiality Protection of Sensitive Information Ferpa Hipaa Data Breach Notification Computer Systems Security

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Patient Information Each Party agrees to abide by all laws, rules, regulations, and orders of all applicable supranational, national, federal, state, provincial, and local governmental entities concerning the confidentiality or protection of patient identifiable information and/or patients’ protected health information, as defined by any other applicable legislation in the course of their performance under this Agreement.

  • CONFIDENTIALITY/SAFEGUARDING OF INFORMATION Contractor shall not use or disclose any information concerning Purchaser, or information which may be classified as confidential, for any purpose not directly connected with the administration of this Contract, except with prior written consent of Purchaser, or as may be required by law.