Destruction of Personal Data. For any PHI received regarding an Eligible Beneficiary referred to Contractor by the Department who does not enroll in Contractor’s plan, the Contractor must destroy the PHI in accordance with standards set forth in NIST Special Publication 800-88, Guidelines for Media Sanitizations, and all applicable state and federal Privacy and security laws including HIPAA and its related implementing regulations, at 45 C.F.R. Parts 160, 162, and 164, as may be amended from time to time. The Contractor shall also adhere to standards described in OMB Circular No. A-130, Appendix III-Security of Federal Automated Information Systems and NIST Federal Information Processing Standard 200 entitled “Minimum Security Requirements for Federal Information and Information Systems” while in possession of all PHI.
Appears in 2 contracts