Common use of Electronic PHI Security Rule Obligations Clause in Contracts

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI;such c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Contractor Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity the State all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity the State as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity the State upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report report shall be timely made notwithstanding the fact that little information may be known at the time of the Report report and need only include such information then available; e) Following such Reportreport, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report report shall be timely made notwithstanding the fact that little information may be known at the time of the Report report and need only include such information then available; e) Following such Reportreport, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available;the e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) : Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) ; Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) ; Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) ; Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) ; Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) and Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in STATE OF VERMONT Contract # Page 18 of 29 writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The Business Associate shall use reasonable efforts to amend existing written agreements to comply with this provision within 90 days of execution of this Amendment #6 and, for any new written agreement executed after the date of this Amendment #6 must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity Entity, upon request; d) Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available; e) Following such Report, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) Continue to provide to Covered Entity information concerning the incident as it becomes available to it.

Electronic PHI Security Rule Obligations. 5.1 With respect to Electronic PHI, Business Associate shall: a) : Implement and use Administrative, Physical, and Technical Safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312; b) ; Identify in writing upon request from Covered Entity all the safeguards that it uses to protect such Electronic PHI; c) ; Prior to any Use or Disclosure of Electronic PHI by an Agent or Subcontractor, ensure that any Agent or Subcontractor to whom it provides Electronic PHI agrees in writing to implement and use Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of Electronic PHI. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the Use or Disclosure of Electronic PHI, and be provided to Covered Entity upon request; d) ; Report in writing to Covered Entity any Successful Security Incident or Targeted Unsuccessful Security Incident as soon as it becomes aware of such incident and in no event later than five (5) business days after such awareness. Such Report report shall be timely made notwithstanding the fact that little information may be known at the time of the Report report and need only include such information then available; e) ; Following such Reportreport, provide Covered Entity with the information necessary for Covered Entity to investigate any such incident; and f) and Continue to provide to Covered Entity information concerning the incident as it becomes available to it.