HIPAA and Privacy Laws Sample Clauses

HIPAA and Privacy Laws. (a) Since January 1, 2021, each Company Entity is and has been in material compliance with HIPAA and applicable Privacy Laws. (b) Since January 1, 2021, when functioning either as a “Covered Entity” or as a “Business Associate” (each as defined in 45 C.F.R. § 160.103), each Company Entity has executed valid “business associate agreement” (as described in 45 C.F.R. §§ 164.502(e) and 164.504(e)) with each: (x) agent or contractor of such Company Entity that is a “Business Associate” or Business Associate of such Company Entity; and (y) Covered Entity for which such Company Entity performs functions or activities that renders such Company Entity a Business Associate or Subcontractor (as defined by 45 C.F.R. § 160.103). No Company Entity or, to the Company’s Knowledge, any of their respective Business Associates, has materially breached any such business associate agreement. (c) Since January 1, 2021, no Company Entity has received any written or oral communication from any Governmental Authority alleging material non-compliance by such Company Entity or any Business Associate, agent or subcontractor of such Company Entity with respect to either HIPAA or a Privacy Law. There is no ongoing or, to the Company’s Knowledge, imminently threatened litigation, enforcement proceeding, or to the Company’s Knowledge, any investigation by any Governmental Authority with respect to the HIPAA or Privacy Law compliance of any Company Entity or any Business Associate, agent or subcontractor of any Company Entity. (d) Since January 1, 2021, no Company Entity has experienced any: (i) breach of privacy, security, or confidentiality with respect to Personal Information that required notification to affected data subjects or Governmental Authorities under applicable Privacy Laws; (ii) Breach of Unsecured Protected Health Information, as “Breach” and “Unsecured Protected Health Information” are defined by HIPAA that required notification to affected data subjects, customers or Governmental Authorities under HIPAA; or (iii) any Security Incident as “Security Incident” is defined by HIPAA that required notification to customers under HIPAA.
View SourceView Similar (2)
HIPAA and Privacy Laws. Except as would not reasonably be expected to have a Material Adverse Effect, the Company Parties: (a) are currently conducting the Business in material compliance with HIPAA; (b) have, since January 1, 2013, conducted the Business in material compliance with HIPAA; (c) are currently conducting the Business in material compliance with all applicable Laws governing the privacy, security or confidentiality, including data breach notification, of Personal Data (or similar terms such as “personally identifiable information”, as defined by applicable state and federal Laws), to the extent not preempted by HIPAA (collectively, the “Privacy Laws”); and (d) have, since January 1, 2013, conducted the Business in material compliance with the Privacy Laws. No material Action by any Governmental Authority is currently pending or, to the Seller’s Knowledge, threatened in writing against a Company Party, since January 1, 2013, which is related to compliance by the Company Parties with HIPAA or the Privacy Laws. To the Seller’s Knowledge, and except as would not reasonably be expected to have a Material Adverse Effect, no Company Party has, since January 1, 2013, experienced any (i) material breach of data security, as defined by applicable Privacy Laws, including HIPAA, with respect to Personal Data, (ii) Breach of Unsecured Protected Health Information as “Breach,” “Unsecured Protected Health Information,” and “Protected Health Information” are defined by HIPAA, or (iii) any Security Incident as “Security Incident” is defined by HIPAA, except, with respect to (iii), for those Security Incidents which would not, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. Except as would not reasonably be expected to have a Material Adverse Effect, neither (A) the execution, delivery or performance of this Agreement or any of the other Transaction Documents, nor (B) any of the transactions contemplated by this Agreement or any such other agreement, document or instrument, will result in any violation of any applicable Law or contractual obligations pertaining to the confidentiality or non-disclosure of Company Data and/or User Data.
View SourceView Similar (2)
HIPAA and Privacy Laws. (a) Each Selling Company, its Subsidiaries and Affiliates: (i) are currently conducting their business in material compliance with “Privacy Laws”; (ii) have conducted their business in material compliance with Privacy Laws since such Privacy Laws first became applicable to it; (iii) are currently conducting their business in compliance in all material respects with all “Data Security Requirements”; and (iv) have conducted their business in material compliance with all Data Security Requirements since any such Laws or requirements first became applicable to them. (b) Each Selling Company, its Subsidiaries and Affiliates have taken all reasonable steps to protect the confidentiality, integrity, availability and security of Sensitive Data. Each Selling Company, its Subsidiaries and Affiliates have implemented a written information security program that is comprised of (i) internal processes, policies, and safeguards necessary to comply with Data Security Requirements, and (ii) reasonable and appropriate administrative, physical, organizational and technical safeguards sufficient to (A) identify and address internal and external risks to the privacy and security of Sensitive Data, (B) maintain the confidentiality, integrity, availability and security of Sensitive Data, (C) protect against any anticipated threats or hazards to the confidentiality, integrity, availability and security of Sensitive Data, and (D) protect against a breach of Sensitive Data. Such safeguards comply with (Y) the Data Security Requirements, and (Z) take into account such Selling Company’s, its Subsidiaries’ and Affiliates’ business, technology, information systems and the sensitivity of the Sensitive Data Processed by each Selling Company, its Subsidiaries and Affiliates. (c) Each Selling Company, its Subsidiaries and Affiliates have executed current and valid “Business Associate Agreements” (as described in 45 C.F.R. §§ 164.502(e) and 164.504(e)) with each (i) “Covered Entity” (as defined at 45 C.F.R. § 160.103) for whom such Selling Company, its Subsidiaries or Affiliates provides functions or activities that render such Selling Company, its Subsidiaries or Affiliates a “Business Associate” (as defined at 45 C.F.R. § 160.103)), and (ii) “Subcontractor” (as defined at 45 C.F.R. § 160.103) of such Selling Company, its Subsidiaries and Affiliates that is a Business Associate (pursuant to paragraph (3)(iii) of the definition of “business associate” at 45 C.F.R. § 160.103). Each Selling C...
View Source
HIPAA and Privacy Laws. To the Company’s Knowledge, the Company: (a) is currently conducting its business in material compliance with HIPAA; (b) has conducted its business in material compliance with the HIPAA since HIPAA first became applicable to it; (c) is currently conducting its business in compliance in all material respects with all applicable Laws rules, regulations, directives (and governmental obligations) worldwide and all binding guidance thereunder issued by a Governmental Authority, including all Laws governing breach notification that relate to data protection, security, privacy, and the use of information relating to individuals and/or the information rights of individuals, which may include, but may not be limited to the Personal Information Protection and Electronic Documents Act (Canada), the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), the Act Respecting The Protection Of Personal Information In The Private Sector (Quebec), the Personal Health Information Protection Act (Ontario), the Personal Health Information Privacy and Access Act (New Brunswick), the Personal Health Information Act (Newfoundland and Labrador), the Personal Health Information Act (Nova Scotia), the EU General Data Protection Regulation 2016/679, the EU Data Protection Directive 95/46/EC, the EU Privacy and Electronic Communications Directive 2002/58/EC, any successor legislation to any of the foregoing, and regulations not preempted by HIPAA governing the privacy, security or confidentiality of “Personal Information” (or similar terms such as “Personally Identifiable Information,”, as defined by applicable state, provincial and federal Laws), medical records and other records generated in the course of providing or paying for health care services (collectively, the “Privacy Laws”); and (d) has conducted its business in material compliance with the Privacy Laws since such laws first became applicable to them. The Company has executed current and valid “Business Associate Agreements” (as described in 45 C.F.R. §§ 164.502(e) and 164.504(e)) with each (a) “covered entity” (as defined at 45 C.F.R. § 160.103) for whom the Company provides functions or activities that render the Company a “business associate” (as defined at 45 C.F.R. § 160.103)), and (b) “subcontractor” (as defined at 45 C.F.R. § 160.103) of the Company that is a business associate (pursuant to paragraph (3)(iii) of the definition of “business associate” at 45 C.F.R. §...
View Source

Related to HIPAA and Privacy Laws

  • Privacy Laws The Dealer Manager and Participating Dealer (each referred to individually in this Section XIX as a “party”) agree as follows: (a) Each party agrees to abide by and comply with (i) the privacy standards and requirements of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act of 1999 (“GLB Act”); (ii) the privacy standards and requirements of any other applicable Federal or state law; and (iii) its own internal privacy policies and procedures, each as may be amended from time to time; (b) Each party agrees to refrain from the use or disclosure of nonpublic personal information (as defined under the GLB Act) of all customers who have opted out of such disclosures except as necessary to service the customers or as otherwise necessary or required by applicable law; and (c) Each party shall be responsible for determining which customers have opted out of the disclosure of nonpublic personal information by periodically reviewing and, if necessary, retrieving a list of such customers (the “List”) as provided by each to identify customers that have exercised their opt-out rights. In the event either party uses or discloses nonpublic personal information of any customer for purposes other than servicing the customer, or as otherwise required by applicable law, that party will consult the List to determine whether the affected customer has exercised his or her opt-out rights. Each party understands that each is prohibited from using or disclosing any nonpublic personal information of any customer that is identified on the List as having opted out of such disclosures.

  • Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

  • Compliance with Privacy Laws NCPS represents and warrants that its collection, access, use, storage, disposal and disclosure of Personal Data does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. Without limiting the foregoing, NCPS shall implement administrative, physical and technical safeguards to protect Personal Data that are no less rigorous than accepted industry, and shall ensure that all such safeguards, including the manner in which Personal Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Escrow Agreement. NCPS shall use and disclose Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it, is provided pursuant to the terms and conditions of this Escrow Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Data for NCPS’s own purposes or for the benefit of any party other than Issuer. For purposes of this section, “Personal Data” shall mean information provided to NCPS by or at the direction of the Issuer, or to which access was provided to NCPS by or at the direction of the Issuer, in the course of NCPS’s performance under this Escrow Agreement that: (i) identifies or can be used to identify an individual (also known as a “data subject”) (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), including the identifying information on individuals described in Section 12.