HIPAA Security Sample Clauses

The HIPAA Security clause establishes requirements for protecting electronic protected health information (ePHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). It typically obligates parties handling ePHI to implement administrative, physical, and technical safeguards such as encryption, access controls, and regular security assessments. By setting these standards, the clause ensures that sensitive health data is kept confidential and secure, thereby reducing the risk of unauthorized access or data breaches.
HIPAA Security. Doctor agrees that: a. Doctor shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Enrollee electronic Protected Health Information (“e-PHI”) that Doctor creates, receives, maintains or transmits on behalf of CCMI or any health plan company, as required by 45 C.F.R. Part 164 (the “Security Rules”). b. Doctor shall ensure that any agent, including a subcontractor, to whom Doctor provides e-PHI agrees to implement reasonable and appropriate safeguards to protect e-PHI, and c. Doctor shall report to CCMI any security incident involving e-PHI of which Doctor becomes aware. The Security Rules define a “Security Incident” as an attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system, involving e-PHI that is created, received, maintained or transmitted by or on behalf of Party. Since the Security Rules include attempted unauthorized access, use, disclosure, modification or destruction of information, CCMI needs to have notification of attempts to bypass electronic security mechanisms. Therefore, the Parties agree to the following reporting procedures: Security Incidents that result in unauthorized access, use, disclosure, modifications or destruction of information or interference with system operations (“Successful Security Incidents”) and for Security Incidents that do not so result (“Unsuccessful Security Incidents”). i. For Unsuccessful Security Incidents, the Parties agree that this paragraph constitutes notice of such Unsuccessful Security Incidents. ii. For Successful Security Incidents, Doctor shall give notice to CCMI not more than five (5) days after Doctor learns of the Successful Security Incident.
View SourceView Similar (6)
HIPAA Security. The “HIPAA Security Rule” means the Security Standards published on February 20, 2003 at 68 Fed. Reg. 8334 et seq. (45 C.F.R. Parts 160, 162, and 164) as hereafter amended, and “ePHI” means electronic Protected Health Information, as defined in the HIPAA Security Rule that is created, received, maintained, or transmitted by or on behalf of OLIC with regard to the use and/or disclosure of ePHI. Beginning no later than the compliance date applicable to OLIC under the HIPAA Security Rule (April 20, 2005), You agree as follows:
View Source

Related to HIPAA Security

  • E7 Security The Authority shall be responsible for maintaining the security of the Authority premises in accordance with its standard security requirements. The Contractor shall comply with all security requirements of the Authority while on the Authority premises, and shall ensure that all Staff comply with such requirements.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who ▇▇▇ may contact if there are any data security concerns or questions.

  • Not a Security None of the Notes shall be deemed to be a security within the meaning of the Securities Act of 1933 or the Securities Exchange Act of 1934.

  • JOB SECURITY 23.01 Subject to the willingness and capacity of individual employees to accept relocation and retraining, the Employer will make every reasonable effort to ensure that any reduction in the work force will be accomplished through attrition.

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).