Target Population TREATMENT FOR ADULT (TRA) Target Population
Population The Population shall be defined as all Paid Claims during the 12-month period covered by the Claims Review.
Screening The Health Plan must work with contracted providers to conduct interperiodic EPSDT screens on RIte Care and all ACA Adult Expansion Population members under age 21 (i.e. 19 and 20-year old under this Agreement) to identify health and developmental problems in conformance with ATTACHMENT ED to this Agreement. Additional screens should be provided as Medically Necessary. At a minimum, these screens must include: • A comprehensive health and developmental history, including health education, nutrition assessment, immunization history, and developmental assessment • Immunizations according to the Rhode Island EPSDT Periodicity Schedule • An unclothed physical examination • Laboratory tests including lead, TB, and newborn screenings as medically indicated • Vision testing • Hearing testing • Dental screening oral examination by PCP as part of a comprehensive examination required before age one (1) • All other medically indicated screening services • And provide EOHHS with a list of established CPT/HCPC codes used to identify all billable services included in the EPSDT schedule.
Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.