PRIVACY AND SECURITY OBLIGATIONS Clause Samples

PRIVACY AND SECURITY OBLIGATIONS. 7.1 Personal information collected or maintained by the Recipient within Canada is subject to the provisions of the applicable federal, provincial or territorial privacy and access to information legislation or the Personal Information Protection and Electronic Documents Act (PIPEDA). Recipients delivering a Project overseas will: A) comply with the current national or domestic laws of the countries where services are being provided, including any laws that may be enacted after the beginning of the Agreement; and B) acknowledge that nothing in the applicable laws derogates from, prevents compliance with or conflicts with the requirements of this Agreement. The Recipient must notify the Department immediately, and where possible in advance, of a change to applicable laws that derogates from, prevent compliance or conflict with the requirements of this Agreement. 7.2 Recipients will limit their collection of personal information to only that which is necessary for them to carry out their programming, and must be proportional to the benefit to be derived from the expected outcomes of the Project. 7.3 Personal information shall be treated as confidential and not disclosed to any person, other than the client, except in accordance with applicable law. When requested, the Recipient shall provide clients with reasonable access to view their information that was collected for purposes of programming funded by the Department. 7.4 The Recipient shall take all security measures reasonably necessary to protect any such personal information using methods that are generally used by prudent public and private sector organizations. These measures must meet the requirements, standards or guidelines found in applicable policy, directives or protocols of the Government of Canada, including those set out in any instructions issued by the Department for the protection of personal information against unauthorized use or disclosure. Recipients delivering a Project outside Canada will ensure cross-border transmission of personal information between its offices in countries where the Recipient is delivering the Project and fulfilling its obligations pursuant to this Agreement must only be done when necessary or required for the performance of the Project and shall be in compliance with all sections of this Agreement. If requested by the Department, the Recipient shall provide a description of cross-border transmission of information that is necessary for the Project. 7.5 Where the...
View SourceView Similar (5)
PRIVACY AND SECURITY OBLIGATIONS. Hospital shall: 1. Recognize that HIPAA applies directly to Hospital and that if Hospital carries out its duties using another Subcontractor, Hospital must enter into a business associate agreement with its subcontractor. 2. Not use or further disclose PHI other than as permitted or required by this Subcontract, or as Required by Law. Hospital shall limit its use, disclosure, or request of PHI, to the extent practicable, to the limited data set as defined in 45 C.F.R. §164.514(e)(2), or, if additional PHI is needed, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, in accordance with any guidance issued by HHS pursuant to Section 13405(b) of the HITECH Act and the minimum necessary policies and procedures of USAMed. 3. Implement and maintain appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Subcontract. Hospital shall comply with all requirements of HIPAA (including, without limitation, privacy and security) that apply to covered entities. 4. Implement and maintain appropriate administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that it creates, receives, maintains, or transmits on behalf of USAMed, as required by the Security Rule, or to prevent use or disclosure of EPHI other than as provided for by this Subcontract. Hospital shall comply with 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316 as if it were a covered entity under the Security Rule. Hospital shall also comply with all requirements of the HITECH Act related to security that apply to covered entities. 5. Report to USAMed any Breach of Unsecured Protected Health Information, as required by 45 C.F.R. § 164.410, without unreasonable delay and in no case later than ten (10) days after an employee or agent of Hospital discovers the Breach. Hospital’s notice to USAMed shall include; (a) the identification of each Individual whose Unsecured Protected Health Information has been, or is reasonably believed by Hospital to have been, accessed, acquired, used or disclosed as a result of the Breach, (b) a brief description of the incident, (c) the date the Breach occurred, (d) the date the Breach was discovered, (e) the type of PHI involved, (f) steps an Individual should take to protect him/herself from potential harm resulting from the Breach, (g) a brief description of steps the Hospital has taken to investigat...
View Source
PRIVACY AND SECURITY OBLIGATIONS. The Parties agree to the following privacy and security obligations: 9.1 Each HSP is a HIC. As such, HSPs retain all responsibility for Data in their custody and control and shall comply with all obligations imposed on HICs by PHIPA. For greater certainty, each HSP understands and agrees that, with respect to PHI that originated from itself, it shall bear the responsibility, and not CAMH, to notify Clients of any inappropriate access, use, disclosure, theft or loss of that PHI as further contemplated in clauses 9.18(a) and 9.18(b). 9.2 Under paragraphs 37 (1) (c) and (d) of PHIPA, a HIC is authorized to use (among other uses) PHI about an individual for planning or delivering programs or services that the HIC provides or that the HIC funds in whole or in part, allocating resources to any of them, evaluating or monitoring any of them and for the purpose of activities to improve or maintain the quality of care or to improve or maintain the quality of any related programs or services of the HIC. Subsection 37(2) of PHIPA provides the authority for HSPs to provide PHI to CAMH as their Agent to use PHI for these purposes, as part of the CBI Project. 9.3 Under this ESPA, CAMH operates in the capacity of an Electronic Services Provider that is also an Agent of the HSPs. As such, CAMH may use and disclose the PHI of the HSPs only where such use or disclosure is necessary for CAMH to provide the Services and as an Agent of the HSPs, solely as directed by the HSPs for the purposes set out in the ESPA. 9.4 CAMH is obligated to meet the obligations accruing to an Agent, as defined in PHIPA. At a minimum, CAMH shall maintain the technical, administrative, physical and security safeguards specified in Schedule F. 9.5 CAMH shall provide notice to, and obtain consent from, the Lead Agency and the Privacy, Security and Data Access Sub-Group, prior to implementing any substantive change to its technology environment or to the Schema that could impact the privacy or security of the CBI Project. CAMH shall not use any form of cloud computing for the CBI Project. 9.6 Reconnect as Lead Agency may upon reasonable notice to CAMH and during a Business Day audit the premises of CAMH to determine if CAMH is in compliance with the privacy and security obligations set out in this ESPA.
View Source
PRIVACY AND SECURITY OBLIGATIONS. Many Participants are HIPAA covered entities or business associates of the Participant’s covered entity customers. Other Participants are governmental agencies that are subject to their own legal requirements to protect the privacy and security of health information. For any Participants that are not already subject to HIPAA, or government agencies, the DURSA requires them to comply with HIPAA as a matter of contract. Participants are also subject to other state or federal laws, referred to as Applicable Law. The DURSA does include specific requirements that address areas of high risk to the network related to: system access policies, identification, authentication, enterprise security, malicious software, and auditing and monitoring access. 8. eHealth Exchange HUB and data privacy and security. The eHealth Exchange HUB enables more efficient exchange of Message Content by eliminating the need for Participants to develop a multiplicity of data connections with other Participants. eHealth Exchange has limited access to Participants’ PHI so that it can operate the HUB. This means that the eHealth Exchange is a business associate of each Participant and has entered into a Business Associate Agreement with each Participant.
View Source
PRIVACY AND SECURITY OBLIGATIONS. Each Party will comply with all applicable statutes, regulations, rules, and policies and procedures pertaining to the privacy and security of health information, including but not limited to California Welfare and Institutions Code Section 5328, California Civil Code Section 56.10 et seq., the FBI Criminal Justice Information Services (CJIS) Security Policy, California Government Code Section 6200 et seq., California Penal Code Sections 11142 and 13303, California Vehicle Code Section 1080.45, and the federal Health Insurance Portability and Accountability Act (HIPAA).
View Source
PRIVACY AND SECURITY OBLIGATIONS. ‌ 10.1 The Participating Physician and NLCHI shall protect the privacy and confidentiality of the EMR Data in compliance with PHIA. 10.2 The Participating Physician shall develop, adapt or adopt policies and procedures consistent with the eDOCSNL Physician Privacy and Security Manual available at ▇▇▇.▇▇▇▇▇▇▇.▇▇ and as may be updated from time to time by the EMR Management Committee. Such policies shall include, but, not be limited to: 10.2.1 Explicit requirements for all employees, contractors and agents of the Participating Physician to comply with PHIA and all other applicable provincial and federal privacy legislation; 10.2.2 Maintenance of appropriate hardware and software including robust, up- to-date antivirus, malware protection and firewalls, as well as a commitment to promptly address any hardware or software with known security vulnerabilities. Where appropriate, this includes the removal of software with known security or privacy vulnerabilities; 10.2.3 Provisions to ensure the confidentiality of all passwords and ensure that each password is used only by one Authorized User. 10.3 NLCHI will implement appropriate measures to support ongoing adherence with privacy and security policies by both Parties. Any such policies that involve the Participating Physician’s Med Access or clinic operations will be subject to approval by the EMR Management Committee. 10.4 The Participating Physician is responsible for the actions of his/her Authorized Users and for the content of the Personal Health Information in his/her Med Access. 10.5 The Participating Physician shall require all Authorized Users to sign a privacy and confidentiality agreement. 10.6 NLCHI agrees to comply with, and cause all employees, contractors and agents of NLCHI and TELUS to comply with PHIA and all other applicable provincial and federal privacy legislation. 10.7 The Parties agree that nothing in this Agreement will be interpreted as permitting a use, disclosure or other treatment of EMR Data that would in any matter contravene the terms of PHIA.
View Source
PRIVACY AND SECURITY OBLIGATIONS. Subcontractor shall: 1. Not use or further disclose PHI other than as permitted or required by this Subcontract, or as Required by Law. Subcontractor shall limit its use, disclosure, or request of PHI, to the extent practicable, to the limited data set as defined in 45 C.F.R. §164.514(e)(2), or, if additional PHI is needed, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, in accordance with any guidance issued by HHS pursuant to Section 13405(b) of the HITECH Act and the minimum necessary policies and procedures of Business Associate.‌ 2. Implement and maintain appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Subcontract. Subcontractor shall comply with all requirements of the HITECH Act related to privacy that apply to covered entities. 3. Implement and maintain appropriate administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that it creates, receives, maintains, or transmits on behalf of Business Associate, as required by the Security Rule, or to prevent use or disclosure of EPHI other than as provided for by this Subcontract. Subcontractor shall comply with 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316 as if it were a covered entity under the Security Rule. Subcontractor shall also comply with all requirements of the HITECH Act related to security that apply to covered entities.‌‌‌ 4. Report to Business Associate any Breach of Unsecured Protected Health Information, as required by 45 C.F.R. § 164.410, without unreasonable delay and in no case later than 10 days after an employee or agent of Subcontractor discovers the Breach. Subcontractor’s notice to Business Associate shall include; (a) the identification of each Individual whose Unsecured Protected Health Information has been, or is reasonably believed by Subcontractor to have been, accessed, acquired, used or disclosed as a result of the Breach, (b) a brief description of the incident, (c) the date the Breach occurred, (d) the date the Breach was discovered, (e) the type of PHI involved, (f) steps an Individual should take to protect him/herself from potential harm resulting from the Breach,
View Source
PRIVACY AND SECURITY OBLIGATIONS. Each Party shall implement and maintain information security practices in accordance with standard industry practices for its systems used to provide or access the Jobcase Services or the Jobcase Consumer Data in accordance with applicable law and regulations, including reasonable security procedures and practices appropriate to the nature of the information processed, designed to prevent unauthorized access to, acquisition or destruction, or use or disclosure of, any Jobcase Consumer Data, as well as appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Each Party shall maintain and display a privacy policy on its relevant websites with respect to Jobcase Consumer Data that complies with all applicable laws and industry standards, and that discloses its data use, collection, processing, and retention practices and shall adhere to such policy. Client shall enter into and maintain agreements with its service providers that process Jobcase Consumer Data that comply with applicable law and regulations and prohibit each such service provider from engaging in the “sale” or “sharing” (as such terms are defined under applicable law) for purposes of cross-context behavioral advertising of any Jobcase Consumer Data.
View Source
PRIVACY AND SECURITY OBLIGATIONS 
View SourceView Similar (2)

Related to PRIVACY AND SECURITY OBLIGATIONS

  • Privacy and Security (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended. 13 A. DEFINITIONS

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds’ shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer’s reasonable requests for information concerning Bank’s information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank’s discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank’s information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer (“Breach of Security”); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank’s other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank’s ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer’s ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number, (f) passport number, or (g) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.