Privacy and Security Safeguards Clause Samples
The Privacy and Security Safeguards clause establishes requirements for protecting personal and sensitive information handled under the agreement. It typically mandates that parties implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, or misuse of data, such as using encryption, access controls, and regular security assessments. This clause serves to ensure compliance with applicable privacy laws and to minimize the risk of data breaches, thereby protecting both parties and affected individuals from potential harm or liability.
POPULAR SAMPLE Copied 1 times
Privacy and Security Safeguards. 8.1 The County receives funding from DHCS pursuant to an annual contracting arrangement (hereinafter “State Contract”). The State Contract contains certain requirements pertaining to the privacy and security of PI and/or PHI and requires that County contractually obligate any of its sub-contractors to also comply with these requirements. Contractor hereby agrees to be bound by, and comply with, any and all terms and conditions of the State Contract, the applicable standards and requirements of the HIPAA regulations and this Exhibit “I,” pertaining to the privacy and/or security of PI and/or PHI. This include ensuring that all workstations, laptops and removable media devices that process and/or store DHCS PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 256bit or higher. A hard copy of the State-County Contract will be provided to the Contractor upon request, and an electronic copy can be found on the BHRS website at ▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇.
8.2 The County is also required to enter into a contract containing specific requirements with Contractor prior to the disclosure of PHI to the Contractor pursuant to the Health Insurance Portability and Accountability Act of 1996, (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act ('the HITECH Act") and their implementing privacy and security regulations at 45 CFR Parts 160 and 164 (collectively “the HIPAA Regulations”).
8.2.1 Contractor is the Business Associate of County, acting on County’s behalf, and provides services, arranges, performs or assists in the performance of functions or activities on behalf of County and creates, receives, maintains, transmits, uses or discloses PHI.
8.3 This section is intended to protect the privacy and security of County information, that Contractor may create, receive, access, store, transmit, and/or destroy under this Contract and serves as the Business Associate Agreement Contractor agrees as follows:
Privacy and Security Safeguards. COUNTY shall develop, maintain, and enforce policies, procedures, and administrative, technical, and physical safeguards that comply with the Applicable Safeguards to ensure the privacy and security of the Protected Information, and to prevent the Use or Disclosure of Protected Information, except as expressly permitted by the Contract and this Attachment.
Privacy and Security Safeguards a. Participant and CyncHealth shall implement and maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, privacy, security, integrity and availability of Electronic Health Information accessible through the System, to protect it against reasonably anticipated threats or hazards, and to prevent its use or disclosure otherwise than as permitted by this Agreement or required by law. Such safeguards shall comply with all Applicable Law and CyncHealth Governing Principals and Policies.
b. Each party shall notify the other of any Security Incident relating to the System of which either Party becomes aware, any unauthorized use or disclosure of information within or obtained from the System, any inappropriate grant of access or assignment of access rights to Participant’s Authorized Users, or any abuse of access of access rights by any users of the System in accordance with the incorporated Business Associate Agreement, and shall cooperate with the other party in investigating the incident and shall take such action to mitigate any breach or suspected breach.
c. Participant, on an annual basis, may request from CyncHealth copies of CyncHealth’s most recent HITRUST and SOC2 security certifications to fulfill Participant security assessment obligations.
Privacy and Security Safeguards. (a) Participant and IHIN shall implement and maintain reasonable and appropriate administrative, physical and technical safeguards to protect the confidentiality, privacy, security, integrity and availability of electronic health information accessible through IHIN, to protect it against reasonably anticipated threats or hazards, and to prevent its use or disclosure otherwise than as permitted by this Agreement or required by law. To that end, each Participant and IHIN shall:
(i) provide for appropriate identification and authentication of their Authorized Users and IHIN’s Authorized Personnel, respectively;
(ii) provide appropriate access authorization;
(iii) guard against unauthorized access to or use of health information; and
(iv) provide appropriate security audit controls and documentation. Such safeguards shall comply with HIPAA, all applicable federal, state, and local requirements, and IHIN Policies and Standards.
(b) Participant and IHIN shall each maintain reasonable and appropriate security practices, in accordance with the minimum standards and guidelines in the IHIN Security Policies established by the IHIN, with regard to all personnel, systems, physical and administrative processes used by each party to transmit, store and process electronic health information through the use of IHIN. Participant and the IHIN each shall be responsible for establishing and maintaining their respective security management procedures, security incident procedures, contingency plans, audit procedures, facility access controls, workstation use controls and security, device and media controls, authentication procedures, and security policies and procedures to protect electronic health information accessible through IHIN.
(c) Participant shall notify IHIN within five (5) days of Participant’s receipt of any adverse audit findings related to Participant’s participation in IHIN and the resolution of such findings. Participant shall notify IHIN of any Security Incident relating to IHIN interface or connection of which Participant becomes aware, or any unauthorized use or disclosure of information within or obtained from IHIN within five (5) days, and shall cooperate with IHIN in investigating the incident and shall take such action to mitigate any breach or suspected breach. IHIN shall notify Participant of any Security Incident relating to the Participant's shared PHI of which IHIN becomes aware, or any unauthorized use or disclosure of Participant's PHI within, or ...
Privacy and Security Safeguards a. Each Participant will use and maintain appropriate administrative, technical and physical safeguards to protect the confidentiality, integrity, and availability of information and to prevent the use or disclosure of any Protected Information received from or on behalf of another Participant other than as permitted or required by federal or State law and this Agreement. To that end, each Participant shall: (i) provide for appropriate identification and authentication of Authorized Users; (ii) provide appropriate access authorization; (iii) guard against unauthorized access to Protected Information; and (iv) provide appropriate security audit controls and documentation.
b. A Participant shall apply appropriate sanctions against any person, subject to the Participant’s privacy and security policies and procedures, who fails to comply with such policies and procedures. The type and severity of sanctions applied shall be in accordance with the Participant’s privacy and security policies and procedures. Participants shall make employees, agents, and contractors aware that certain violations may result in notification by a Participant to law enforcement officials as well as regulatory, accreditation and licensure organizations.
c. A Participant shall require that its agents, assigns, and affiliates, including without limitation subcontractors, to whom Protected Information is provided under this Agreement, agree to the same restrictions and conditions that apply to the Participant with respect to such information including, without limitation, those set forth in Section 8 below.
d. A Participant may, at its discretion, deny access to any person, including without limitation any Participant or Authorized User, it reasonably believes has accessed, used, or disclosed Protected Information other than as permitted under this Agreement.
e. The Participants agree and acknowledge that a minimum standard of privacy and security is required to protect the Protected Information regardless of legal obligations of a Participant. As such, regardless of whether or not a Participant is a “covered entity” or “business associate” as defined under HIPAA, each shall comply with the requirements of HIPAA as though each were a covered entity under HIPAA except to the extent that a Participant is a business associate and complies with the requirements of a valid business associate agreement.
Privacy and Security Safeguards. Licensor shall use appropriate safeguards to prevent access, use or disclosure of the PHI other than as provided for or permitted under this Agreement and comply with all state and federal laws governing the protection of the confidentiality of PHI, including without limitation the sections of the HIPAA Privacy and Security Rules and the HITECH Act that apply directly to Business Associates. Specifically, Licensor shall implement administrative, physical, and technical safeguards in accordance with the HIPAA Security Rule that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI that Licensor accesses, maintains, or transmits on behalf of Licensee.
Privacy and Security Safeguards. (i) The Managed Service Provider shall implement reasonable and appropriate measures to secure the Purchaser’s data and content against accidental or unlawful loss, access or disclosure.
(ii) If the data is classified as sensitive / confidential / restricted, the Managed Service Provider shall ensure that the data is encrypted as part of a standard security process for sensitive / confidential / restricted content or choose the right cryptographic algorithms evaluating security, performance, and compliance requirements specific to the Purchaser’s application and may choose from multiple key management options approved by the Purchaser.
(iii) The Managed Service Provider shall notify the Purchaser promptly in the event of security incidents or intrusions, or requests from foreign governments / their agencies for access to the data, to enable the Purchaser to manage these events proactively.
(iv) The Managed Service Provider shall not delete any data at the end of the Agreement/Contract (for a maximum of 45 days beyond the expiry of the Agreement) without the express approval of the Purchaser. After the approval to delete the data is accorded by the Purchaser, the Managed Service Provider shall ensure that all the storage blocks or multiple copies of data, if any, are unallocated or zeroed out so that it cannot be recovered. If due to some regulatory reasons, it is required to securely decommission data, the Purchaser can implement data encryption at rest using Purchaser’s managed keys, which are not stored in the Cloud. Then Purchaser may delete the key used to protect the decommissioned data, making it irrecoverable.
(v) The Managed Service Provider shall report to the Purchaser, in writing, of information security breaches by unauthorized persons (including unauthorized persons who are employees of any Party) either to gain access to or interfere with the Project's Data, facilities or Confidential Information.
(vi) The Managed Service Provider shall undertake to treat information passed on to it under this Agreement/Contract as classified. Such Information shall not be communicated / published / advertised by the Managed Service Provider to any person/organization without the express permission of the Purchaser.
(vii) The Managed Service Provider shall not use/process the service attributes and data associated with Cloud and managed services for the purposes beyond the scope of the current project.
Privacy and Security Safeguards a) SI agrees not to publish or disclose in any manner, under any circumstances the details of any security safeguards designed, developed, or implemented by SI under this Agreement or existing at any of the CWC offices.
b) SI agrees to develop procedures and implementation plans to ensure that IT resources (being used during the testing phase or annual maintenance phase) leaving the control of the assigned user (such as being reassigned, removed for repair, replaced, or upgraded) are cleared of all the CWC information, data and sensitive application software.
c) SI understands and agrees to the fact that very sensitive Confidential Information about the CWC and general public will be made available to it, pursuant to the Project. SI agrees not to disclose and/or use such information in any manner whatsoever except for fulfilling its obligations under the Agreement and pursuant to the Project.
d) The System Integrator shall establish and maintain safeguards against the unauthorized access, destruction, loss, or alteration of CWC Data in the possession of the System Integrator or its subcontractors that are no less rigorous than the most rigorous practices of CWC or the System Integrator as of the Effective Date. CWC shall have the right to establish backup security for CWC Data and to keep backup and files for such data in its possession if it chooses. System Integrator personnel and subcontractors will not attempt to access or allow access to CWC Data that is not required for the performance of the Services by such personnel. The System Integrator will promptly notify CWC of any breach or potential breach of security relating to CWC Dataand will investigate and remediate the effects of such breach or potential breach. Each Party's confidential information shall remain the property of that Party. Each Party shall use at least the same degree of care, but no less than a reasonable degree of care, to safeguard the confidential information of the other as it employs with respect to its own information of a similar nature. The System Integrator shall require that its employees, agents, and subcontractors comply with the confidentiality restrictions of the Agreement. In the event of unauthorized disclosure or loss of confidential information, the receiving Party shall immediately notify the furnishing Party in writing. These responsibilities shall survive the expiration or termination of the Agreement.
Privacy and Security Safeguards. OpenAI shall use appropriate safeguards and comply, where applicable, with the HIPAA Security Rule (as codified in 45 C.F.R. §§ 164.302-164.318) with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA.
Privacy and Security Safeguards a. CGMFPFED shall have the sole ownership of and the right to use, all data that may be in possession of the selected Successful bidder or its representative in the course of performing the services under the Agreement that may be entered into. All documents, report, information, data etc. collected and prepared by the Successful bidder in connection with the scope of work submitted to CGMFPFED will be property of the CGMFPFED. The Successful bidder shall not be entitled either directly or indirectly to make use of the documents, reports given by CGMFPFED for carrying out of any services with any third parties. Successful bidder shall not without the prior written consent of CGMFPFED be entitled to publish studies or descriptive article with or without illustrations or data in respect of or in connection with the performance of services".
b. The Successful bidder shall not publish or disclose in any manner, without the CGMFPFED’s prior written consent, the details of any security safeguards designed, developed, or implemented by the Successful bidder under this Agreement or existing at any location of the CGMFPFED. The Successful bidder shall develop procedures and implementation plans to ensure that IT assets leaving the control of CGMFPFED (removed for repair, replaced or upgraded) are cleared of all CGMFPFED’s data and software. The Successful bidder shall also ensure that all subcontractors (if permitted in Agreement) who are involved in providing such security safeguards or part of it shall not publish or disclose in any manner, without the CGMFPFEDs prior written consent, the details of any security safeguards designed, developed or implemented by the Successful bidder under this Agreement or existing at any CGMFPFED’s location.
c. All records of the Successful bidder with respect to any matters covered by this Agreement shall be made available to CGMFPFED or its designees at any time during normal business hours, as often as CGMFPFED deems necessary, to audit, examine, and make excerpts or transcripts of all relevant data.
d. CGMFPFED, including its regulatory authorities, if any, etc., reserves the right to verify, through their officials or such other persons as CGMFPFED may authorise, the progress of the project at the development /customization site of the Successful bidder or where the services are being rendered by the Successful bidder.
e. The CGMFPFED and its authorized representatives, shall have the right to visit any of the Successful bid...