Common use of Privacy and Security Safeguards Clause in Contracts

Privacy and Security Safeguards. a. Participant and CyncHealth shall implement and maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, privacy, security, integrity and availability of Electronic Health Information accessible through the System, to protect it against reasonably anticipated threats or hazards, and to prevent its use or disclosure otherwise than as permitted by this Agreement or required by law. Such safeguards shall comply with all Applicable Law and CyncHealth Governing Principals and Policies. b. Each party shall notify the other of any Security Incident relating to the System of which either Party becomes aware, any unauthorized use or disclosure of information within or obtained from the System, any inappropriate grant of access or assignment of access rights to Participant’s Authorized Users, or any abuse of access of access rights by any users of the System in accordance with the incorporated Business Associate Agreement, and shall cooperate with the other party in investigating the incident and shall take such action to mitigate any breach or suspected breach. c. Participant, on an annual basis, may request from CyncHealth copies of CyncHealth’s most recent HITRUST and SOC2 security certifications to fulfill Participant security assessment obligations.

Privacy and Security Safeguards. a. Participant and CyncHealth shall implement and maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, privacy, security, integrity and availability of Electronic Health Information accessible through the System, to protect it against reasonably anticipated threats or hazards, and to prevent its use or disclosure otherwise than as permitted by this Agreement or required by law. Such safeguards shall comply with all Applicable Law and CyncHealth Governing Principals Principles and Policies. b. Each party shall notify the other of any Security Incident relating to the System of which either Party becomes aware, any unauthorized use or disclosure of information within or obtained from the System, any inappropriate grant of access or assignment of access rights to Participant’s Authorized Users, or any abuse of access of access rights by any users of the System in accordance with the incorporated Business Associate Agreement, and shall cooperate with the other party in investigating the incident and shall take such action to mitigate any breach or suspected breach. c. Participant, on an annual basis, may request from CyncHealth copies of CyncHealth’s most recent HITRUST and SOC2 security certifications to fulfill Participant security assessment obligations.