Common use of Privacy and Security Safeguards Clause in Contracts

Privacy and Security Safeguards. a. Each Participant will use and maintain appropriate administrative, technical and physical safeguards to protect the confidentiality, integrity, and availability of information and to prevent the use or disclosure of any Protected Information received from or on behalf of another Participant other than as permitted or required by federal or State law and this Agreement. To that end, each Participant shall: (i) provide for appropriate identification and authentication of Authorized Users; (ii) provide appropriate access authorization; (iii) guard against unauthorized access to Protected Information; and (iv) provide appropriate security audit controls and documentation. b. A Participant shall apply appropriate sanctions against any person, subject to the Participant’s privacy and security policies and procedures, who fails to comply with such policies and procedures. The type and severity of sanctions applied shall be in accordance with the Participant’s privacy and security policies and procedures. Participants shall make employees, agents, and contractors aware that certain violations may result in notification by a Participant to law enforcement officials as well as regulatory, accreditation and licensure organizations. c. A Participant shall require that its agents, assigns, and affiliates, including without limitation subcontractors, to whom Protected Information is provided under this Agreement, agree to the same restrictions and conditions that apply to the Participant with respect to such information including, without limitation, those set forth in Section 8 below. d. A Participant may, at its discretion, deny access to any person, including without limitation any Participant or Authorized User, it reasonably believes has accessed, used, or disclosed Protected Information other than as permitted under this Agreement. e. The Participants agree and acknowledge that a minimum standard of privacy and security is required to protect the Protected Information regardless of legal obligations of a Participant. As such, regardless of whether or not a Participant is a “covered entity” or “business associate” as defined under HIPAA, each shall comply with the requirements of HIPAA as though each were a covered entity under HIPAA except to the extent that a Participant is a business associate and complies with the requirements of a valid business associate agreement.

Privacy and Security Safeguards. a. Each Participant will use and maintain appropriate administrative, technical and physical safeguards to protect the confidentiality, integrity, and availability of information and to prevent the use or disclosure of any Protected Information received from or on behalf of another Participant other than as permitted or required by federal or State law and this Agreement. To that end, each Participant shall: (i) provide for appropriate identification and authentication of Authorized Users; (ii) provide appropriate access authorization; (iii) guard against unauthorized access to Protected Information; and (iv) provide appropriate security audit controls and documentation. b. . A Participant shall apply appropriate sanctions against any person, subject to the Participant’s privacy and security policies and procedures, who fails to comply with such policies and procedures. The type and severity of sanctions applied shall be in accordance with the Participant’s privacy and security policies and procedures. Participants shall make employees, agents, and contractors aware that certain violations may result in notification by a Participant to law enforcement officials as well as regulatory, accreditation and licensure organizations. c. . A Participant shall require that its agents, assigns, and affiliates, including without limitation subcontractors, to whom Protected Information is provided under this Agreement, agree to the same restrictions and conditions that apply to the Participant with respect to such information including, without limitation, those set forth in Section 8 below. d. . A Participant may, at its discretion, deny access to any person, including without limitation any Participant or Authorized User, it reasonably believes has accessed, used, or disclosed Protected Information other than as permitted under this Agreement. e. . The Participants agree and acknowledge that a minimum standard of privacy and security is required to protect the Protected Information regardless of legal obligations of a Participant. As such, regardless of whether or not a Participant is a “covered entity” or “business associate” as defined under HIPAA, each shall comply with the requirements of HIPAA as though each were a covered entity under HIPAA except to the extent that a Participant is a business associate and complies with the requirements of a valid business associate agreement.