Qbtech’s obligations. 6.3.1 Qbtech shall take the appropriate administrative, technical, and physical safeguards that are appropriate under applicable federal and state law (including HIPAA) in light of the information it receives, and consistent with the Security Rule will implement reasonable and appropriate administrative, technical and physical safeguards with respect to electronic PHI, in order to assist the Customer to protect the Personal Data. This entails, among other things, that Qbtech shall attain and maintain a very high and reliable level of security taking into consideration, among other factors, existing technical solutions, the cost of implementing such solutions, the specific risks associated with the processing of the Personal Data and the degree of sensitivity of the Personal Data. 6.3.2 In the event that the Customer inadvertently includes personal identifiers in the Personal Data that it provides to Qbtech, or otherwise discloses to Qbtech PHI from which all direct identifiers of the patient (except Patient ID) have not been removed, Qbtech shall inform Customer that it has received such information and shall promptly return or destroy the information. 6.3.3 Qbtech shall process the Personal Data in accordance with the Customer’s instructions as applicable from time to time. Subject to Section 6.5, Qbtech shall not be entitled to process Personal Data for any purpose or in any manner other than is necessary to perform obligations pursuant to this Agreement. Subject to Section 6.7, Qbtech shall not be entitled to disclose to any third party or otherwise utilize Personal Data without the consent of the Customer and/or the Patients (as applicable).
Appears in 2 contracts
Sources: Customer Agreement, Customer Agreement