Security and Privacy Obligations Sample Clauses

The Security and Privacy Obligations clause establishes the responsibilities of parties to protect sensitive information and ensure compliance with applicable data protection laws. It typically requires implementing appropriate technical and organizational measures to safeguard personal data, restricts unauthorized access, and may mandate prompt notification in the event of a data breach. This clause is essential for minimizing the risk of data misuse or loss, ensuring legal compliance, and maintaining trust between the parties.
Security and Privacy Obligations a. The Organization agrees to reasonably assist Hoag in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. Organization will direct Users to complete the required Data Access & Acceptable Use Agreement for Non-Hoag Workforce Members summarizing their responsibilities and be familiar with applicable Hoag policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag policies shall only apply to the extent Users are accessing Systems. ▇. ▇▇▇▇ will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag rules and policies governing privacy and security as provided by Hoag. ▇. ▇▇▇▇ reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Hoag, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. Organization agrees to notify the abo...
View SourceView Similar (3)
Security and Privacy Obligations a. The Organization agrees to reasonably assist Providence in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Providence Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required Request for Access and Non-Employee Confidentiality/ Non-Disclosure/ Acceptable Use Agreement summarizing their responsibilities and be familiar with applicable Providence policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Providence policies shall only apply to the extent Users are accessing Systems. d. Providence will provide an initial password and login for each unique User. Access to Systems will be granted according to Providence policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Providence rules and policies governing privacy and security as provide...
View SourceView Similar (2)
Security and Privacy Obligations a. Rock represents, warrants and covenants that it has, and agrees to maintain, an information security program containing appropriate measures to protect all the data that it receives and/or stores in connection with this Agreement and performing the Services, including, without limitation, Customer information, Personal Information and any data provided by Vroom hereunder, against accidental or unlawful destruction, alteration, unauthorized disclosure or access consistent with applicable laws and in conformity with data processing industry standards and all applicable laws, rules and regulations. In addition, Rock shall implement and maintain physical, logical, administrative, managerial and technical safeguards, controls and measures in accordance with industry standards, relative to the sensitivity of the data involved. b. Without limiting the foregoing, the Parties acknowledge and agree that Rock is a service provider for the purposes of the CCPA. Rock certifies that it understands the rules, restrictions, requirements and definitions of the CCPA and agrees to refrain from taking any action that would cause any transfers of Personal Information to or from Rock to qualify as a sale of Personal Information under the CCPA. Rock acknowledges and confirms that it does not receive any Personal Information from Vroom as consideration for any services or other items provided to Vroom. Rock shall not sell any such Personal Information. Rock shall not retain, use or disclose any Personal Information provided by Vroom or otherwise received by Rock pursuant to the Services, except as necessary for the specific purpose of performing the Services for Vroom pursuant to this Agreement or otherwise as set forth in this Agreement or as permitted by the CCPA. Rock shall assist Vroom with any requests received from individuals under the CCPA or other similar data protection laws and shall, pursuant to Section 10 hereof, defend, indemnify and hold Vroom harmless from any claims relating to Rock’s breach of the foregoing or applicable data protection laws. The terms “sale,” and “sell” are as defined in Section 1798.140 of the CCPA. c. Rock represents, warrants and covenants that it has implemented a mature information security management program that incorporates the key elements and protections of a mature industry IS framework such as ISO 27000, COBIT, BITS, NIST, etc. Without limiting the foregoing, Rock represents, warrants and covenants that it is responsible for meet...
View Source
Security and Privacy Obligations a. The Organization agrees to reasonably assist Swedish in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Swedish Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required HIM Managed Epic Access Request form. User Access will not be granted until the User completes the required form. d. Swedish will provide access information for each unique User. Access to Systems will be granted according to Swedish policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Swedish rules and policies governing privacy and security as provided by Swedish. f. Swedish reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Swedish, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or Us...
View Source
Security and Privacy Obligations. Master Subscription Agreement - Domestic 3 Last revised on: 10/16/18
View Source
Security and Privacy Obligations 
View SourceView Similar (16)

Related to Security and Privacy Obligations

  • Security and Privacy Security and privacy policies for the Genesys Cloud Service addressing use of Customer Data, which are incorporated by reference and may be updated from time to time in accordance with Section 10.12 of the Agreement, are located at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/articles/purecloud-security-compliance/.

  • Data Security and Privacy Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between Chazy Central Rural School District and [Name of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Other Security and Guaranties The Agent, may, without notice or demand and without affecting the Borrower's obligations hereunder, from time to time: (a) take from any Person and hold collateral (other than the Collateral) for the payment of all or any part of the Obligations and exchange, enforce or release such collateral or any part thereof; and (b) accept and hold any endorsement or guaranty of payment of all or any part of the Obligations and release or substitute any such endorser or guarantor, or any Person who has given any Lien in any other collateral as security for the payment of all or any part of the Obligations, or any other Person in any way obligated to pay all or any part of the Obligations.

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended. 13 A. DEFINITIONS