Security and Privacy Practices. Contractor’s IS shall meet the requirements as specified by DVHA. Contractor’s electronic mail encryption software for HIPAA security purposes must be compatible with DVHA’s and with Fiscal Agent email software. Contractor’s IS plans for privacy and security shall include, but not be limited to: a. Administrative procedures and safeguards (45 CFR 164.308); b. Physical safeguards (45 CFR 164.310); and c. Technical safeguards (45 CFR 164.312). Contractor shall make all data available to DVHA and, upon request, to CMS. In accordance with 42 CFR § 438, subpart H, which relates to certifications and program integrity, Contractor shall submit all data, under the signatures of either its VP of Finance or Chief Executive Officer certifying the accuracy, truthfulness and completeness of Contractor’s data. Software and services provided to or purchased by DVHA shall be compatible with the principles and goals contained in the electronic and information accessibility standards adopted under Section 508 of the Federal Rehabilitation Act of 1973 (29 USC 794d). Any deviation from these architecture requirements shall be approved in writing by DVHA in advance. Contractor shall comply with all DVHA Application Security Policies. Any deviation from DVHA policies shall be approved in writing.
Appears in 4 contracts
Sources: Contract for Services, Contract for Services, Service Agreement