Security of Covered Entity’s Electronic Protected Health Information Sample Clauses

This clause establishes the obligation of a party to protect the electronic protected health information (ePHI) of the covered entity. It typically requires implementing administrative, physical, and technical safeguards to prevent unauthorized access, use, or disclosure of ePHI, such as using encryption, secure passwords, and access controls. The core function of this clause is to ensure compliance with privacy regulations like HIPAA and to mitigate the risk of data breaches or unauthorized disclosures.
Security of Covered Entity’s Electronic Protected Health Information. Business Associate will develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that Business Associate creates, receives, maintains, or transmits on Covered Entity’s behalf as required by the Security Rule.
View SourceView Similar (12)
Security of Covered Entity’s Electronic Protected Health Information. Business Associate will comply with the Security Rule and will use appropriate administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that Business Associate creates, receives, maintains, or transmits on Covered Entity's behalf. Contractor will review its data security policies and procedures regularly, but no less frequently than annually, and will update and maintain policies, procedures, and practices to comply with applicable laws, regulations, technology changes, and industry best practices. Specifically, Contractor’s data security policies and procedures will contain administrative, technical, and physical safeguards, including without limitation: (A) access controls on electronic systems used to store, maintain, access, or transmit PHI; (B) access restrictions at physical locations containing PHI; (C) encryption of electronic PHI; (D) dual control procedures; (E) testing and monitoring of electronic systems; and (F) procedures to detect actual and attempted attacks or intrusions into the systems containing or accessing PHI.
View Source

Related to Security of Covered Entity’s Electronic Protected Health Information

  • Electronic Protected Health Information “Electronic Protected Health Information” means individually identifiable health information that is transmitted by or maintained in electronic media.

  • ACCESS TO PROTECTED HEALTH INFORMATION 7.1 To the extent Covered Entity determines that Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within two (2) business days after receipt of a request from Covered Entity, make the Protected Health Information specified by Covered Entity available to the Individual(s) identified by Covered Entity as being entitled to access and shall provide such Individuals(s) or other person(s) designated by Covered Entity with a copy the specified Protected Health Information, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.524. 7.2 If any Individual requests access to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate shall notify Covered Entity in writing within two (2) days of the receipt of the request. Whether access shall be provided or denied shall be determined by Covered Entity. 7.3 To the extent that Business Associate maintains Protected Health Information that is subject to access as set forth above in one or more Designated Record Sets electronically and if the Individual requests an electronic copy of such information, Business Associate shall provide the Individual with access to the Protected Health Information in the electronic form and format requested by the Individual, if it is readily producible in such form and format; or, if not, in a readable electronic form and format as agreed to by Covered Entity and the Individual.

  • Amendment of Protected Health Information 8.1 To the extent Covered Entity determines that any Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within ten (10) business days after receipt of a written request from Covered Entity, make any amendments to such Protected Health Information that are requested by Covered Entity, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.526. 8.2 If any Individual requests an amendment to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate shall notify Covered Entity in writing within five (5) days of the receipt of the request. Whether an amendment shall be granted or denied shall be determined by Covered Entity.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

  • Protected Health Information or PHI shall have the same meaning as the term “protected health information” in 45 CFR Sect. 164.501 of the Privacy Rule, to the extent such information is created or received by Data Recipient from Covered Entity.