Security of Electronic Protected Health Information. (a) Vendor will establish and maintain appropriate administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic Protected Health Information. Vendor will follow generally accepted system security principles and the requirements of the final HIPAA rule pertaining to the security of health information ("the Security Rule", published at 45 CFR Parts 160 - 164). (b) Vendor will ensure that any agent, including a subcontractor, to whom it provides electronic Protected Health Information agrees to implement reasonable and appropriate safeguards to protect that information. (c) Vendor will report any security incident of which it becomes aware to County. For purposes of this Agreement, a “security incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations. This does not include trivial incidents that occur on a daily basis, such as scans, “pings”, or unsuccessful attempts to penetrate computer networks or servers maintained by Vendor.
Appears in 2 contracts
Sources: Master Services Agreement for It Services, Master Services Agreement for It Services