Common use of Security Rule Requirements Clause in Contracts

Security Rule Requirements. Business Associate shall implement Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity as required by the Security Rule. Additionally, Business Associate shall comply with the security and privacy requirements described in the attached Data Use, Security and Confidentiality Addendum and the Security & Privacy Addendum. Not more than once per calendar year, Business Associate shall within ten (10) days after request from Covered Entity truthfully complete and duly execute the Annual Attestation that is attached hereto or, alternatively, notify Covered Entity in writing of any facts or events that would render untrue any statement within the Annual Attestation. Business Associate shall document policies and procedures that implement the foregoing requirements and shall, upon request, provide them to Covered Entity, who may further disclose them to any governmental entity with regulatory oversight over Covered Entity. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or the HIPAA Authorities of which it becomes aware, including any Incident. Accordingly, as also provided in the Report of Improper Use or Disclosure section of this Agreement, Business Associate agrees to report any Incident of which it becomes aware to Covered Entity immediately, but not later than one business day from the day of discovery of the Incident. All reports required of the Business Associate pursuant to this Section shall be provided as specified in the Report of Improper Use or Disclosure section of this Agreement, including the actions and the mitigation steps, if any, taken by Business Associate in response to the Incident(s). Compliance with HIPAA Authorities. Requirements of the HIPAA Authorities that are made applicable with respect to business associates, or any other provision required to be included in this Agreement pursuant to the HIPAA Authorities, are incorporated into this Agreement by this reference.

Security Rule Requirements. Business Associate shall implement Administrative, Physical, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity as required by the Security Rule. Additionally, Business Associate shall comply with the security and privacy requirements Security & Privacy Requirements described in the attached Data Use, Security and Confidentiality Addendum and the Security & Privacy Addendum. Not more than once per calendar year, Business Associate shall within ten (10) days after request from Covered Entity truthfully complete and duly execute the Annual Attestation that is attached hereto or, alternatively, notify Covered Entity in writing of any facts or events that would render untrue any statement within the Annual Attestation. Business Associate shall document policies and procedures that implement the foregoing requirements and shall, upon request, provide them to Covered Entity, who may further disclose them to any governmental entity with regulatory oversight over Covered Entity. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or the HIPAA Authorities of which it becomes aware, including any Incident. Accordingly, as also provided in the Report of Improper Use or Disclosure section of this AgreementSection 3.4, Business Associate agrees to report any Incident of which it becomes aware to Covered Entity immediately, but not later than one business day from the same day of discovery of the Incident. All reports required of the Business Associate pursuant to this Section shall be provided as specified in the Report of Improper Use or Disclosure section Section 3.4 of this Agreement, including the actions and the mitigation steps, if any, taken by Business Associate in response to the Incident(s). Compliance with HIPAA Authorities. Requirements of the HIPAA Authorities that are made applicable with respect to business associates, or any other provision required to be included in this Agreement pursuant to the HIPAA Authorities, are incorporated into this Agreement by this reference.