Common use of SERVICES AND RESPONSIBILITIES Clause in Contracts

SERVICES AND RESPONSIBILITIES. A. ENTITY will be responsible for complying with all requirements described in this Paragraph 3.A. By signing the MOU, ENTITY certifies, warrants, and represents its compliance with these requirements. ENTITY shall immediately notify STATE if, at any point during the Term, ENTITY fails to comply or is unable to maintain compliance with any requirement described in this Paragraph 3.A. i. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(i), which prohibits ENTITY from using or disclosing CURES data received from the CURES database except for either of the following purposes, unless authorized by, or pursuant to, state and federal privacy and security laws and regulations: a. Delivering the CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. b. Performing data processing activities that may be necessary to enable the delivery of CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. ii. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(ii), which contains two distinct requirements. a. The HIT system is required to authenticate the identity of an authorized health care practitioner or pharmacist making a query to the CURES database, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. b. The HIT system is required to submit all of the following data regarding the query to the CURES Information Exchange Web Service at the time of the query: 1. The date of the query. 2. The time of the query. 3. The first and last name of the patient queried. 4. The date of birth of the patient queried. 5. The identification of the authorized health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. iii. Ensuring compliance of its HIT system with the format standards specified in the most current CURES Information Exchange Web Service Implementation Guide, which may be periodically updated by STATE, located on the CURES web page at ▇▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇. iv. Certifying that ENTITY is either a “covered entity” or “business associate,” as such terms are defined in the federal Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 17931 et seq., and its implementing regulations found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations, with respect to any CURES data its HIT system receives from STATE through the CURES Information Exchange Web Service. v. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iii), which requires the HIT system to meet applicable patient privacy and information security requirements of state and federal law, including, but not limited to, the regulations promulgated pursuant to the federal Health Insurance Portability and Accountability Act of 1996 found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations. vi. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iv), which, as a condition precedent to system integration, requires ENTITY to enter into and maintain an active MOU with STATE that addresses the technical specifications of the HIT system to ensure the security of the CURES data in the CURES database and the secure transfer of CURES data from the CURES database. vii. Timely payment of fees, as provided in EXHIBIT D, associated with establishing and maintaining integration with the CURES database pursuant to Health and Safety Code section 11165.1(a)(1)(H). viii. Compliance with all terms, provisions, and exhibits of this MOU. B. STATE will be responsible for complying with all requirements described in this Paragraph 3.B. i. Verifying that health care practitioners and pharmacists who submit queries to the CURES database through a HIT system, or on whose behalf a HIT system submits queries, are authorized or approved CURES users. As used herein, the terms “authorized” or “approved,” when used to describe health care practitioners, pharmacists, or subscribers, shall mean those health care practitioners or pharmacists who have submitted an application to and been approved by the Department of Justice for access to CURES data pursuant to Health and Safety Code section 11165.1(a)(1)(A). ii. Prohibiting, suspending, or terminating integration with an ENTITY and its respective HIT system(s) if at any time during this MOU such ENTITY (including any officer, employee or agent of ENTITY) fails to meet the requirements of Paragraph 3.A of this MOU. iii. Transmitting CURES data to ENTITY in a manner consistent with EXHIBIT C.

SERVICES AND RESPONSIBILITIES. A. ENTITY will be responsible for complying with all requirements described in this Paragraph 3.A. By signing the MOU, ENTITY certifies, warrants, and represents its compliance with these requirements. ENTITY shall immediately notify STATE if, at any point during the Term, ENTITY fails to comply or is unable to maintain compliance with any requirement described in this Paragraph 3.A. i. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(i), which prohibits ENTITY from using or disclosing CURES data received from the CURES database except for either of the following purposes, unless authorized by, or pursuant to, state and federal privacy and security laws and regulations: a. Delivering the CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. b. Performing data processing activities that may be necessary to enable the delivery of CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. ii. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(ii), which contains two distinct requirements. a. The HIT system is required to authenticate the identity of an authorized health care practitioner or pharmacist making a query to the CURES database, or on whose behalf the HIT system is making the query. This is a requirement that the HIT system operated by ENTITY verify the identification of the health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. b. The HIT system is required to submit all of the following data regarding the query to the CURES Information Exchange Web Service at the time of the query: 1. The date of the query. 2. The time of the query. 3. The first and last name of the patient queried. 4. The date of birth of the patient queried. 5. The identification of the authorized health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. iii. Ensuring compliance of its HIT system with the format standards specified in the most current CURES Information Exchange Web Service Implementation Guide, which may be periodically updated by STATE, located on the CURES web page at ▇▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇. iv. Certifying that ENTITY is either a “covered entity” or “business associate,” as such terms are defined in the federal Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 17931 et seq., and its implementing regulations found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations, with respect to any CURES data its HIT system receives from STATE through the CURES Information Exchange Web Service. v. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iii), which requires the HIT system to meet applicable patient privacy and information security requirements of state and federal law, including, but not limited to, the regulations promulgated pursuant to the federal Health Insurance Portability and Accountability Act of 1996 found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations. vi. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iv), which, as a condition precedent to system integration, requires ENTITY to enter into and maintain an active MOU with STATE that addresses the technical specifications of the HIT system to ensure the security of the CURES data in the CURES database and the secure transfer of CURES data from the CURES database. vii. Timely payment of fees, as provided in EXHIBIT D, associated with establishing and maintaining integration with the CURES database pursuant to Health and Safety Code section 11165.1(a)(1)(H). viii. Compliance with all terms, provisions, and exhibits of this MOU. B. STATE will be responsible for complying with all requirements described in this Paragraph 3.B. i. Verifying that health care practitioners and pharmacists who submit queries to the CURES database through a HIT system, or on whose behalf a HIT system submits queries, are authorized or approved CURES users. As used herein, the terms “authorized” or “approved,” when used to describe health care practitioners, pharmacists, or subscribers, shall mean those health care practitioners or pharmacists who have submitted an application to and been approved by the Department of Justice for access to CURES data pursuant to Health and Safety Code section 11165.1(a)(1)(A). ii. Prohibiting, suspending, or terminating integration with an ENTITY and its respective HIT system(s) if at any time during this MOU such ENTITY (including any officer, employee or agent of ENTITY) fails to meet the requirements of Paragraph 3.A of this MOU. iii. Transmitting CURES data to ENTITY in a manner consistent with EXHIBIT C.

SERVICES AND RESPONSIBILITIES. A. ENTITY will be responsible for complying with all requirements described in this Paragraph 3.A. By signing the MOU, ENTITY certifies, warrants, and represents its compliance with these requirements. ENTITY shall immediately notify STATE if, at any point during the Term, ENTITY fails to comply or is unable to maintain compliance with any requirement described in this Paragraph 3.A. i. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(i11165(a)(1)(E)(i), which prohibits ENTITY from using or disclosing CURES data received from the CURES database except for either of any purpose other than delivering the following purposes, CURES data to an approved health care practitioner or pharmacist or performing data processing activities that may be necessary to enable the delivery unless authorized by, or and pursuant to, state and federal privacy and security laws and regulations: a. Delivering the CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. b. Performing data processing activities that may be necessary to enable the delivery of CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. ii. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(ii11165(a)(1)(E)(ii), which contains two distinct requirements. a. The HIT system is required to authenticate the identity of an authorized health care practitioner or pharmacist making a query initiating queries to the CURES database, or on whose behalf . This is a requirement that the HIT system is making operated by ENTITY verify the query. The identification of the health care practitioner or pharmacist making initiating the query, or on whose behalf the HIT system is making initiating the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. b. The HIT system is required to submit all of the following data regarding the query to the CURES Information Exchange Web Service at the time of the query: 1. : • The date of the query. 2. • The time of the query. 3. • The first and last name of the patient queried. 4. • The date of birth of the patient queried. 5. • The identification of the authorized health care practitioner or pharmacist making for whom the query, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. iii. Ensuring compliance of its HIT system with the format standards specified in the most current Submitting to CURES Information Exchange Web Service Implementation Guide, which may be periodically updated by STATE, located on the CURES web page at ▇▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇. iv. Certifying that ENTITY is either a “covered entity” or “business associate,” as such terms are defined in the federal Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 17931 et seq., and its implementing regulations found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations, with respect to any CURES data its HIT system receives from STATE through the CURES Information Exchange Web Service. v. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iii), which requires the HIT system to meet applicable patient privacy and information security requirements of state and federal law, including, but not limited to, the regulations promulgated pursuant to the federal Health Insurance Portability and Accountability Act of 1996 found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations. vi. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iv), which, as a condition precedent to system integration, requires ENTITY to enter into and maintain an active MOU with STATE that addresses the technical specifications of the HIT system to ensure the security notification confirming receipt of the CURES data in by the CURES database and the secure transfer of CURES data from the CURES database. vii. Timely payment of fees, as provided in EXHIBIT D, associated with establishing and maintaining integration with the CURES database pursuant to Health and Safety Code section 11165.1(a)(1)(H). viii. Compliance with all terms, provisions, and exhibits of this MOU. B. STATE will be responsible for complying with all requirements described in this Paragraph 3.B. i. Verifying that health care practitioners and pharmacists who submit queries to the CURES database through a HIT system, practitioner or on whose behalf a HIT system submits queries, are authorized or approved CURES users. As used herein, the terms “authorized” or “approved,” when used to describe health care practitioners, pharmacists, or subscribers, shall mean those health care practitioners or pharmacists who have submitted an application to and been approved by the Department of Justice for access to CURES data pursuant to Health and Safety Code section 11165.1(a)(1)(A).pharmacist identified in Paragraph 3.A. ii. ProhibitingFor purposes of complying with this requirement, suspendingthere can only be one health care practitioner or pharmacist identified with each query, or terminating integration with an ENTITY and its respective HIT system(s) if at any time during this MOU such ENTITY (including any officer, employee or agent of ENTITY) fails to meet the requirements of Paragraph 3.A of this MOU. iii. Transmitting CURES data to ENTITY in a manner consistent with EXHIBIT C.submissions required by Paragraph

SERVICES AND RESPONSIBILITIES. A. ENTITY will be responsible for complying with all requirements described in this Paragraph 3.A. By signing the MOU, ENTITY certifies, warrants, and represents its compliance with these requirements. ENTITY shall immediately notify STATE if, at any point during the Term, ENTITY fails to comply or is unable to maintain compliance with any requirement described in this Paragraph 3.A. i. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(i11165(a)(1)(E)(i), which prohibits ENTITY from using or disclosing CURES data received from the CURES database except for either of the following purposes, unless authorized by, or pursuant to, state and federal privacy and security laws and regulations: a. Delivering the CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. b. Performing data processing activities that may be necessary to enable the delivery of CURES data to the approved health care practitioner or pharmacist identified in Paragraph 3.A.ii.b, who made the request, or on whose behalf the HIT system made the request, to the CURES Information Exchange Web Service. ii. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(ii11165(a)(1)(E)(ii), which contains two distinct requirements. a. The HIT system is required to authenticate the identity of an authorized health care practitioner or pharmacist making a query to the CURES database, or on whose behalf the HIT system is making the query. This is a requirement that the HIT system operated by ENTITY verify the identification of the health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. b. The HIT system is required to submit all of the following data regarding the query to the CURES Information Exchange Web Service at the time of the query: 1. The date of the query. 2. The time of the query. 3. The first and last name of the patient queried. 4. The date of birth of the patient queried. 5. The identification of the authorized health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query. The health care practitioner or pharmacist making the query, or on whose behalf the HIT system is making the query, must be the intended recipient of that data. For purposes of complying with this requirement, there can only be one health care practitioner or pharmacist identified with each query. iii. Ensuring compliance of its HIT system Submitting a view notification, in accordance with the format standards specified in the most current CURES Information Exchange Web Service Implementation Guiderequirements of this paragraph, which may be periodically updated by STATE, located on the CURES web page at ▇▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇. iv. Certifying that ENTITY is either a “covered entity” or “business associate,” as such terms are defined in the federal Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 17931 et seq., and its implementing regulations found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations, with respect to any CURES data its HIT system receives from STATE through the CURES Information Exchange Web Service. v. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iii), which requires the HIT system to meet applicable patient privacy and information security requirements of state and federal law, including, but not limited to, the regulations promulgated pursuant to the federal Health Insurance Portability and Accountability Act of 1996 found in Parts 160 and 164 of Title 45 of the Code of Federal Regulations. vi. Certifying compliance, and maintaining compliance throughout the duration of this MOU, with Health and Safety Code section 11165.1(a)(1)(E)(iv), which, as a condition precedent to system integration, requires ENTITY to enter into and maintain an active MOU with STATE that addresses the technical specifications of the HIT system to ensure the security of the CURES data in the CURES database and the secure transfer of CURES data from the CURES database. vii. Timely payment of fees, as provided in EXHIBIT D, associated with establishing and maintaining integration with the CURES database pursuant to Health and Safety Code section 11165.1(a)(1)(H). viii. Compliance with all terms, provisions, and exhibits of this MOU. B. STATE will be responsible for complying with all requirements described in this Paragraph 3.B. i. Verifying that health care practitioners and pharmacists who submit queries to the CURES database through a HIT system, or on whose behalf a HIT system submits queries, are authorized or approved CURES users. As used herein, the terms “authorized” or “approved,” when used to describe health care practitioners, pharmacists, or subscribers, shall mean those health care practitioners or pharmacists who have submitted an application to and been approved by the Department of Justice for access to CURES data pursuant to Health and Safety Code section 11165.1(a)(1)(A). ii. Prohibiting, suspending, or terminating integration with an ENTITY and its respective HIT system(s) if at any time during this MOU such ENTITY (including any officer, employee or agent of ENTITY) fails to meet the requirements of Paragraph 3.A of this MOU. iii. Transmitting CURES data to ENTITY in a manner consistent with EXHIBIT C.