Common use of Administrative Safeguards Clause in Contracts

Administrative Safeguards. On or before September 23, 2013 (the “Compliance Date”), Business Associate shall have (i) implemented policies and procedures to prevent, detect, contain, and correct security violations in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(1)(ii); (ii) identified a security official who is responsible for the development and implementation of the policies and procedures required by 45 C.F.R. Part 164, Subpart C “Security Standards for the Protection of Electronic Protected Health Information” (the “EPHI Security Standards”); (iii) implemented policies and procedures to ensure appropriate access to Covered Entity’s Electronic Protected Health Information by its employees, agents or representatives as provided under 45 C.F.R. § 164.308(a)(4), and to prevent its employees, agents or representatives who should not have access under the standards set forth at 45 C.F.R. § 164.308(a)(4) from obtaining access to Covered Entity’s Electronic Protected Health Information in accordance with the implementation specifications set forth in 45 C.F.R. § 164.308(a)(3)(ii); (iv) implemented policies and procedures for authorizing access to Covered Entity’s Electronic Protected Health Information that is consistent with the requirements of 45 C.F.R. Part 164, Subpart E “Privacy of Individually Identifiable Health Information” in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(4)(ii); (v) implemented a security awareness and training program for all of its employees and agents (including its directors and officers) in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(5)(ii); (vi) implemented policies and procedures to address “Security Incidents” in accordance with the implementation specification set forth at 45 C.F.R. § 164.308(a)(6)(ii); and

Administrative Safeguards. On or before September 23, 2013 (the “Compliance Date”), Business Associate shall have maintain (iA) implemented policies and procedures to prevent, detect, contain, and correct security violations in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(1)(ii); (iiB) identified a security official who is responsible for the development and implementation of the policies and procedures required by 45 C.F.R. Part 164, Subpart C “Security Standards for the Protection of Electronic Protected Health Information” (the “EPHI Security Standards”); (iiiC) implemented policies and procedures to ensure appropriate access to Covered Entity’s Electronic Protected Health Information by its employees, agents or representatives as provided under 45 C.F.R. § 164.308(a)(4), and to prevent its employees, agents or representatives who should not have access under the standards set forth at 45 C.F.R. § 164.308(a)(4) from obtaining access to Covered Entity’s Electronic Protected Health Information in accordance with the implementation specifications set forth in 45 C.F.R. § 164.308(a)(3)(ii); (ivD) implemented policies and procedures for authorizing access to Covered Entity’s Electronic Protected Health Information that is consistent with the requirements of 45 C.F.R. Part 164, Subpart E “Privacy of Individually Identifiable Health Information” in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(4)(ii); (vE) implemented a security awareness and training program for all of its employees and agents (including its directors and officers) in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(5)(ii); (viF) implemented policies and procedures to address “Security Incidents” in accordance with the implementation specification set forth at 45 C.F.R. § 164.308(a)(6)(ii); andand (G) policies and procedures for responding to an emergency or other occurrence, including fire, vandalism, system failure and natural disaster, that damages any system that may contain Electronic Protected Health Information in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(7)(ii). Business Associate will perform periodic technical and nontechnical evaluations in response to any environmental or operational changes affecting the security of Electronic Protected Health Information, and Business Associate will use such evaluations to establish the extent to which Business Associate’s administrative safeguards meet the requirements of the EPHI Security Standards.

Administrative Safeguards. On or before September 23, 2013 (the “Compliance Date”), Business Associate shall have (i) implemented policies and procedures to prevent, detect, contain, and correct security violations in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(1)(ii); (ii) identified a security official who is responsible for the development and implementation of the policies and procedures required by 45 C.F.R. Part 164, Subpart C “Security Standards for the Protection of Electronic Protected Health Information” (the “EPHI Security Standards”); (iii) implemented policies and procedures to ensure appropriate access to Covered Entity’s Electronic Protected Health Information by its employees, agents or representatives as provided under 45 C.F.R. § 164.308(a)(4), and to prevent its employees, agents or representatives who should not have access under the standards set forth at 45 C.F.R. § 164.308(a)(4) from obtaining access to Covered Entity’s Electronic Protected Health Information in accordance with the implementation specifications set forth in 45 C.F.R. § 164.308(a)(3)(ii); (iv) implemented policies and procedures for authorizing access to Covered Entity’s Electronic Protected Health Information that is consistent with the requirements of 45 C.F.R. Part 164, Subpart E “Privacy of Individually Identifiable Health Information” in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(4)(ii); (v) implemented a security awareness and training program for all of its employees and agents (including its directors and officers) in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(5)(ii); (vi) implemented policies and procedures to address “Security Incidents” in accordance with the implementation specification set forth at 45 C.F.R. § 164.308(a)(6)(ii); andand (vii) established (and implemented as needed) policies and procedures for responding to an emergency or other occurrence, including fire, vandalism, system failure and natural disaster, that damages any system that may contain Covered Entity’s Electronic Protected Health Information in accordance with the implementation specifications set forth at 45 C.F.R. § 164.308(a)(7)(ii). Commencing on and after the Compliance Date, Business Associate will perform periodic technical and nontechnical evaluations in response to any environmental or operational changes affecting the security of Covered Entity’s Electronic Protected Health Information , and Business Associate will use such evaluations to establish the extent to which Business Associate’s administrative safeguards meet the requirements of the EPHI Security Standards.