Common use of Administrative Standards Clause in Contracts

Administrative Standards. Contractor shall implement the following administrative standards to ensure its compliance with the requirements of this Agreement to protect PHI in accordance with HIPAA and the Privacy Regulations: 1) Contractor shall designate a privacy official who is responsible for the development and implementation of the policies and procedures through which Contractor carries out its responsibilities to protect PHI under this Agreement. 2) Contractor shall train all members of its workforce engaged in work under this Agreement on the policies and procedures with respect to PHI as necessary and appropriate for them to carry out their functions. Such training shall be documented. 3) Contractor shall use appropriate administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of protected health information to prevent use or disclosure of PHI in violation of the requirements of this Agreement, or federal or State law. 4) With respect to any protected health information that is transmitted by electronic media, or maintained in electronic media, Contractor shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of such electronic protected health information that it creates, receives, maintains, or transmits on behalf of the covered entity, and ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect such electronic protected health information, and report to HHS any security incident concerning such electronic protected health information of which it becomes aware at any time. 5) Contractor shall provide a process for individuals to make complaints concerning Contractor’s compliance with the requirements of HIPAA and the Privacy Regulations. Contractor shall document all complaints received. Contractor shall not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against an individual for the filing of a complaint. 6) Contractor shall have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures of Contractor related to the protection of PHI and shall document the sanctions that are applied. 7) Contractor shall mitigate, to the extent practicable, any harmful effect that is known to Contractor of a use or disclosure of PHI in violation of its policies and procedures or the requirements of HIPAA and the Privacy Regulations.

Administrative Standards. Contractor shall implement the following administrative standards to ensure its compliance with the requirements of this Agreement to protect PHI in accordance with HIPAA and the Privacy Regulations: 1) Contractor shall designate a privacy official who is responsible for the development and implementation of the policies and procedures through which Contractor carries out its responsibilities to protect PHI under this Agreement. 2) Contractor shall train all members of its workforce engaged in work under this Agreement on the policies and procedures with respect to PHI as necessary and appropriate for them to carry out their functions. Such training shall be documented.and 3) Contractor shall use appropriate administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of protected health information to prevent use or disclosure of PHI in violation of the requirements of this Agreement, or federal or State law. 4) With respect to any protected health information that is transmitted by electronic media, or maintained in electronic media, Contractor shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of such electronic protected health information that it creates, receives, maintains, or transmits on behalf of the covered entity, and ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect such electronic protected health information, and report to HHS any security incident concerning such electronic protected health information of which it becomes aware at any time. 5) Contractor shall provide a process for individuals to make complaints concerning Contractor’s compliance with the requirements of HIPAA and the Privacy Regulations. Contractor shall document all complaints received. Contractor shall not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against an individual for the filing of a complaint. 6) Contractor shall have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures of Contractor related to the protection of PHI and shall document the sanctions that are applied. 7) Contractor shall mitigate, to the extent practicable, any harmful effect that is known to Contractor of a use or disclosure of PHI in violation of its policies and procedures or the requirements of HIPAA and the Privacy Regulations.