Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.
Notification of Incidents If Contractor becomes aware of or has reasonable suspicion of a privacy incident or security incident regarding any State data, Contractor must report such incident to the State and the State Chief Information Security Officer as soon as possible, but no later than twenty-four (24) hours after such incident. The decision to notify the affected data subjects and the form of such notice following report of a privacy incident or security incident are the responsibility of the State. Notwithstanding anything to the contrary in this Contract, Contractor will indemnify, hold harmless and defend the State and its officers, and employees for and against any claims, damages, costs and expenses related to any privacy incident or security incident involving any State data. For purposes of clarification, the foregoing sentence shall in no way limit or diminish Contractor’s obligation(s) to indemnify, save, hold harmless, or defend the State under any other term of this Contract. Contractor will reasonably mitigate any harmful effects resulting from any privacy incident or security incident involving any State data.
Obligations and Activities of Business Associate Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
Procedures for Third Party Claims In the case of any claim for indemnification arising from a claim of a third-party other than an Infringement Claim subject to Section 13.3 above (a “Third-Party Claim”), a party seeking indemnification hereunder (each an “Indemnified Party”) shall give prompt written notice, following such Indemnified Party’s receipt of such claim or demand, to the party from which indemnity is sought (each an “Indemnifying Party”) of any claim or demand of which such Indemnified Party has knowledge and as to which it may request indemnification hereunder; provided, however, that failure to give such notice will not affect such Indemnified Party’s rights hereunder unless, and then solely to the extent that, the rights of the Indemnifying Parties from whom indemnity is sought are prejudiced as a result of such failure. The Indemnifying Party shall have the right (and if it elects to exercise such right, shall do so within twenty (20) days after receiving such notice from the Indemnified Party) to defend and to direct the defense against any such claim or demand, in its name or in the name of the Indemnified Party, as the case may be, at the expense of the Indemnifying Party, and with counsel selected by the Indemnifying Party; provided, that the Indemnifying Party shall be entitled to assume control of the defense of such action only if the Indemnifying Party acknowledges in writing its indemnity obligations and assumes and holds the Indemnified Party harmless from and against all Losses resulting from such Third-Party Claim; and provided further that the Indemnifying Party shall not be entitled to assume control of such defense if (i) the Indemnifying Party shall not have notified the Indemnified Party of its exercise of its right to defend such Third-Party claim within such twenty (20) day period; (ii) such claim or demand seeks an injunction or other equitable relief against the Indemnified Party, (iii) the Indemnified Party shall have reasonably concluded that (x) there is a conflict of interest between the Indemnified Party and the Indemnifying Party in the conduct of the defense of such claim or demand or (y) the Indemnified Party has one or more defenses not available to the Indemnifying Party, (iv) such claim relates to or arises in connection with any criminal proceeding, action, indictment, allegation or investigation, or (v) the appropriate court rules that the Indemnifying Party failed or is failing to vigorously prosecute or defend such Third-Party Claim. Notwithstanding anything in this Agreement to the contrary, the Indemnified Party shall, at the expense of the Indemnifying Party, cooperate with the Indemnifying Party, and keep the Indemnifying Party fully informed, in the defense of such claim or demand. The Indemnified Party shall have the right to participate in the defense of any claim or demand with counsel employed at its own expense; provided, however, that, in the case of any claim or demand described in clause (i) or (ii) of the second preceding sentence or as to which the Indemnifying Party shall not in fact have employed counsel to assume the defense of such claim or demand, the reasonable fees and disbursements of such counsel shall be at the expense of the Indemnifying Party. The Indemnifying Party shall have no indemnification obligations with respect to any such claim or demand which shall be settled by the Indemnified Party without the prior written consent of the Indemnifying Party, which consent shall not be unreasonably withheld, delayed or conditioned. The Indemnifying Party shall not settle any such claim without the prior written consent of the Indemnified Party (which consent shall not be unreasonably withheld, delayed or conditioned if such settlement is accompanied by a document releasing the Indemnified Party from all liability with respect to the matter in controversy that is binding, valid and enforceable against all applicable Parties). Notwithstanding the foregoing, if the Indemnified Party fails to object to the settlement within five (5) Business Days of receipt of a written notice from the Indemnifying Party containing the terms and condition of such settlement, the Indemnified Party shall be deemed to have consented to the settlement.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law. (2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards. (3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity. (4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract. (5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware. (6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. (7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request. (8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity. (9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards. (10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. (11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. (12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule. (13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316. (14) In the event that an Individual requests that the Business Associate (A) restrict disclosures of PHI; (B) provide an accounting of disclosures of the Individual’s PHI; (C) provide a copy of the Individual’s PHI in an Electronic Health Record; or (D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request. (15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without (A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and (B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations. (16) Obligations in the Event of a Breach. (A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract. (B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach. (C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information: 1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed. 2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code). 3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach. 4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches. 5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law. 2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract. 3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY. 4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract. 5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410. 6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information. 7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format. 8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed. 9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule. 10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. 11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. 12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation. 13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors. 14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
CONDUCT OF BUSINESS BY THE FINANCE PARTIES No provision of this Agreement will: (a) interfere with the right of any Finance Party to arrange its affairs (tax or otherwise) in whatever manner it thinks fit; (b) oblige any Finance Party to investigate or claim any credit, relief, remission or repayment available to it or the extent, order and manner of any claim; or (c) oblige any Finance Party to disclose any information relating to its affairs (tax or otherwise) or any computations in respect of Tax.
Potential Conflicts and Compliance With Mixed and Shared Funding Exemptive Order 7.1. The Board of Trustees of the Fund (the “Board”) will monitor the Fund for the existence of any material irreconcilable conflict between the interests of the Contract owners of all separate accounts investing in the Fund. An irreconcilable material conflict may arise for a variety of reasons, including: (a) an action by any state insurance regulatory authority; (b) a change in applicable federal or state insurance, tax, or securities laws or regulations, or a public ruling, private letter ruling, no-action or interpretative letter, or any similar action by insurance, tax, or securities regulatory authorities; (c) an administrative or judicial decision in any relevant proceeding; (d) the manner in which the investments of any Portfolio is being managed; (e) a difference in voting instructions given by variable annuity contract and variable life insurance contract owners or by contract owners of different Participating Insurance Companies; or (f) a decision by a Participating Insurance Company to disregard the voting instructions of Contract owners. The Board shall promptly inform the Company if it determines that an irreconcilable material conflict exists and the implications thereof. 7.2. The Company will report any potential or existing conflicts of which it is aware to the Board. The Company will assist the Board in carrying out its responsibilities under the Mixed and Shared Funding Exemptive Order, by providing the Board with all information reasonably necessary for the Board to consider any issues raised. This includes, but is not limited to, an obligation by the Company to inform the Board whenever Contract owner voting instructions are to be disregarded. Such responsibilities shall be carried out by the Company with a view only to the interests of its Contract owners. 7.3. If it is determined by a majority of the Board, or a majority of its directors who are not interested persons of the Fund, the Distributor, the Adviser or any subadviser to any of the Portfolios (the “Independent Directors”), that a material irreconcilable conflict exists, the Company and other Participating Insurance Companies shall, at their expense and to the extent reasonably practicable (as determined by a majority of the Independent Directors), take whatever steps are necessary to remedy or eliminate the irreconcilable material conflict, up to and including: (1) withdrawing the assets allocable to some or all of the separate accounts from the Fund or any Portfolio and reinvesting such assets in a different investment medium, including (but not limited to) another Portfolio, or submitting the question whether such segregation should be implemented to a vote of all affected Contract owners and, as appropriate, segregating the assets of any appropriate group (i.e., annuity contract owners, life insurance contract owners, or variable contract owners of one or more Participating Insurance Companies) that votes in favor of such segregation, or offering to the affected contract owners the option of making such a change; and (2) establishing a new registered management investment company or managed separate account. The Company’s responsibility to take remedial action shall be carried out by the Company with a view only to the interests of Contract owners. 7.4. If a material irreconcilable conflict arises because of a decision by the Company to disregard Contract owner voting instructions and that decision represents a minority position or would preclude a majority vote, the Company may be required, at the Fund’s election, to withdraw the Account’s investment in the Fund and terminate this Agreement; provided, however, that such withdrawal and termination shall be limited to the extent required by the foregoing material irreconcilable conflict as determined by a majority of the Independent Directors. Any such withdrawal and termination must take place within six (6) months after the Fund gives written notice that this provision is being implemented, and until the end of that six-month period the Adviser, the Distributor and the Fund shall continue to accept and implement orders by the Company for the purchase (and redemption) of shares of the Fund, subject to the terms of the Fund’s then-current prospectus. 7.5. If a material irreconcilable conflict arises because a particular state insurance regulator’s decision applicable to the Company conflicts with the majority of other state regulators, then the Company will withdraw the Account’s investment in the Fund and terminate this Agreement within six months after the Board informs the Company in writing that it has determined that such decision has created an irreconcilable material conflict; provided, however, that such withdrawal and termination shall be limited to the extent required by the foregoing material irreconcilable conflict as determined by a majority of the Independent Directors. Until the end of the foregoing six-month period, the Fund shall continue to accept and implement orders by the Company for the purchase (and redemption) of shares of the Fund, subject to the terms of the Fund’s then-current prospectus. 7.6. For purposes of Sections 7.3 through 7.5 of this Agreement, a majority of the Independent Directors shall determine whether any proposed action adequately remedies any irreconcilable material conflict, but in no event will the Fund be required to establish a new funding medium for the Contracts. The Company shall not be required by Section 7.3 to establish a new funding medium for the Contracts if an offer to do so has been declined by vote of a majority of Contract owners affected by the irreconcilable material conflict. In the event that the Board determines that any proposed action does not adequately remedy any irreconcilable material conflict, then the Company will withdraw the Account’s investment in the Fund and terminate this Agreement within six (6) months after the Board informs the Company in writing of the foregoing determination; provided, however, that such withdrawal and termination shall be limited to the extent required by any such material irreconcilable conflict as determined by a majority of the Independent Directors. 7.7. If and to the extent that Rule 6e-2 and Rule 6e-3(T) are amended, or Rule 6e-3 is adopted, to provide exemptive relief from any provision of the 1940 Act or the rules promulgated thereunder with respect to mixed or shared funding (as defined in the Mixed and Shared Funding Exemptive Order) on terms and conditions materially different from those contained in the Mixed and Shared Funding Exemptive Order, then (a) the Fund and/or the Participating Insurance Companies, as appropriate, shall take such steps as may be necessary to comply with Rules 6e-2 and 6e-3(T), as amended, and Rule 6e-3, as adopted, to the extent such rules are applicable: and (b) Sections 3.5, 3.6, 3.7, 7.1, 7.2, 7.3, 7.4, and 7.5 of this Agreement shall continue in effect only to the extent that terms and conditions substantially identical to such Sections are contained in such Rule(s) as so amended or adopted.
Control of Litigation The Parties agree and acknowledge that ASCU shall be entitled at its option exclusively to control any Proceeding, including without limitation the Canyons Litigation, and each Party agrees (i) to promptly notify the other Party of the existence (or alleged existence) of the institution or commencement of any Proceeding instituted by any third party, and (ii) in the case of ASC, to cooperate fully with Indemnitors in connection therewith; provided, that Indemnitor’s right to control any Proceeding shall not be construed as including the right to enter into any settlement, consent judgment or decree or other order or judgment affecting Indemnitees and whether involving monetary or non-monetary relief without the prior written approval of Indemnitees, which approval shall not be unreasonably withheld, delayed or conditioned. Furthermore, Indemnitors agree to keep ASC and the Indemnitees reasonably informed of the status of each Proceeding, including providing ASC and the Indemnitees with copies of and access to ASCU’s, and any other Indemnitors’, legal counsel’s litigation files as well as providing Indemnitees with copies of all status reports or similar correspondence including, but not limited to, correspondence provided to any insurance carrier or bonding company with an interest in any such Proceeding or litigation. If ASCU fails to proceed promptly and diligently to respond to any such Proceeding as promptly as reasonably possible, including but not limited to failing to provide Indemnitees with notice of any proposed settlement prior to entering into such an agreement, and/or fails to keep Indemnitees reasonably informed of the status of any Proceeding, Indemnitees may send Notice of such failure to ASCU and if such failure is not corrected within 30 days after such Notice, Indemnitees may assume control of such Proceeding at Indemnitors’ sole expense. In the event of such an assumption of control of a Proceeding by Indemnitees, Indemnitees shall not enter into any settlement, consent decree or order without the prior written approval of ASCU, which approval shall not be unreasonably withheld, delayed or conditioned.
Security Violations and Accounts Updates Grantee will adhere to the Confidentiality Article requirements and HHS Data Usage Agreement of this contract and immediately contact System Agency if a security violation is detected, or if Grantee has any reason to suspect that the security or integrity of the CMBHS data has been or may be compromised in any way.
