Information and Assistance 15.1.1 Subject to any obligation in respect of confidentiality, the DPA 2018 and Confidential Information, the Parties will use all reasonable endeavours to provide and share information and data reasonably required by the other:
(a) to enable it to perform its obligations under this Agreement; and/or
(b) (in the case of the Provider) which is reasonably necessary to enable the Department to perform its statutory obligations and other functions insofar as such provision forms part of the Services.
15.1.2 Neither Party will hinder, delay or prevent the other Party in the performance of the other Party's obligations under this Agreement.
ERISA Information and Compliance The Obligors will promptly furnish and will cause the Subsidiaries and any ERISA Affiliate to promptly furnish to the Administrative Agent with sufficient copies to the Lenders (i) promptly after the filing thereof with the United States Secretary of Labor, the Internal Revenue Service or the PBGC, copies of each annual and other report with respect to each Plan or any trust created thereunder, (ii) immediately upon becoming aware of the occurrence of any ERISA Event or of any “prohibited transaction,” as described in section 406 of ERISA or in section 4975 of the Code, in connection with any Plan or any trust created thereunder, a written notice signed by a Responsible Officer specifying the nature thereof, what action the Obligors, the Subsidiary or the ERISA Affiliate is taking or proposes to take with respect thereto, and, when known, any action taken or proposed by the Internal Revenue Service, the Department of Labor or the PBGC with respect thereto, and (iii) immediately upon receipt thereof, copies of any notice of the PBGCs intention to terminate or to have a trustee appointed to administer any Plan. With respect to each Plan (other than a Multiemployer Plan), the Obligors will, and will cause each Subsidiary and ERISA Affiliate to, (i) satisfy in full and in a timely manner, without incurring any late payment or underpayment charge or penalty and without giving rise to any lien, all of the contribution and funding requirements of section 412 of the Code (determined without regard to subsections (d), (e), (f) and (k) thereof) and of section 302 of ERISA (determined without regard to sections 303, 304 and 306 of ERISA), and (ii) pay, or cause to be paid, to the PBGC in a timely manner, without incurring any late payment or underpayment charge or penalty, all premiums required pursuant to sections 4006 and 4007 of ERISA.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Access to Information; Independent Investigation Prior to the execution of this Agreement, the Subscriber has had the opportunity to ask questions of and receive answers from representatives of the Company concerning an investment in the Company, as well as the finances, operations, business and prospects of the Company, and the opportunity to obtain additional information to verify the accuracy of all information so obtained. In determining whether to make this investment, Subscriber has relied solely on Subscriber’s own knowledge and understanding of the Company and its business based upon Subscriber’s own due diligence investigation and the information furnished pursuant to this paragraph. Subscriber understands that no person has been authorized to give any information or to make any representations which were not furnished pursuant to this Section 2 and Subscriber has not relied on any other representations or information in making its investment decision, whether written or oral, relating to the Company, its operations and/or its prospects.
Accessibility of Information Technology Contractor represents and warrants that any software/ hardware/ communications system/ equipment (collectively “technology”), if any, provided under this Agreement adheres to the standards and/or specifications as may be set forth in the Section 508 of the Rehabilitation Act of 1973 standards guide and is fully compliant with WCAG 2.0 AA standards for accessibility and compliant with any applicable FCC regulations. Technology that will be used on a mobile device must also be navigable with Voiceover on iOS devices in addition to meeting WCAG 2.0 level AA. If portions of the technology or user experience are alleged to be non-compliant or non- accessible at any point, District will provide Contractor with notice of such allegation and Contractor shall use its best efforts to make the technology compliant and accessible. If a state or federal department, office or regulatory agency, or if any other third party administrative agency or organization (“Claimants”), make a claim, allegation, initiates legal or regulatory process, or if a court finds or otherwise determines that technology is non-compliant or non-accessible, Contractor shall indemnify, defend and hold harmless the District from and against any and all such claims, allegations, liabilities, damages, penalties, fees, costs (including but not limited to reasonable attorneys’ fees), arising out of or related to Xxxxxxxxx’ claims. Contractor shall also fully indemnify District for the full cost of any user accommodation that is found to be necessary due to an identifiable lack of accessibility in the Contractor’s technology. If necessary, an independent 3rd party accessibility firm using POUR standards (Perceivable, Operable, Understandable and Robust) may be used to validate the accessibility of the technology.
Cooperation and Assistance (a) You agree to provide access at no cost or expense to Us.
Performance of Services in Accordance with Regulatory Requirements; Furnishing of Books and Records In performing the services set forth in this Agreement, the Manager:
A. shall conform with the 1940 Act and all rules and regulations thereunder, with all other applicable federal, state and foreign laws and regulations, with any applicable procedures adopted by the Trust’s Board of Trustees, and with the provisions of the Trust’s Registration Statement filed on Form N-1A as supplemented or amended from time to time;
B. will make available to the Trust, promptly upon request, any of the Fund’s books and records as are maintained under this Agreement, and will furnish to regulatory authorities having the requisite authority any such books and records and any information or reports in connection with the Manager’s services under this Agreement that may be requested in order to ascertain whether the operations of the Trust are being conducted in a manner consistent with applicable laws and regulations.
RECORDS AND AUDIT ACCESS 17.1 The Supplier shall keep and maintain until seven (7) Years after the date of termination or expiry (whichever is the earlier) of this Framework Agreement (or such other longer period as may be agreed between the Parties), full and accurate records and accounts of the operation of this Framework Agreement including the Services provided under it, the Call-Off Contracts entered into with Contracting Bodies and the amounts paid by each Contracting Body.
17.2 The Supplier shall keep the records and accounts referred to in Clause 17.1 above in accordance with Good Industry Practice.
17.3 The Supplier shall provide the Authority with a completed quarterly Self Audit Compliance Certificate in respect of each Contract Year of this Framework Agreement. The Self Audit Compliance Certificates shall be completed by a responsible senior member of the Supplier’s management team or by the Supplier’s external auditor. The Self Audit Compliance Certificate should confirm that tests have been completed to provide assurance that:
17.3.1 a representative sample of Orders are clearly identified as Framework Orders in the order processing/ invoicing systems and where required, Orders are correctly reported in the MI returns;
17.3.2 all Orders have been performed in accordance with the terms and conditions of this Framework Agreement;
17.3.3 all related invoices are completely and accurately included in the MI returns; and
17.3.4 all Charges to Contracting Bodies comply with Framework requirements on maximum mark-ups, discounts, charge rates, fixed quotes (as applicable).
17.4 The Supplier shall afford the Authority (or relevant Other Contracting Body), the Authority's representatives, the National Audit Office and/or auditor appointed by the Audit Commission ("Auditors") access to the records and accounts referred to in Clause 17.1 at the Supplier's premises and/or provide copies of such records and accounts, as may be required and agreed with the Authority (or relevant Other Contracting Body or Auditors) from time to time, in order that the Authority (or relevant Contracting Body or Auditors) may carry out an inspection including for the following purposes:
17.4.1 to verify the accuracy of Charges (and proposed or actual variations to them in accordance with this Framework Agreement) and/or the costs of the Supplier (including Sub-Contractors);
17.4.2 to review the integrity, confidentiality and security of the Personal Data held or used by the Supplier;
17.4.3 to review the Supplier's compliance with the Data Protection Legislation in accordance with this Framework Agreement and any other Laws;
17.4.4 to review the Supplier's compliance with its continuous improvement obligations and its benchmarking obligations set out in Framework Agreement Schedule 7;
17.4.5 to review the Supplier's compliance with its security obligations;
17.4.6 to review any books of accounts kept by the Supplier in connection with the provision of the Services; and/or
17.4.7 to ensure that the Supplier is complying with its obligations under this Framework Agreement and any Call-Off Contract. Each such inspection shall be an "Audit".
17.5 The Supplier shall provide such records and accounts (together with copies of the Supplier's published accounts) on request during the Term and for a period of seven
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Why We Collect Information and For How Long We are collecting your data for several reasons: · To better understand your needs and provide you with the services you have requested; · To fulfill our legitimate interest in improving our services and products; · To send you promotional emails containing information we think you may like when we have your consent to do so; · To contact you to fill out surveys or participate in other types of market research, when we have your consent to do so; · To customize our website according to your online behavior and personal preferences. The data we collect from you will be stored for no longer than necessary. The length of time we retain said information will be determined based upon the following criteria: the length of time your personal information remains relevant; the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations; any limitation periods within which claims might be made; any retention periods prescribed by law or recommended by regulators, professional bodies or associations; the type of contract we have with you, the existence of your consent, and our legitimate interest in keeping such information as stated in this Policy.
