Business Associate Safeguards Sample Clauses

Business Associate Safeguards. The Associate will use appropriate safeguards to prevent any unauthorized use or disclosure of PHI and shall implement the administrative, physical and technical safeguards that reasonably protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of the Agency. The Associate will use all appropriate safeguards under 45 CFR 164 Subpart C including those identified as addressable. The Associate will comply with 74 FR 19006 Guidance Specifying the Technologies and Methodologies That Render PHI Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements under Section 13402 of Title XIII. With regard to electronic PHI not covered by the Guidance published at 74 FR 19006, the Associate will protect electronic PHI at rest and in transit through encryption that complies with State of Ohio IT Standard, ITS-SEC-01 Data Encryption and Cryptography.
AutoNDA by SimpleDocs
Business Associate Safeguards. The Associate will use appropriate safeguards to prevent any unauthorized use or disclosure of PHI and shall implement the administrative, physical and technical safeguards that reasonably protect the confidentiality, integrity and availability of the PHI that it creates, receives, maintains or transmits on behalf of the Agency. The Associate will use the security controls within NIST Special Publication 800-53 Rev. 4 that align with the appropriate safeguards under 45 CFR 164 Subpart C including those identified as addressable. The Associate will comply with 74 FR 19006 Guidance Specifying the Technologies and Methodologies That Render PHI Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements under Section 13402 of Title XIII. With regard to electronic PHI not covered by the Guidance published at 74 FR 19006, the Associate will protect electronic PHI at rest and in transit through encryption that complies with State of Ohio IT Standard, ITS-SEC-01 Data Encryption and Cryptography 5. Unauthorized Disclosure and Incident Reporting and Remediation and Privacy and Security Breach Notification.

Related to Business Associate Safeguards

  • Business Associate “Business Associate” shall have the same meaning as the term “business associate” at 45 C.F.R. 160.103, and shall refer to Contractor.

  • Business Associate Contract GENERAL PROVISIONS AND RECITALS

  • Business Associate Agreement This Agreement may require the exchange of information covered by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). A Business Associate Agreement (“BAA”) executed by the Parties is attached as Appendix [Letter C/D/E etc.].

  • Business Associate Obligations Business Associate agrees to comply with applicable federal confidentiality and security laws, specifically the provisions of the HIPAA Rules and the HITECH Act applicable to business associates, including: 2.1 Use and Disclosure of PHI. Except as otherwise permitted by this Agreement, the HIPAA Rules, or applicable law, Business Associate shall not make any uses or disclosures of PHI except as necessary to provide services to, or on behalf of, Covered Entity as described in the Underlying Agreement, and shall not use or disclose PHI that would violate the HIPAA Rules or HITECH Act if used or disclosed by Covered Entity; provided, however, Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities, consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate may not use or disclose PHI which it creates, receives, maintains or transmits for or on behalf of the Covered Entity for any purpose except as otherwise provided by the Agreement and this BAA. Business Associate agrees to review and understand any state privacy and security laws to the extent that such laws are not preempted by HIPAA, as may be amended from time to time. Business Associate acknowledges that it shall comply specifically with the HIPAA Security Rule, and, to the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under the Privacy Rule, it shall comply with the requirements of the Privacy Rule which apply to Covered Entity in the performance of such obligation(s). Business Associate shall in such cases: 2.1.1 provide information to members of its workforce using or disclosing PHI regarding the confidentiality requirements in the HIPAA Rules and this Agreement; 2.1.2 obtain reasonable assurances, in writing from the person or entity to whom the PHI is disclosed that: (i) the PHI will be held in confidence and further used and disclosed only as required by law or for the purpose for which it was disclosed to the person or entity; and (ii) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and 2.1.3 agree to notify the Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules or HITECH Act. 2.2 Marketing; Sale of PHI. Business Associate may not use or disclose PHI for marketing purposes. Marketing includes any communication which would encourage the recipient to use or purchase a product or service. Business Associate may not use or disclose PHI where it has directly or indirectly received remuneration, financial or otherwise, from or on behalf of the recipient of the PHI in exchange for the PHI. “Sale” is not limited to circumstances where a transfer of ownership occurs, and would include access, license or lease agreements.

  • Responsibilities of Business Associate Business Associate agrees:

  • Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.

  • EDD Independent Subrecipient Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, Subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the State.” The term is further defined by the California Employment Development Department to refer specifically to independent Subrecipients. An independent Subrecipient is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at xxxx://xxx.xxx.xx.xxx/Employer_Services.htm

  • Sub-Advisor Compliance Policies and Procedures The Sub-Advisor shall promptly provide the Trust CCO with copies of: (i) the Sub-Advisor’s policies and procedures for compliance by the Sub-Advisor with the Federal Securities Laws (together, the “Sub-Advisor Compliance Procedures”), and (ii) any material changes to the Sub-Advisor Compliance Procedures. The Sub-Advisor shall cooperate fully with the Trust CCO so as to facilitate the Trust CCO’s performance of the Trust CCO’s responsibilities under Rule 38a-1 to review, evaluate and report to the Trust’s Board of Trustees on the operation of the Sub-Advisor Compliance Procedures, and shall promptly report to the Trust CCO any Material Compliance Matter arising under the Sub-Advisor Compliance Procedures involving the Sub-Advisor Assets. The Sub-Advisor shall provide to the Trust CCO: (i) quarterly reports confirming the Sub-Advisor’s compliance with the Sub-Advisor Compliance Procedures in managing the Sub-Advisor Assets, and (ii) certifications that there were no Material Compliance Matters involving the Sub-Advisor that arose under the Sub-Advisor Compliance Procedures that affected the Sub-Advisor Assets. At least annually, the Sub-Advisor shall provide a certification to the Trust CCO to the effect that the Sub-Advisor has in place and has implemented policies and procedures that are reasonably designed to ensure compliance by the Sub-Advisor with the Federal Securities Laws.

  • Information Services Traffic 5.1 For purposes of this Section 5, Voice Information Services and Voice Information Services Traffic refer to switched voice traffic, delivered to information service providers who offer recorded voice announcement information or open vocal discussion programs to the general public. Voice Information Services Traffic does not include any form of Internet Traffic. Voice Information Services Traffic also does not include 555 traffic or similar traffic with AIN service interfaces, which traffic shall be subject to separate arrangements between the Parties. Voice Information services Traffic is not subject to Reciprocal Compensation charges under Section 7 of the Interconnection Attachment. 5.2 If a D&E Customer is served by resold Verizon Telecommunications Service or a Verizon Local Switching UNE, subject to any call blocking feature used by D&E, to the extent reasonably feasible, Verizon will route Voice Information Services Traffic originating from such Service or UNE to the Voice Information Service platform. For such Voice Information Services Traffic, unless D&E has entered into an arrangement with Verizon to xxxx and collect Voice Information Services provider charges from D&E’s Customers, D&E shall pay to Verizon without discount the Voice Information Services provider charges. D&E shall pay Verizon such charges in full regardless of whether or not it collects such charges from its own Customers. 5.3 D&E shall have the option to route Voice Information Services Traffic that originates on its own network to the appropriate Voice Information Services platform(s) connected to Verizon’s network. In the event D&E exercises such option, D&E will establish, at its own expense, a dedicated trunk group to the Verizon Voice Information Service serving switch. This trunk group will be utilized to allow D&E to route Voice Information Services Traffic originated on its network to Verizon. For such Voice Information Services Traffic, unless D&E has entered into an arrangement with Verizon to xxxx and collect Voice Information Services provider charges from D&E’s Customers, D&E shall pay to Verizon without discount the Voice Information Services provider charges. 5.4 D&E shall pay Verizon such charges in full regardless of whether or not it collects charges for such calls from its own Customers. 5.5 For variable rated Voice Information Services Traffic (e.g., NXX 550, 540, 976, 970, 940, as applicable) from D&E Customers served by resold Verizon Telecommunications Services or a Verizon Local Switching Network Element, D&E shall either (a) pay to Verizon without discount the Voice Information Services provider charges, or (b) enter into an arrangement with Verizon to xxxx and collect Voice Information Services provider charges from D&E’s Customers. 5.6 Either Party may request the other Party provide the requesting Party with non discriminatory access to the other party’s information services platform, where such platform exists. If either Party makes such a request, the Parties shall enter into a mutually acceptable written agreement for such access. 5.7 In the event D&E exercises such option, D&E will establish, at its own expense, a dedicated trunk group to the Verizon Information Service serving switch. This trunk group will be utilized to allow D&E to route information services traffic originated on its network to Verizon.

  • Environmental and Social Safeguards All of the Projects will be implemented in compliance with the MCC Environmental Guidelines and the MCC Gender Policy, and any resettlement will be carried out in accordance with the World Bank’s Operational Policy on Involuntary Resettlement in effect as of July 2007 (“OP 4.12”) in a manner acceptable to MCC. In accordance with its policies, the Government will ensure that the Projects comply with all national environmental laws and regulations, licenses and permits, except to the extent such compliance would be inconsistent with this Compact. Specifically, the Government will: (a) cooperate with or complete, as the case may be, any ongoing environmental assessments, or if necessary undertake and complete any additional environmental assessments, social assessments, environmental management plans, environmental and social audits, resettlement policy frameworks, and resettlement action plans required under the laws of Indonesia, the MCC Environmental Guidelines, this Compact, the PIA, or any Supplemental Agreement, or as otherwise required by MCC, each in form and substance satisfactory to MCC; (b) ensure that Project-specific environmental and social management plans are developed and all relevant measures contained in such plans are integrated into project design, the applicable procurement documents and associated finalized contracts, in each case, in form and substance satisfactory to MCC; and (c) implement to MCC’s satisfaction appropriate environmental and social mitigation measures identified in such assessments or plans. Unless MCC agrees otherwise in writing, the Government will fund all necessary costs of environmental and social mitigation measures (including, without limitation, costs of resettlement) not specifically provided for, or that exceed the MCC Funding specifically allocated for such costs in, the Detailed Financial Plan for any Project. To maximize the positive social impacts of the Projects, address cross-cutting social and gender issues such as human trafficking, child and forced labor, and HIV/AIDS, and to ensure compliance with the MCC Gender Policy, the Government will: (x) develop a comprehensive social and gender integration plan which, at a minimum, identifies approaches for regular, meaningful and inclusive consultations with women and other vulnerable/underrepresented groups, consolidates the findings and recommendations of Project-specific social and gender analyses and sets forth strategies for incorporating findings of the social and gender analyses into final Project designs as appropriate (“Social and Gender Integration Plan”); and (y) ensure, through monitoring and coordination during implementation, that final Activity designs, construction tender documents and implementation plans are consistent with and incorporate the outcomes of the social and gender analyses and social and gender integration plan. To address gender concerns that impact women’s ability to participate across Projects, MCA- Indonesia will adopt a detailed workplan, subject to MCC approval, for gender work to be undertaken at the policy, institutional capacity building and community levels (the “Targeted Gender Activities”). Xxxxx XX sets forth the MCC Funding allocated for the performance of the Targeted Gender Activities. Prior to the second disbursement of MCC Funding for the Targeted Gender Activities, MCA-Indonesia shall have completed detailed action plans and provided evidence of demonstrated commitment of relevant stakeholders to addressing policy constraints identified in the workplan.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!