OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Lender Tax Information For purposes of this Section 5.9, the term “Lender” includes any Fronting Bank.
Trade Secrets and Confidential Information/Company Property Employee reaffirms and agrees to observe and abide by the terms of the Employment Agreement and the Confidentiality Agreement, specifically including the provisions therein regarding nondisclosure of the Company’s trade secrets and confidential and proprietary information, and the restrictive covenants contained therein. Employee’s signature below constitutes his certification under penalty of perjury that he has returned all documents and other items provided to Employee by the Company, developed or obtained by Employee in connection with his employment with the Company, or otherwise belonging to the Company.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Verizon OSS Information 8.5.1 Subject to the provisions of this Section 8 and Applicable Law, Verizon grants to Reconex a non-exclusive license to use Verizon OSS Information.
8.5.2 All Verizon OSS Information shall at all times remain the property of Verizon. Except as expressly stated in this Section 8, Reconex shall acquire no rights in or to any Verizon OSS Information.
8.5.2.1 The provisions of this Section 8.5.2 shall apply to all Verizon OSS Information, except (a) Reconex Usage Information, (b) CPNI of Reconex, and (c) CPNI of a Verizon Customer or a Reconex Customer, to the extent the Customer has authorized Reconex to use the Customer Information.
8.5.2.2 Verizon OSS Information may be accessed and used by Reconex only to provide Telecommunications Services to Reconex Customers.
8.5.2.3 Reconex shall treat Verizon OSS Information that is designated by Verizon, through written or electronic notice (including, but not limited to, through the Verizon OSS Services), as “Confidential” or “Proprietary” as Confidential Information of Verizon pursuant to Section 10 of the Agreement.
8.5.2.4 Except as expressly stated in this Section 8, this Agreement does not grant to Reconex any right or license to grant sublicenses to other persons, or permission to other persons (except Reconex’s employees, agents or contractors, in accordance with Section 8.5.2.5 below, to access, use or disclose Verizon OSS Information.
8.5.2.5 Reconex’s employees, agents and contractors may access, use and disclose Verizon OSS Information only to the extent necessary for Reconex’s access to, and use and disclosure of, Verizon OSS Information permitted by this Section 8. Any access to, or use or disclosure of, Verizon OSS Information by Reconex’s employees, agents or contractors, shall be subject to the provisions of this Agreement, including, but not limited to, Section 10 of the Agreement and Section 8.5.2.3 above.
8.5.2.6 Reconex’s license to use Verizon OSS Information shall expire upon the earliest of: (a) the time when the Verizon OSS Information is no longer needed by Reconex to provide Telecommunications Services to Reconex Customers; (b) termination of the license in accordance with this Section 8; or (c) expiration or termination of the Agreement.
8.5.2.7 All Verizon OSS Information received by Reconex shall be destroyed or returned by Reconex to Verizon, upon expiration, suspension or termination of the license to use such Verizon OSS Information.
8.5.3 Unless sooner terminated or suspended in accordance with the Agreement or this Section 8 (including, but not limited to, Section 2.2 of the Agreement and Section 8.6.1 below), Reconex’s access to Verizon OSS Information through Verizon OSS Services shall terminate upon the expiration or termination of the Agreement.
8.5.3.1 Verizon shall have the right (but not the obligation) to audit Reconex to ascertain whether Reconex is complying with the requirements of Applicable Law and this Agreement with regard to Reconex’s access to, and use and disclosure of, Verizon OSS Information.
8.5.3.2 Without in any way limiting any other rights Verizon may have under the Agreement or Applicable Law, Verizon shall have the right (but not the obligation) to monitor Reconex’s access to and use of Verizon OSS Information which is made available by Verizon to Reconex pursuant to this Agreement, to ascertain whether Reconex is complying with the requirements of Applicable Law and this Agreement, with regard to Reconex’s access to, and use and disclosure of, such Verizon OSS Information. The foregoing right shall include, but not be limited to, the right (but not the obligation) to electronically monitor Reconex’s access to and use of Verizon OSS Information which is made available by Verizon to Reconex through Verizon OSS Facilities.
8.5.3.3 Information obtained by Verizon pursuant to this Section 8.5.3.3 shall be treated by Verizon as Confidential Information of Reconex pursuant to Section 10 of the Agreement; provided that, Verizon shall have the right (but not the obligation) to use and disclose information obtained by Verizon pursuant to this Section 8.5.3.3 to enforce Verizon’s rights under the Agreement or Applicable Law.
Secure Your Tax Records from Identity Theft Identity theft occurs when someone uses your personal information such as your name, SSN, or other identifying information, without your permission, to commit fraud or other crimes. An identity thief may use your SSN to get a job or may file a tax return using your SSN to receive a refund. To reduce your risk: • Protect your SSN, • Ensure your employer is protecting your SSN, and • Be careful when choosing a tax preparer. If your tax records are affected by identity theft and you receive a notice from the IRS, respond right away to the name and phone number printed on the IRS notice or letter. If your tax records are not currently affected by identity theft but you think you are at risk due to a lost or stolen purse or wallet, questionable credit card activity or credit report, contact the IRS Identity Theft Hotline at 0-000-000-0000 or submit Form 14039. For more information, see Pub. 5027, Identity Theft Information for Taxpayers. Victims of identity theft who are experiencing economic harm or a systemic problem, or are seeking help in resolving tax problems that have not been resolved through normal channels, may be eligible for Taxpayer Advocate Service (TAS) assistance. You can reach TAS by calling the TAS toll-free case intake line at 0-000-000-0000 or TTY/TDD 0-000-000-0000. The IRS does not initiate contacts with taxpayers via emails. Also, the IRS does not request personal detailed information through email or ask taxpayers for the PIN numbers, passwords, or similar secret access information for their credit card, bank, or other financial accounts. If you receive an unsolicited email claiming to be from the IRS, forward this message to xxxxxxxx@xxx.xxx. You may also report misuse of the IRS name, logo, or other IRS property to the Treasury Inspector General for Tax Administration (TIGTA) at 0-000-000-0000. You can forward suspicious emails to the Federal Trade Commission at xxxx@xxx.xxx or report them at xxx.xxx.xxx/xxxxxxxxx. You can contact the FTC at xxx.xxx.xxx/xxxxxxx or 877-IDTHEFT (877-438-4338). If you have been the victim of identity theft, see xxx.XxxxxxxxXxxxx.xxx and Pub. 5027. Visit xxx.xxx.xxx/XxxxxxxxXxxxx to learn more about identity theft and how to reduce your risk.
Confidential Information and Intellectual Property (a) Other than in the performance of the Executive’s duties hereunder, the Executive agrees not to use in any manner or disclose, distribute, publish, communicate or in any way cause to be used, disclosed, distributed, published, or communicated in any way or at any time, either while in the Company's employ or at any time thereafter, to any person not employed by the Company, or not engaged to render services to the Company, any Confidential Information (as defined below) obtained while in the employ of the Company.
(b) Confidential Information includes any written or unwritten information which relates to and/or is used by the Company or its subsidiaries, affiliates or divisions, including, without limitation (i) the names, addresses, buying habits and other special information regarding past, present and potential customers, employees and suppliers of the Company, (ii) customer and supplier contracts and transactions or price lists of the Company and suppliers, (iii) methods of distribution, (iv) all agreements, files, books, logs, charts, records, studies, reports, processes, schedules and statistical information, (v) data, figures, projections, estimates, pricing data, customer lists, buying manuals or procedures, distribution manuals or procedures, other policy and procedure manuals or handbooks, (vi) supplier information, tax records, personnel histories and records, sales information, and property information, (vii) information regarding the present or future phases of business, (viii) ideas, inventions, trademarks, business information, know-how, processes, techniques, improvements, designs, redesigns, creations, discoveries, trade secrets, and developments, (ix) all computer software licensed or developed by the Company or its subsidiaries, affiliates or divisions, computer programs, computer-based and web-based training programs, and systems, and (x) finances and financial information, but Confidential Information will not include information of the Company or its subsidiaries, affiliates or divisions that (1) became or becomes a matter of public knowledge through sources independent of the Executive, (2) has been or is disclosed by the Company or its subsidiaries, affiliates or divisions without restriction on its use, or (3) has been or is required or specifically permitted to be disclosed by law or governmental order or regulation. The Executive also agrees that, if there is any reasonable doubt whether an item is public knowledge, to not regard the item as public knowledge until and unless the Company’s Chief Executive Officer confirms to the Executive that the information is public knowledge.
(c) The provisions of this Section 5 shall not preclude the Executive from disclosing such information to the Executive's professional tax advisor or legal counsel solely to the extent necessary to the rendering of their professional services to the Executive if such individuals agree to keep such information confidential.
(d) The Executive agrees that upon leaving the Company’s employ the Executive will remain reasonably available to answer questions from Company officers regarding the Executive’s former duties and responsibilities and the knowledge the Executive obtained in connection therewith.
(e) The Executive agrees that upon leaving the Company's employ the Executive will not communicate with, or give statements to, any member of the media (including print, television, or radio media) relating to any matter (including pending or threatening lawsuits or administrative investigations) about which the Executive has knowledge or information (other than knowledge or information that is not Confidential Information) as a result of employment with the Company. The Executive further agrees to notify the Chief Executive Officer or his or her designee immediately after being contacted by any member of the media with respect to any matter affected by this section.
(f) The Executive agrees that all information, inventions, and discoveries, whether or not patented or patentable, made or conceived by the Executive, either alone or with others, at any time while employed by the Company, which arises out of such employment or is pertinent to any field of business or research in which, during such employment, the Company, its subsidiaries, affiliates or divisions is engaged or (if such is known to or ascertainable by the Executive) is considering engaging (“Intellectual Property”) shall (i) be and remain the sole property of the Company and the Executive shall not seek a patent with respect to such Intellectual Property without the prior consent of an authorized representative of the Company and (ii) be disclosed promptly to an authorized representative of the Company along with all information the Executive possesses with regard to possible applications and uses. Further, at the request of the Company, and without expense or additional compensation to the Executive, the Executive agrees to execute such documents and perform such other acts as the Company deems necessary to obtain patents on such Intellectual Property in a jurisdiction or jurisdictions designated by the Company, and to assign to the Company or its designee such Intellectual Property and all patent applications and patents relating thereto.
(g) The Executive and the Company agree that the Executive intends all original works of authorship within the purview of the copyright laws of the United States authored or created by the Executive in the course of the Executive’s employment with the Company will be works for hire within the meaning of such copyright law.
(h) Upon termination of the Executive’s employment, or at any time upon request of the Company, the Executive will return to the Company all Confidential Information and Intellectual Property, in any form, including but not limited to letters, memoranda, reports, notes, notebooks, books of account, drawings, prints, specifications, formulae, data printouts, microfilms, magnetic tapes, disks, recordings, documents, and all copies thereof.
Confidential Information Protections 4.1 At all times during and after the Employee’s employment, the Employee will hold in confidence and will not disclose, use, lecture upon, or publish any of Company’s Confidential Information (defined below), except as may be required in connection with the Employee’s work for Company, or as expressly authorized by the Board. The Employee will obtain the written approval of the Board before publishing or submitting for publication any material (written, oral, or otherwise) that relates to the Employee’s work at Company and/or incorporates any Confidential Information. The Employee hereby assigns to Company any rights the Employee may have or acquire in any and all Confidential Information and recognize that all Confidential Information shall be the sole and exclusive property of Company and its assigns.
Obligations and Activities of Business Associate Business Associate agrees to:
a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law;
b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA;
c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware;
d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information;
e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
Confidentiality of Contractor Information The Contractor acknowledges and agrees that this Contract and any and all Contractor information obtained by the State in connection with this Contract are subject to the State of Vermont Access to Public Records Act, 1 V.S.A. § 315 et seq. The State will not disclose information for which a reasonable claim of exemption can be made pursuant to 1 V.S.A. § 317(c), including, but not limited to, trade secrets, proprietary information or financial information, including any formulae, plan, pattern, process, tool, mechanism, compound, procedure, production data, or compilation of information which is not patented, which is known only to the Contractor, and which gives the Contractor an opportunity to obtain business advantage over competitors who do not know it or use it.
