Common use of Compliance with Third Party Agreements Clause in Contracts

Compliance with Third Party Agreements. The Contractor agrees that it shall comply (and shall cause its employees and other workforce members to comply) with any other privacy and security obligation that is required as the result of EOHHS (or EOTSS or another third party, on EOHHS’ behalf) having entered into an agreement (any such agreement, a “Third Party Agreement”) with a third party (such as the Social Security Administration, the Department of Revenue or the Centers for Medicaid and Medicare Services) to obtain or to access PI from a third party (any such PI, “Third Party Data”) or to access any System containing Third Party Data or through which Third Party Data could be accessed, including, by way of illustration and not limitation, signing a written compliance acknowledgment or confidentiality agreement, undergoing a background check or completing training. The Parties acknowledge and agree that Third Party Data includes, without limitation, all data that EOHHS receives or obtains from Massachusetts Department of Revenue, the Social Security Administration, the Internal Revenue Service, the Department of Homeland Security or through the Federal Data Services Hub and, notwithstanding anything herein to the contrary, the Contractor may not access any such Third Party Data unless disclosure of such data to the Contractor is permitted under the applicable Third Party Agreement(s), all conditions for disclosure under such Agreement(s) have been satisfied and the Contractor’s access to such data is otherwise permitted under the terms of this Agreement. Notwithstanding the foregoing, the Contractor shall not be required to comply (or ensure compliance) with a Third Party Agreement under this paragraph unless it has been provided with a copy of the applicable Third Party Agreement or notified of its requirements.

Compliance with Third Party Agreements. The Contractor Provider agrees that it shall comply (and shall cause its employees and other workforce members to comply) with any other privacy and security obligation that is required as the result of EOHHS (or EOTSS or another third partyMassIT, on EOHHS’ behalf) having entered into an agreement (any such agreement, a “Third Party Agreement”) with a third party (such as the Social Security Administration, the Department of Revenue or the Centers for Medicaid and Medicare Services) to obtain or to access PI from a third party (any such PI, “Third Party Data”) or to access any System containing Third Party Data or through which Third Party Data could be accessed, including, by way of illustration and not limitation, signing a written compliance acknowledgment or confidentiality agreement, undergoing a background check or completing training. The Parties acknowledge Provider acknowledges and agree agrees that Third Party Data includes, without limitation, all data that EOHHS receives or obtains from Massachusetts Department of Revenue, the Social Security Administration, the Internal Revenue Service, the Department of Homeland Security or through the Federal Data Services Hub and, notwithstanding anything herein to the contrary, the Contractor Provider may not access any such Third Party Data unless disclosure of such data to the Contractor Provider is permitted under the applicable Third Party Agreement(s), all conditions for disclosure under such Agreement(s) have been satisfied and the ContractorProvider’s access to such data is otherwise permitted under the terms of the Contract (including this AgreementAppendix). Notwithstanding Subcontractors and Agents. The Provider shall ensure that any subcontractor or agent that uses, maintains, discloses, receives, creates or otherwise obtains PI in connection with an Administrative Activity agrees in writing to the same restrictions and conditions that apply to the Provider under this Appendix A, including, but not limited to, implementing reasonable safeguards to protect such information. Without limiting the generality of the foregoing, the Contractor Provider shall not ensure that any such agreement satisfies all requirements under the Privacy and Security Rules for a contract or other arrangement with a Business Associate. For the avoidance of doubt, the Provider’s arrangements with subcontractors are subject to all other applicable requirements of the Contract, if any. The Provider shall cause any subcontractor or agent that needs access to “personal data,” as defined in M.G.L. c. 66A, or “personal information,” as defined in M.G.L. c. 93H, that is used, maintained, received, created or otherwise obtained in connection with the performance of an Administrative Activity, or any System containing such data or information, signs an Executive Order 504 Vendor Certification Form, in the form published on the Executive Office of Administration and Finance’s website, or other written agreement containing all applicable terms and obligations as contained in such Certification Form, prior to being granted access to such data, information or System. Upon EOHHS’ request, the Provider shall provide EOHHS with a listing of its subcontractors who have such access and copies of their signed Certification Forms or other written agreements. The Provider shall ensure that any subcontractor or agent that needs access to Third Party Data or a System containing such Data or through which it may be required accessed to comply (or ensure complianceand to cause its employees and other workforce members to comply) with any privacy and/or security obligation that may be required under a Third Party Agreement under including, by way of illustration and not limitation, signing any written compliance acknowledgement or confidentiality agreement, undergoing a background check or completing training. The Provider shall ensure that any such subcontractor has satisfied all such obligations prior to being granted access to the Third Party Data or System. The Provider shall work with EOHHS to ensure that all such obligations are satisfied. For purposes of this paragraph unless it has been provided with Appendix A, a copy “subcontractor” shall include any person or entity that (a) performs an Administrative Activity or performs any other activity, or provides goods or services, that are necessary for the performance of an Administrative Activity or (b) performs, undertakes or assumes an obligation of the applicable Third Party Agreement or notified Provider with respect to the performance of its requirementsan Administrative Activity, in each case, other than in the capacity of a member of the Provider’s Workforce. Data Security.

Compliance with Third Party Agreements. The Contractor agrees that it shall comply (and shall cause its employees and other workforce members to comply) with any other privacy and security obligation that is required as the result of EOHHS (or EOTSS or another third party, on EOHHS’ behalf) having entered into an agreement (any such agreement, a “Third Party Agreement”) with a third party (such as the Social Security Administration, the Department of Revenue or the Centers for Medicaid and Medicare Services) to obtain or to access PI from a third party (any such PI, “Third Party Data”) or to access any System containing Third Party Data or through which Third Party Data could be accessed, including, by way of illustration and not limitation, signing a written compliance acknowledgment or confidentiality agreement, undergoing a background check or completing training. The Parties acknowledge and agree that Third Party Data includes, without limitation, all data that EOHHS receives or obtains from Massachusetts Department of Revenue, the Social Security Administration, the Internal Revenue Service, the Department of Homeland Security or through the Federal Data Services Hub and, notwithstanding anything herein to the contrary, the Contractor may not access any such Third Party Data unless disclosure of such data to the Contractor is permitted under the applicable Third Party Agreement(s), all conditions for disclosure under such Agreement(s) have been satisfied and the Contractor’s access to such data is otherwise permitted under the terms of this Agreement. Notwithstanding For the foregoingpurpose of this Agreement, the Contractor shall not be required to comply (or ensure compliance) with a Third Party Agreement under this paragraph unless it has been provided with a copy Agreements in place as of the applicable Third Party date hereof include, by way of illustration and without limitation, include the Information Exchange Agreement or notified of its requirementsbetween CMS and EOHHS. Such agreements are contained in Exhibit C for the Contractor’s review.

Compliance with Third Party Agreements. The Contractor Provider agrees that it shall comply (and shall cause its employees and other workforce members to comply) with any other privacy and security obligation that is required as the result of EOHHS (or EOTSS or another third partyMassIT, on EOHHS’ behalf) having entered into an agreement (any such agreement, a “Third Party Agreement”) with a third party (such as the Social Security Administration, the Department of Revenue or the Centers for Medicaid and Medicare Services) to obtain or to access PI from a third party (any such PI, “Third Party Data”) or to access any System containing Third Party Data or through which Third Party Data could be accessed, including, by way of illustration and not limitation, signing a written compliance acknowledgment or confidentiality agreement, undergoing a background check or completing training. The Parties acknowledge Provider acknowledges and agree agrees that Third Party Data includes, without limitation, all data that EOHHS receives or obtains from Massachusetts Department of Revenue, the Social Security Administration, the Internal Revenue Service, the Department of Homeland Security or through the Federal Data Services Hub and, notwithstanding anything herein to the contrary, the Contractor Provider may not access any such Third Party Data unless disclosure of such data to the Contractor Provider is permitted under the applicable Third Party Agreement(s), all conditions for disclosure under such Agreement(s) have been satisfied and the ContractorProvider’s access to such data is otherwise permitted under the 3 terms of the Contract (including this Agreement. Notwithstanding the foregoing, the Contractor shall not be required to comply (or ensure compliance) with a Third Party Agreement under this paragraph unless it has been provided with a copy of the applicable Third Party Agreement or notified of its requirementsAppendix).