Common use of Contractor S Duties Regarding Confidential Information Clause in Contracts

Contractor S Duties Regarding Confidential Information. Section 3.01 Obligations of Contractor Contractor agrees that: (A) With respect to PHI, Contractor shall: (1) Make PHI available in a designated record set if requested by HHS, if Contractor maintains PHI in a designated record set, as defined in HIPAA. (2) Provide to HHS data aggregation services related to the healthcare operations Contractor performs for HHS pursuant to the Base Contract, if requested by HHS, if Contractor provides data aggregation services as defined in HIPAA. (3) Provide access to PHI to an individual who is requesting his or her own PHI, or such individual’s Legally Authorized Representative, in compliance with the requirements of HIPAA. (4) Make PHI available to HHS for amendment, and incorporate any amendments to PHI that HHS directs, in compliance with HIPAA. (5) Document and make available to HHS, an accounting of disclosures in compliance with the requirements of HIPAA. (6) If Contractor receives a request for access, amendment or accounting of PHI by any individual, promptly forward the request to HHS or, if forwarding the request would violate HIPAA, promptly notify HHS of the request and of Contractor’s response. HHS will respond to all such requests, unless Contractor is Required by Law to respond or HHS has given prior written consent for Contractor to respond to and account for all such requests. (B) With respect to ALL Confidential Information, Contractor shall: (1) Exercise reasonable care and no less than the same degree of care Contractor uses to protect its own confidential, proprietary and trade secret information to prevent Confidential Information from being used in a manner that is not expressly an Authorized Purpose or as Required by Law. Contractor will access, create, maintain, receive, use, disclose, transmit or Destroy Confidential Information in a secure fashion that protects against any reasonably anticipated threats or hazards to the security or integrity of such information or unauthorized uses. (2) Establish, implement and maintain appropriate procedural, administrative, physical and technical safeguards to preserve and maintain the confidentiality, integrity, and availability of the Confidential Information, in accordance with applicable laws or regulations relating to Confidential Information, to prevent any unauthorized use or disclosure of Confidential Information as long as Contractor has such Confidential Information in its actual or constructive possession. (3) Implement, update as necessary, and document privacy, security and Breach notice policies and procedures and an incident response plan to address a Breach, to comply with the privacy, security and breach notice requirements of this DUA prior to conducting work under the Base Contract. Contractor shall produce, within three business days of a request by HHS, copies of its policies and procedures and records relating to the use or disclosure of Confidential Information.