Common use of Contractor’s commitment and obligations Clause in Contracts

Contractor’s commitment and obligations. Contractor agrees that it will: (1) Not use or disclose Protected Health Information provided by, made available by, or created or received on behalf of HHSC other than as permitted or required by this Agreement or as required by law; (2) Establish and maintain appropriate safeguards to prevent any use or disclosure of Protected Health Information other than as provided for by this Agreement; (3) Have procedures in place for mitigating, to the maximum extent practicable, any harmful effect of a use or disclosure of Protected Health Information that is contrary to this Agreement or the Privacy Rule; (4) Immediately report to HHSC any use or disclosure of Protected Health Information not provided for or allowed by this Agreement of which Contractor becomes aware; (5) Enter into a subcontract anytime Contractor proposes to provide or make available Protected Health Information to any subcontractor or agent. Such subcontract or agreement must: (A) Contain the same terms, conditions, and restrictions on the use and disclosure of Protected Health Information and restrictions on the security of information as contained in this Agreement; and (B) Be approved as to the form of the terms, conditions, and restrictions by HHSC prior to entering into any such agreement; (6) Make Protected Health Information in a designated records set available to HHSC or, as directed by HHSC, to the subject of the Protected Health Information, in compliance with the requirements of 45 C.F.R. §164.524. (7) Make Protected Health Information in a designated records set available for amendment and will incorporate any amendments to this information that HHSC directs or agrees to pursuant to 45 C.F.R. §164.526. (8) Document and make available to HHSC the Protected Health Information required to provide an accounting of disclosures, in accordance with 45 C.F.R. §164.528. (9) Make internal practices, books, and records relating to the use or disclosure of Protected Health Information received from, or created or received by the Contractor on behalf of HHSC, available to the Secretary of Health and Human Services or the Secretary’s designee for purposes of determining compliance with the privacy regulations. (10) Return, destroy, or continue to maintain appropriate safeguards for all Protected Health Information received from HHSC or created or received on behalf of HHSC once Contractor finishes providing Services or Deliverables under this Agreement: (A) If Contractor destroys the information, it must certify to HHSC that the information has been destroyed; (B) Contractor may not elect to destroy information that must be retained under federal or state law; and (C) Contractor must maintain appropriate safeguards for the information as long as Contractor has such Protected Health Information; (11) Develop and implement a system of sanctions for any Subcontractor or Contractor Personnel that violate this Agreement or the Privacy Rule. (12) Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of HHSC as required by 45 C.F.R. §§ 164.302-.318. (13) Immediately report to HHSC any security incident of which it becomes aware. (14) Make internal practices, books, and records relating to the security of information received from or created or received by Contractor on behalf of HHSC available to the Secretary of Health and Human Services or the Secretary's designee for purposes of determining compliance with the security rules. (15) Develop and implement a system of sanctions for any Subcontractor or Contractor Personnel that violate this Agreement or the security rules.