Contractors Duties Regarding Confidential Information. Section 3.01
Contractors Duties Regarding Confidential Information. 3.1. With respect to PHI, Contractor shall:
Contractors Duties Regarding Confidential Information. Contractor must Limit access to CI to only Authorized Users for an Authorized Purpose (the services that HHS has hired the contractor to perform) Train its Workforce on privacy and security Sanction its Workforce who violate the DUA Not re-identify de-identified CI Be responsible for its subcontractors and have them sign the Subcontractor Attachment to the DUA Maintain privacy and security policies and procedures and accountings of disclosures of, and amendments to, PHI. Return or Destroy CI upon termination of DUA at HHS’ election Article 3 (Cont.) Safeguard CI Provide an Initial Security Inquiry or System Security Plan to HHS that documents contractor’s security controls and identifies security risks Establish and implement administrative, procedural, technical and physical safeguards that protect HHS CI Identify a Privacy Official and an Information Security Official to be responsible for the implementation of the DUA and contact with HHS Maintain a list of Authorized Users Respond to HHS requests for information and cooperate with investigations and audits Securely transmit CI (may include encryption) Comply with applicable laws, regulations, security controls and policies
Contractors Duties Regarding Confidential Information. Obligations of CONTRACTOR CONTRACTOR agrees that:
Contractors Duties Regarding Confidential Information
