Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Data Use Each party may use Connected Account Data in accordance with this Agreement and the consent (if any) each obtains from each Connected Account. This consent includes, as to Stripe, consent it receives via the Connected Account Agreement.
Data Access Access to Contract and State Data The Contractor shall provide to the Client Agency access to any data, as defined in Conn. Gen Stat. Sec. 4e-1, concerning the Contract and the Client Agency that are in the possession or control of the Contractor upon demand and shall provide the data to the Client Agency in a format prescribed by the Client Agency and the State Auditors of Public Accounts at no additional cost.
Data Access Control Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage.
Data Input Control It will be possible to retrospectively examine and establish whether and by whom Personal Data have been entered, modified or removed from SAP data processing systems.
Workstation Encryption Supplier will require hard disk encryption of at least 256-bit Advanced Encryption Standard (AES) on all workstations and/or laptops used by Personnel where such Personnel are accessing or processing Accenture Data.
Monthly Data Download Not later than fifteen (15) days after the end of each month, beginning with the month in which the Commencement Date occurs and ending with the Final Shared-Loss Recovery Month, Assuming Bank shall provide Receiver:
Workstation/Laptop encryption All workstations and laptops that process and/or store DHCS PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk unless approved by the DHCS Information Security Office.
Electronic Visit Verification ("EVV A. To ensure:
1. the EVV system is used to verify the provision of services governed under 40 TAC, Chapter 68 or its successor;
2. only authorized people access the Contractor's EVV account;
3. all data elements required by HHSC or HHSC's designee are uploaded or entered and maintained in the EVV system completely, accurately, and prior to submitting the claim;
4. that each time services governed by 40 TAC Chapter 68 or its successor are delivered to an individual, the Contractor's staff uses an HHSC-approved EVV system; and
5. service delivery documentation is immediately available for review by HHSC when requested.
B. Equipment provided to Contractor by HHSC, HHSC’s designee, or an HHSC-approved EVV vendor, must be returned in good condition when the equipment is no longer needed under this Contract. In the context of this agreement, “good condition” means Contractor must not place any marks or identifying information on the equipment and may not alter information on the equipment including logos and serial numbers. If the equipment is lost, stolen, marked, altered or damaged by Contractor, Contractor may be required to pay the replacement cost for each piece of equipment that is lost, stolen, marked or damaged. Replacement costs for lost, stolen, marked or damaged equipment may be assessed periodically. If Contractor recovers previously lost or stolen equipment for which Contractor paid the replacement cost in the prior 12 months, Contractor may return the equipment and be reimbursed for the replacement costs within 12 months of the date HHSC, HHSC’s designee or an HHSC-approved EVV vendor (as applicable) received payment in full from the Contractor. This is provided the equipment is returned in good condition as specified above.
C. HHSC may perform EVV compliance oversight reviews to determine if Contractor has complied with EVV compliance requirements as outlined in 40 TAC Chapter 68 or its successor, EVV Policy posted on the HHSC EVV website or EVV Policy Handbook.
D. If the Contractor determines an electronic record in the EVV system needs to be adjusted at any time, the Contractor will make the adjustment in the EVV system using the most appropriate EVV reason code number(s), EVV reason code description(s) and enter any required free text when completing visit maintenance in the EVV system, if applicable.
E. Contractor must begin using an HHSC-approved EVV system prior to submitting an EVV relevant claim.
F. All claims for services required to use EVV (EVV claims) must match to an accepted EVV visit transaction in the EVV Aggregator (the state’s centralized EVV database) prior to reimbursement of an EVV claim. Without a matching accepted EVV visit transaction, the claim will be denied.
G. Contractor must submit all EVV related claims through the Texas Medicaid Claims Administrator, or as otherwise described in the EVV Policy posted on the HHSC EVV website or in the EVV Policy Handbook.
H. Contractor must complete all required EVV training as outlined in the EVV Policy posted on the HHSC EVV website or EVV Policy Handbook: • Prior to using either an EVV vendor system or an EVV proprietary system and • Yearly thereafter.
I. Contractor and, if applicable, the Contractor’s appointed EVV system administrator, must complete, sign and date the EVV Onboarding Form as outlined in 40 TAC Chapter 68 or its successor, EVV Policy posted on the HHSC website or EVV Policy Handbook.
Customer Data 8.1 You, not bookinglab or JRNI, have sole responsibility for the entry, deletion, correction, accuracy, quality, integrity, legality, reliability, appropriateness, and right to use the Customer Data. bookinglab and JRNI is not responsible for any of the foregoing or for any destruction, damage, loss, or failure to store any Customer Data beyond its reasonable control or resulting from any failure in data transmission or operation of the Booking Service by you.
8.2 As of the MSA Start Date, JRNI is certified under ISO 27001 and shall maintain an information security program for the Services that complies with the ISO 27001 standards or such other standards as are substantially equivalent to ISO 27001.
8.3 If JRNI and/or bookinglab processes any Personal Data on your behalf when performing its obligations under this Agreement, the Parties acknowledge that you shall be the Data Controller and JRNI and/or bookinglab shall be a Data Processor and in any such case:
(a) you shall ensure that you are entitled to transfer the relevant Customer Personal Data to JRNI and/or bookinglab so that they may lawfully use, process and transfer the Customer Personal Data in accordance with this Agreement on your behalf;
(b) you shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable Data Protection Laws;
(c) each Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and
(d) notwithstanding any other provision of this Agreement, but subject always to Appendix B(1) Data Protection and B(2) Data Processing Activities, nothing shall prevent JRNI or bookinglab from disclosing Customer Personal Data or Customer Data to their Group Companies, Affiliates and third party service providers as necessary to provide the Services in accordance with clause 3, and otherwise in order to comply with Applicable Law or at the request of a governmental, regulatory or supervisory authority.
8.4 From the MSA Start Date the Parties shall comply with Appendix B(1) Data Protection and Appendix B(2) Data Processing Activities
8.5 ensure that Customer Data and Personal Data deemed as a special category of Data under GDPR is not given to us in any form unless pre-agreed by us in writing
8.6 You are solely responsible and liable for any transfer of Customer Data made by you (or made by JRNI or bookinglab at your request) from the Booking Service to a third party and for ensuring that such transfer is in compliance with the Parties' obligations under the Data Protection Laws.