Common use of Data Use Clause in Contracts

Data Use. a. As applicable, the Parties agree to share the data identified in Exhibit 1, subject to the following terms and conditions. Each Party grants to the other a license to access the data identified in Exhibit 1 for the purposes described in Exhibit 1. b. The Parties agree to: (i) disclose to the other only the minimum data necessary to accomplish the receiving Party’s identified purpose, and only as permitted under the Contract and relevant laws; (ii) keep and maintain the other's data in strict confidence, using such degree of care as is appropriate and consistent with its obligations described in this Contract and applicable law to avoid unauthorized access, use, disclosure, or loss; and (iii) not use, sell, rent, transfer, distribute, or otherwise disclose or make available the other Party's data for any purpose not directly related to its performances under the Contract or for the benefit of anyone other than the disclosing Party without that Party's prior written consent. To avoid ambiguity, a Party receiving data from the other is prohibited from using or further disclosing that data other than as permitted or required by the Contract or as required by law. c. If the Work involves payment and/or health care operations activities and requires that it receive from County data protected under 42 CFR Part 2, the following terms shall apply. (i) Contractor acknowledges and agrees that it shall be fully bound by the provisions of 42 CFR Part 2. (ii) Contractor acknowledges and agrees it has implemented appropriate risk management techniques, including administrative, technical, and physical safeguards, to protect and otherwise prevent unauthorized uses and disclosures of data subject to 42 CFR Part 2. Without limitation, the technical safeguards employed will incorporate industry recognized system hardening techniques and will reflect a risk-based assessment of the data protected relative to the likely harm from unauthorized access to the data. Contractor will at least annually audit its safeguards to ensure all information systems within its control and involved in storing, using, or transmitting data subject to 42 CFR Part 2 is secure and that reasonable and appropriate measures have been used to protect the data from unauthorized disclosure, modification, or destruction. (iii) Contractor will immediately notify County upon any unauthorized use, disclosure, breach, or suspected breach of data subject to 42 CFR Part 2 and will comply with all applicable breach notification laws. Contractor agrees to cooperate with County in the investigation and remedy of any such breach, including, without limitation, complying with any law concerning unauthorized access or disclosure, as may be reasonably requested by County. Contractor will promptly reimburse County for the costs of any breach notifications, expenses, or other fees, including any state or federal fines associated with a breach of data subject to 42 CFR Part 2 while in Contractor’s possession or control. Contractor will send any applicable notifications regarding a breach to the following notification email address: XX.Xxxxxxxx@xxxxxx.xx. (iv) Contractor will only redisclose data subject to 42 CFR Part 2 when the redisclosure recipient: (A) is a contract agent or subcontractor of Contractor that is assisting Contractor to provide services described in the Contract; and (B) agrees by contract to only further disclose the County's data subject to 42 CFR Part 2 to Contractor or County. d. All data exchanged hereunder will remain the property of the disclosing Party. Except for the uses expressly permitted herein, nothing contained in this Contract will be construed as a grant of any right or license or an offer to grant any right or license by either Party to the other with respect to the data exchanged hereunder, or any derivative works thereof.

Data Use. a. As applicable, the Parties agree to share the data identified in Exhibit 1, subject to the following terms and conditions. Each Party grants to the other a license to access the data identified in Exhibit 1 for the purposes described in Exhibit 1. b. The Parties agree to: (i) disclose to the other only the minimum data necessary to accomplish the receiving Party’s identified purpose, and only as permitted under the Contract and relevant laws; (ii) keep and maintain the other's data in strict confidence, using such degree of care as is appropriate and consistent with its obligations described in this Contract and applicable law to avoid unauthorized access, use, disclosure, or loss; and (iii) not use, sell, rent, transfer, distribute, or otherwise disclose or make available the other Party's data for any purpose not directly related to its performances under the Contract or for the benefit of anyone other than the disclosing Party without that Party's prior written consent. To avoid ambiguity, a Party receiving data from the other is prohibited from using or further disclosing that data other than as permitted or required by the Contract or as required by law. c. If the Work involves payment and/or health care operations activities and requires that it receive from County data protected under 42 CFR Part 2, the following terms shall apply. (i) Contractor acknowledges and agrees that it shall be fully bound by the provisions of 42 CFR Part 2. (ii) Contractor acknowledges and agrees it has implemented appropriate risk management techniques, including administrative, technical, and physical safeguards, to protect and otherwise prevent unauthorized uses and disclosures of data subject to 42 CFR Part 2. Without limitation, the technical safeguards employed will incorporate industry recognized system hardening techniques and will reflect a risk-based assessment of the data protected relative to the likely harm from unauthorized access to the data. Contractor will at least annually audit its safeguards to ensure all information systems within its control and involved in storing, using, or transmitting data subject to 42 CFR Part 2 is secure and that reasonable and appropriate measures have been used to protect the data from unauthorized disclosure, modification, or destruction. (iii) Contractor will immediately notify County upon any unauthorized use, disclosure, breach, or suspected breach of data subject to 42 CFR Part 2 and will comply with all applicable breach notification laws. Contractor agrees to cooperate with County in the investigation and remedy of any such breach, including, without limitation, complying with any law concerning unauthorized access or disclosure, as may be reasonably requested by County2. Contractor will promptly reimburse County for the costs of any breach notifications, expenses, or other fees, including any state or federal fines associated with a breach of data subject to 42 CFR Part 2 while in Contractor’s possession or control. Contractor will send any applicable notifications regarding a breach to the following notification email address: XX.Xxxxxxxx@xxxxxx.xx. (iviii) Contractor will only redisclose data subject to 42 CFR Part 2 when the redisclosure recipient: (A) is a contract agent or subcontractor of Contractor that is assisting Contractor to provide services described in the Contract; and (B) agrees by contract to only further disclose the County's data subject to 42 CFR Part 2 to Contractor or County. d. All data exchanged hereunder will remain the property of the disclosing Party. Except for the uses expressly permitted herein, nothing contained in this Contract will be construed as a grant of any right or license or an offer to grant any right or license by either Party to the other with respect to the data exchanged hereunder, or any derivative works thereof.

Data Use. a. As applicable, the The Parties agree to share the data identified in Exhibit 1, subject to the following terms and conditions. Each Party grants to the other a license to access the data identified in Exhibit 1 for the purposes described in Exhibit 1. b. The Parties agree to: (i) disclose to the other only the minimum data necessary to accomplish the receiving Party’s identified purpose, and only as permitted under the Contract and relevant laws; (ii) keep and maintain the other's data in strict confidence, using such degree of care as is appropriate and consistent with its obligations described in this Contract and applicable law to avoid unauthorized access, use, disclosure, or loss; and (iii) not use, sell, rent, transfer, distribute, or otherwise disclose or make available the other Party's data for any purpose not directly related to its performances under the Contract or for the benefit of anyone other than the disclosing Party without that Party's prior written consent. To avoid ambiguity, a Party receiving data from the other is prohibited from using or further disclosing that data other than as permitted or required by the Contract or as required by law. c. If the Work involves payment and/or health care operations activities and requires that it receive from County data protected under 42 CFR Part 2, the following terms shall apply. (i) Contractor acknowledges and agrees that it shall be fully bound by the provisions of 42 CFR Part 2. (ii) Contractor acknowledges and agrees it has implemented appropriate risk management techniques, including administrative, technical, and physical safeguards, to protect and otherwise prevent unauthorized uses and disclosures of data subject to 42 CFR Part 2. Without limitation, the technical safeguards employed will incorporate industry recognized system hardening techniques and will reflect a risk-based assessment of the data protected relative to the likely harm from unauthorized access to the data. Contractor will at least annually audit its safeguards to ensure all information systems within its control and involved in storing, using, or transmitting data subject to 42 CFR Part 2 is secure and that reasonable and appropriate measures have been used to protect the data from unauthorized disclosure, modification, or destruction. (iii) Contractor will immediately notify County upon any unauthorized use, disclosure, breach, or suspected breach of data subject to 42 CFR Part 2 and will comply with all applicable breach notification laws. Contractor agrees to cooperate with County in the investigation and remedy of any such breach, including, without limitation, complying with any law concerning unauthorized access or disclosure, as may be reasonably requested by County. Contractor will promptly reimburse County for the costs of any breach notifications, expenses, or other fees, including any state or federal fines associated with a breach of data subject to 42 CFR Part 2 while in Contractor’s possession or control. Contractor will send any applicable notifications regarding a breach to the following notification email address: XX.Xxxxxxxx@xxxxxx.xx. (iv) Contractor will only redisclose data subject to 42 CFR Part 2 when the redisclosure recipient: (A) is a contract agent or subcontractor of Contractor that is assisting Contractor to provide services described in the Contract; and (B) agrees by contract to only further disclose the County's data subject to 42 CFR Part 2 to Contractor or County. d. All data exchanged hereunder will remain the property of the disclosing Party. Except for the uses expressly permitted herein, nothing contained in this Contract will be construed as a grant of any right or license or an offer to grant any right or license by either Party to the other with respect to the data exchanged hereunder, or any derivative works thereof. 1. Contractor shall perform the following Work: [Enter information] 2. The maximum payment under this Contract, including expenses, is $ 500,000.00 3. Contractor shall be paid for Work on the following basis: 4. Invoices must be billed to Multnomah County and contain the following information [optional]: a. Invoice number and invoice date, b. Vendor name and address, c. Multnomah County contract number, d. Description of goods and/or services delivered, e. Detail units of measure, price per unit, extended amount per line items; f. Total invoice amount.

Data Use. a. As applicable, the The Parties agree to share the data identified in Exhibit 1, subject to the following terms and conditions. Each Party grants to the other a license to access the data identified in Exhibit 1 for the purposes described in Exhibit 1. b. The Parties agree to: (i) disclose to the other only the minimum data necessary to accomplish the receiving Party’s identified purpose, and only as permitted under the Contract and relevant laws; (ii) keep and maintain the other's data in strict confidence, using such degree of care as is appropriate and consistent with its obligations described in this Contract and applicable law to avoid unauthorized access, use, disclosure, or loss; and (iii) not use, sell, rent, transfer, distribute, or otherwise disclose or make available the other Party's data for any purpose not directly related to its performances under the Contract or for the benefit of anyone other than the disclosing Party without that Party's prior written consent. To avoid ambiguity, a Party receiving data from the other is prohibited from using or further disclosing that data other than as permitted or required by the Contract or as required by law. c. If the Work involves payment and/or health care operations activities and requires that it receive from County data protected under 42 CFR Part 2, the following terms shall apply. (i) Contractor i. PROVIDER acknowledges and agrees that it shall be fully bound by the provisions of 42 CFR Part 2. (ii) Contractor . PROVIDER acknowledges and agrees it has implemented appropriate risk management techniques, including administrative, technical, and physical safeguards, to protect and otherwise prevent unauthorized uses and disclosures of data subject to 42 CFR Part 2unauthorized iii. Without limitation, the technical safeguards employed will incorporate industry recognized system hardening techniques and will reflect a risk-based assessment of the data protected relative to the likely harm from unauthorized access to the data. Contractor will at least annually audit its safeguards to ensure all information systems within its control and involved in storing, using, or transmitting data subject to 42 CFR Part 2 is secure and that reasonable and appropriate measures have been used to protect the data from unauthorized disclosure, modification, or destruction. (iii) Contractor PROVIDER will immediately notify County upon any unauthorized use, disclosure, breach, or suspected breach of data subject to 42 CFR Part 2 and will comply with all applicable breach notification laws. Contractor PROVIDER agrees to cooperate with County in the investigation and remedy of any such breach, including, without limitation, complying with any law concerning unauthorized access or disclosure, as may be reasonably requested by County. Contractor PROVIDER will promptly reimburse County for the costs of any breach notifications, expenses, or other fees, including any state or federal fines associated with a breach of data subject to 42 CFR Part 2 while in ContractorPROVIDER’s possession or control. Contractor PROVIDER will send any applicable notifications regarding a breach to the following notification email address: XX.Xxxxxxxx@xxxxxx.xx. (iv) Contractor . PROVIDER will only redisclose data subject to 42 CFR Part 2 when the redisclosure recipient: (A) is a contract agent or subcontractor of Contractor PROVIDER that is assisting Contractor PROVIDER to provide services described in the Contract; and (B) agrees by contract to only further disclose the County's data subject to 42 CFR Part 2 to Contractor PROVIDER or County. d. All data exchanged hereunder will remain the property of the disclosing Party. Except for the uses expressly permitted herein, nothing contained in this Contract will be construed as a grant of any right or license or an offer to grant any right or license by either Party to the other with respect to the data exchanged hereunder, or any derivative works thereof. e. PROVIDER may identify certain information submitted to County in compliance with this agreement as “Trade Secret” or “Confidential.” County shall maintain this information as confidential to the extent permitted by public record laws. Provider shall perform the following Work: A Definitions 1. Bureau of Emergency Communications (BOEC) means the Bureau of the City of Portland that maintains the Primary Public Safety Answering Point (PSAP) 9-1-1 telephone answering system, and provides dispatch services for police, fire and EMS for the County.