OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law. 2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract. 3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY. 4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract. 5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410. 6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information. 7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format. 8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed. 9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule. 10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. 11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. 12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation. 13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors. 14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law. (2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards. (3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity. (4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract. (5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware. (6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. (7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request. (8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity. (9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards. (10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. (11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. (12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule. (13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316. (14) In the event that an Individual requests that the Business Associate (A) restrict disclosures of PHI; (B) provide an accounting of disclosures of the Individual’s PHI; (C) provide a copy of the Individual’s PHI in an Electronic Health Record; or (D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request. (15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without (A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and (B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations. (16) Obligations in the Event of a Breach. (A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract. (B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach. (C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information: 1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed. 2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code). 3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach. 4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches. 5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Submitting Loop Makeup Service Inquiries 2.6.2.1 Comcast Phone may obtain LMU information by submitting a mechanized LMU query or a Manual LMUSI. Mechanized LMUs should be submitted through BellSouth's OSS interfaces. After obtaining the Loop information from the mechanized LMU process, if Comcast Phone needs further Loop information in order to determine Loop service capability, Comcast Phone may initiate a separate Manual Service Inquiry for a separate nonrecurring charge as set forth in Exhibit A of this Attachment. 2.6.2.2 Manual LMUSIs shall be submitted according to the guidelines in the LMU CLEC Information Package, incorporated herein by reference, as it may be amended from time to time, which can be found at the following BellSouth website: xxxx://xxxxxxxxxxxxxxx.xxxxxxxxx.xxx/guides/html/unes.html . The service interval for the return of a Manual LMUSI is three (3) business days. Manual LMUSIs are not subject to expedite requests. This service interval is distinct from the interval applied to the subsequent service order.
Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.
Obligations and Activities of Business Associate Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
TECHNOLOGY/KNOWLEDGE TRANSFER ACTIVITIES The goal of this task is to develop a plan to make the knowledge gained, experimental results, and lessons learned available to the public and key decision makers. • Prepare an Initial Fact Sheet at start of the project that describes the project. Use the format provided by the CAM. • Prepare a Final Project Fact Sheet at the project’s conclusion that discusses results. Use the format provided by the CAM. • Prepare a Technology/Knowledge Transfer Plan that includes: o An explanation of how the knowledge gained from the project will be made available to the public, including the targeted market sector and potential outreach to end users, utilities, regulatory agencies, and others. o A description of the intended use(s) for and users of the project results. o Published documents, including date, title, and periodical name. o Copies of documents, fact sheets, journal articles, press releases, and other documents prepared for public dissemination. These documents must include the Legal Notice required in the terms and conditions. Indicate where and when the documents were disseminated. o A discussion of policy development. State if project has been or will be cited in government policy publications, or used to inform regulatory bodies. o The number of website downloads or public requests for project results. o Additional areas as determined by the CAM. • Conduct technology transfer activities in accordance with the Technology/Knowledge Transfer Plan. These activities will be reported in the Progress Reports. • When directed by the CAM, develop Presentation Materials for an Energy Commission- sponsored conference/workshop(s) on the project. • When directed by the CAM, participate in annual EPIC symposium(s) sponsored by the California Energy Commission. • Provide at least (6) six High Quality Digital Photographs (minimum resolution of 1300x500 pixels in landscape ratio) of pre and post technology installation at the project sites or related project photographs. • Prepare a Technology/Knowledge Transfer Report on technology transfer activities conducted during the project. • Initial Fact Sheet (draft and final) • Final Project Fact Sheet (draft and final) • Presentation Materials (draft and final) • High Quality Digital Photographs • Technology/Knowledge Transfer Plan (draft and final) • Technology/Knowledge Transfer Report (draft and final)
Specified Personnel ST6.1 The Grantee agrees that the following personnel (Specified Personnel) be involved in the Activity as set out below: <specified personnel>
Monopolies and Exclusive Service Suppliers 1. Each Party shall ensure that any monopoly supplier of a service in its territory does not, in the supply of the monopoly service in the relevant market, act in a manner inconsistent with that Party's Schedule of specific commitments. 2. Where a Party's monopoly supplier competes, either directly or through an affiliated company, in the supply of a service outside the scope of its monopoly rights and which is subject to that Party's Schedule of specific commitments, the Party shall ensure that such a supplier does not abuse its monopoly position to act in its territory in a manner inconsistent with such commitments. 3. If a Party has reason to believe that a monopoly supplier of a service of the other Party is acting in a manner inconsistent with paragraphs 1 or 2 above, it may request that Party establishing, maintaining or authorising such supplier to provide specific information concerning the relevant operations. 4. The provisions of this Article shall also apply to cases of exclusive service suppliers, where a Party, formally or in effect: (a) authorises or establishes a small number of service suppliers; and (b) substantially prevents competition among those suppliers in its territory.
Succession; Sub-Servicers; Subcontractors (a) For so long as the Trust or any Other Securitization Trust is subject to the reporting requirements of the Exchange Act (in addition to any requirements contained in Section 10.07 of this Agreement), in connection with the succession to the Master Servicer, the Special Servicer or any Sub-Servicer as servicer or sub-servicer (to the extent such Sub-Servicer is a “servicer” as contemplated by Item 1108(a)(2) of Regulation AB) or succession to the Certificate Administrator under this Agreement by any Person (i) into which the Master Servicer, the Special Servicer, such Sub-Servicer or Certificate Administrator may be merged or consolidated, or (ii) which may be appointed as a successor to the Master Servicer, the Special Servicer, any such Sub-Servicer or Certificate Administrator, the Certificate Administrator (or, in the case of a successor to the Certificate Administrator, the Trustee) shall provide to the Depositor, as well as any Other Depositor as to which the applicable Companion Loan is affected, at least five (5) Business Days prior to the effective date of such succession or appointment as long as such disclosure prior to such effective date would not be violative of any applicable law or confidentiality agreement, otherwise no later than one (1) Business Day after such effective date, (x) written notice to the Depositor and each such Other Depositor of such succession or appointment and (y) in writing and in form and substance reasonably satisfactory to the Depositor and each such Other Depositor, all information relating to such successor (which such successor Master Servicer, Special Servicer, Sub-Servicer or Certificate Administrator shall be required to provide) reasonably requested by the Depositor or any such Other Depositor in order to comply with its reporting obligation under Item 6.02 of Form 8-K pursuant to the Exchange Act (if such reports under the Exchange Act are required to be filed under the Exchange Act). The Certificate Administrator (or the Trustee, if applicable) shall provide similar notice to the Depositor and each such Other Depositor in connection with any resignation or termination of the Master Servicer, the Special Servicer, any Sub-Servicer or the Certificate Administrator. In addition, with respect to each Serviced Companion Loan, the Certificate Administrator shall comply with the Trust’s obligations under each Co-Lender Agreement (including with respect to the provision of any required notices) in connection with any resignation, termination, replacement or appointment of the Master Servicer, the Special Servicer, any Sub-Servicer or the Certificate Administrator or any successor thereto. (b) For so long as the Trust or any Other Securitization Trust is subject to the reporting requirements of the Exchange Act, if the Master Servicer, the Special Servicer, any Sub-Servicer, the Custodian, the Trustee and the Certificate Administrator (each of the Master Servicer, the Special Servicer, the Custodian, the Trustee and the Certificate Administrator and each Sub-Servicer, for purposes of this Section 10.02(b), Section 10.02(c), Section 10.02(d) and Section 10.17, a “Servicer”) utilizes one or more Subcontractors to perform certain of its obligations hereunder, such Servicer shall promptly upon request provide to the Depositor, as well as any Other Depositor as to which the applicable Serviced Companion Loan is affected, a written description (in form and substance satisfactory to the Depositor and each such Other Depositor) of the role and function of each Subcontractor that is a Servicing Function Participant utilized by such Servicer during the preceding calendar year, specifying (i) the identity of such Subcontractor, and (ii) which elements of the Servicing Criteria will be addressed in assessments of compliance provided by each such Subcontractor. Each Servicer shall cause any Subcontractor determined to be a Servicing Function Participant used by such Servicer for the benefit of the Depositor to comply with the provisions of Section 10.09 and Section 10.10 of this Agreement to the same extent as if such Subcontractor were such Servicer. Such Servicer shall obtain from each such Subcontractor (or, in the case of each Sub-Servicer set forth on Exhibit S, shall use commercially reasonable efforts to cause such Sub-Servicer) and deliver to the applicable Persons any assessment of compliance report and related accountant’s attestation required to be delivered by such Subcontractor under Section 10.09 and Section 10.10 of this Agreement, in each case, as and when required to be delivered. (c) For so long as the Trust or any Other Securitization Trust is subject to the reporting requirements of the Exchange Act, notwithstanding the foregoing, if a Servicer engages a Subcontractor in connection with the performance of any of its duties under this Agreement, such Servicer shall be responsible for determining whether such Subcontractor is a “servicer” within the meaning of Item 1101 of Regulation AB and whether such Subcontractor meets the criteria in Item 1108(a)(2)(i), (ii) or (iii) of Regulation AB. If a Servicer determines, pursuant to the preceding sentence, that such Subcontractor is a “servicer” within the meaning of Item 1101 of Regulation AB and meets the criteria in Item 1108(a)(2)(i), (ii) or (iii) of Regulation AB, then the engagement of such Subcontractor shall not be effective unless and until notice is given to the Depositor and the Certificate Administrator, as well as any Other Depositor as to which the applicable Companion Loan is affected, of any such Subcontractor and sub-servicing agreement and, if such Subcontractor is engaged by the Master Servicer or the Special Servicer, such Subcontractor shall be deemed to be a Sub-Servicer for purposes of this Agreement. Written notice of the engagement of such Subcontractor and the related Sub-Servicing Agreement (other than such agreements set forth on Exhibit S hereto) (with respect to the Master Servicer or the Special Servicer) or sub-servicing agreement (with respect to any other Servicer) shall be delivered to the Depositor, the Certificate Administrator and each such Other Depositor at least five (5) Business Days prior to the effective date of such engagement. Such notice shall contain all information reasonably necessary, and in such form as may be necessary, to enable the Certificate Administrator, as well as any Other Exchange Act Reporting Party as to which the applicable Serviced Companion Loan is affected, to accurately and timely report the event under Item 6.02 of Form 8-K pursuant to Section 10.07 of this Agreement (if such reports under the Exchange Act are required to be filed under the Exchange Act). (d) For so long as the Trust or any Other Securitization Trust is subject to the reporting requirements of the Exchange Act, notwithstanding the foregoing and subject to Section 3.01(c) of this Agreement, if the Master Servicer or the Special Servicer engages a Sub-Servicer or if any other Servicer engages a sub-servicer, in each case, in connection with the performance of any of the duties of the Master Servicer, the Special Servicer or such other Servicer, as applicable, under this Agreement and the related Sub-Servicing Agreement (with respect to the Master Servicer or the Special Servicer) or sub-servicing agreement (with respect to any other Servicer) is either (i) assigned (other than, in the case of a Sub-Servicer engaged by the Master Servicer, an assignment to the Master Servicer) or (ii) amended or modified and the Master Servicer, the Special Servicer or such other Servicer, as applicable, determines that, as a result of such amendment or modification, the Sub-Servicer or sub-servicer, as applicable, would become a “servicer” within the meaning of Item 1101 of Regulation AB that (1) meets the criteria in Item 1108(a)(2)(i), (ii) or (iii) of Regulation AB or (2) meets the criteria in Item 1108(a)(2)(iii) of Regulation AB and services 20% or more of the pool assets, then the Master Servicer, the Special Servicer or such other Servicer, as applicable, shall provide written notice of such amendment, modification or assignment to the Depositor and the Certificate Administrator, as well as any Other Depositor as to which the applicable Companion Loan is affected at least five (5) Business Days prior to the effective date of such amendment, modification or assignment (or if such prior notice would be violative of applicable law or any applicable confidentiality agreement, no later than the time required under Section 10.07 of this Agreement). Such notice shall contain all information reasonably necessary, and in such form as may be necessary, to enable the Certificate Administrator, as well as any Other Exchange Act Reporting Party as to which the applicable Serviced Companion Loan is affected, to accurately and timely report the event under Item 6.02 of Form 8-K pursuant to Section 10.07 of this Agreement (if such reports under the Exchange Act are required to be filed under the Exchange Act). (e) For so long as the Trust or any Other Securitization Trust is subject to the reporting requirements of the Exchange Act, in connection with the succession to the Trustee or Certificate Administrator under this Agreement by any Person (i) into which the Trustee or Certificate Administrator may be merged or consolidated, or (ii) which may be appointed as a successor to the Trustee or Certificate Administrator, the Trustee or Certificate Administrator, as applicable, shall notify the Depositor and each Other Depositor, at least ten (10) Business Days prior to the effective date of such succession or appointment (or if such prior notice would be violative of applicable law or any applicable confidentiality agreement, no later than the time required under Section 10.07 of this Agreement) and shall furnish pursuant to Section 10.07 of this Agreement to the Depositor and each Other Depositor in writing and in form and substance reasonably satisfactory to the Depositor and each Other Depositor, all information reasonably necessary for the Certificate Administrator, the Trustee and each Other Exchange Act Reporting Party to accurately and timely report the event under Item 6.02 of Form 8-K pursuant to Section 10.07 of this Agreement or otherwise (if such reports under the Exchange Act are required to be filed under the Exchange Act).
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.