Common use of Enterprise Security Clause in Contracts

Enterprise Security. All Parties shall be responsible for maintaining a secure environment that supports the operation and continued development of the P3N. All Parties shall use appropriate safeguards to prevent inappropriate Use or Disclosure of PHI, including appropriate administrative, physical, and technical safeguards that protect the confidentiality, integrity, and availability of that PHI. Appropriate safeguards shall be those identified in the HIPAA Security Rule, 45 C.F.R. Part 160 and Part 164, Subparts A and C. The CP shall, as appropriate under either the HIPAA Regulations, or under Applicable Law, have written privacy and security policies in place prior to the time that the CP first exchanges PHI through the P3N, other than for testing purposes. The CP shall also be required to comply with the P3N Policies and P3N Technical Requirements established by PA eHealth and the HIE Trust Community Committee that further define expectations for the CPs with respect to enterprise security.