Common use of Facility Security Clause in Contracts

Facility Security. With respect to a facility owned or leased by or on behalf of any of the AHS Operating Companies where it creates, receives, maintains, or transmits PHI on behalf of Athena, where applicable, it shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and Athena's Confidential Information. Capitalized terms used in this Section, but not otherwise defined, shall have the same meaning as those terms in 45 CFR §§160 through 164. Such safeguards shall include, without limitation: i. establishment and enforcement of appropriate clearance procedures and supervision to assure that its workforce follows the requirements of this Agreement consistent with the requirements of HIPAA; DB1/ 90445288.1 16 ii. immediate and effective termination of access to PHI and Athena's Systems by any of its staff upon that person's termination or reassignment; iii. training of its staff to assure that they comply with its obligations consistent with the requirements of HIPAA; iv. implementation of appropriate disposal and reuse procedures with respect to documents and equipment to protect PHI consistent with the requirements of HIPAA; v. implementation of appropriate authentication and access controls to safeguard PHI consistent with the requirements of HIPAA; vi. use of appropriate encryption when it transmits PHI electronically; vii. storage of PHI only for such periods as are necessary to perform work under this Agreement and to conduct reasonable troubleshooting and quality-control checking in connection with performance of such work; viii. maintenance of a formal program to comply with privacy and security requirements, including written policies; ix. maintenance of a full-time privacy officer at each of the AHS Operating Companies' facilities; x. prevention of the performance of any of the Services other than on the AHS Operating Companies' premises; xi. ensuring that the AHS Operating Companies' facilities are guarded on a 24-hour-per-day basis and access to them is controlled by key cards and posted guards or similar protection; xii. restriction of entry into work processing areas by proximity cards or similar protection; xiii. restriction of employee access to the Internet, e-mail, and removable media (including, without limitation, smart cards, USB devices, floppy disks, CDs, DVDs, removable hard drives, and tapes) to deter removal of PHI from the AHS Operating Companies' premises; and xiv. active maintenance of an appropriate business continuity and disaster recovery plan to restore operations and services within the timeframes specified by Athena.

Facility Security. With respect to a facility owned or leased by or on behalf of any of the AHS Operating Companies where it creates, receives, maintains, or transmits PHI on behalf of Athena, where applicable, it shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and Athena's Confidential Information. Capitalized terms used in this Section, but not otherwise defined, shall have the same meaning as those terms in 45 CFR §§160 through 164. Such safeguards shall include, without limitation: i. establishment and enforcement of appropriate clearance procedures and supervision to assure that its workforce follows the requirements of this Agreement consistent with the requirements of HIPAA; DB1/ 90445288.1 16; ii. immediate and effective termination of access to PHI and Athena's Systems by any of its staff upon that person's termination or reassignment; iii. training of its staff to assure that they comply with its obligations consistent with the requirements of HIPAA; iv. implementation of appropriate disposal and reuse procedures with respect to documents and equipment to protect PHI consistent with the requirements of HIPAA; v. implementation of appropriate authentication and access controls to safeguard PHI consistent with the requirements of HIPAA; vi. use of appropriate encryption when it transmits PHI electronically; vii. storage of PHI only for such periods as are necessary to perform work under this Agreement and to conduct reasonable troubleshooting and quality-control checking in connection with performance of such work; viii. maintenance of a formal program to comply with privacy and security requirements, including written policies; ix. maintenance of a full-time privacy officer at each of the AHS Operating Companies' facilities; x. prevention of the performance of any of the Services other than on the AHS Operating Companies' premises; xi. ensuring that the AHS Operating Companies' facilities are guarded on a 24-hour-per-day basis and access to them is controlled by key cards and posted guards or similar protection; xii. restriction of entry into work processing areas by proximity cards or similar protection; xiii. restriction of employee access to the Internet, e-mail, and removable media (including, without limitation, smart cards, USB devices, floppy disks, CDs, DVDs, removable hard drives, and tapes) to deter removal of PHI from the AHS Operating Companies' premises; and xiv. active maintenance of an appropriate business continuity and disaster recovery plan to restore operations and services within the timeframes specified by Athena.

Facility Security. With respect to a each facility owned or leased by or on behalf of any of the an AHS Operating Companies Company where it creates, receives, maintains, or transmits PHI on behalf of Athena, where applicable, it such AHS Operating Company shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and Athena's ’s Confidential Information. Capitalized terms used in this Section, but not otherwise defined, shall have the same meaning as those terms in 45 CFR §§160 through 164164 of HIPAA. Such safeguards shall include, without limitation: : i. establishment and enforcement of appropriate clearance procedures and supervision to assure that its workforce follows the requirements of this Agreement consistent with the requirements of HIPAA; DB1/ 90445288.1 16 ii. immediate and effective termination of access to PHI and Athena's Athena Systems by any of its staff upon that person's ’s termination or reassignment; ; iii. training of its staff to assure that they comply with its obligations consistent with the requirements of HIPAA; ; iv. implementation of appropriate disposal and reuse procedures with respect to documents and equipment to protect PHI consistent with the requirements of HIPAA; ; v. implementation of appropriate authentication and access controls to safeguard PHI consistent with the requirements of HIPAA; ; vi. use of appropriate encryption when it transmits PHI electronically; ; vii. storage of PHI only for such periods as are necessary to perform work under this Agreement and to conduct reasonable troubleshooting and quality-control checking in connection with performance of such work; ; viii. maintenance of a formal program to comply with privacy and security requirements, including written policies; ; 17 ix. maintenance of a full-time privacy officer at each of the AHS Operating Companies' facilities; for such facility; x. prevention of the performance of any of the Services other than on the AHS Operating Companies' ’ premises; ; xi. ensuring that the AHS Operating Companies' facilities are such facility is guarded on a twenty-four (24-) hour-per-day basis and access to them such facility is controlled by key cards and posted guards or similar protection; ; xii. restriction of entry into work processing areas by proximity cards or similar protection; ; xiii. restriction of employee access to the Internet, e-mail, and removable media (including, without limitation, smart cards, USB devices, floppy disks, CDs, DVDs, removable hard drives, and tapes) to deter removal of PHI from the AHS Operating Companies' ’ premises; and and xiv. active maintenance of an appropriate the then-current business continuity and disaster recovery plan mutually agreed upon by AHS USA and Athena and documented in writing to restore operations and services within the timeframes specified by Athenain such business continuity and disaster recovery plan.

Facility Security. With respect to a each facility owned or leased by or on behalf of any of the an AHS Operating Companies Company where it creates, receives, maintains, or transmits PHI on behalf of Athena, where applicable, it such AHS Operating Company shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and Athena's ’s Confidential Information. Capitalized terms used in this Section, but not otherwise defined, shall have the same meaning as those terms in 45 CFR §§160 through 164164 of HIPAA. Such safeguards shall include, without limitation: i. establishment and enforcement of appropriate clearance procedures and supervision to assure that its workforce follows the requirements of this Agreement consistent with the requirements of HIPAA; DB1/ 90445288.1 16; ii. immediate and effective termination of access to PHI and Athena's Athena Systems by any of its staff upon that person's ’s termination or reassignment; iii. training of its staff to assure that they comply with its obligations consistent with the requirements of HIPAA; iv. implementation of appropriate disposal and reuse procedures with respect to documents and equipment to protect PHI consistent with the requirements of HIPAA; v. implementation of appropriate authentication and access controls to safeguard PHI consistent with the requirements of HIPAA; vi. use of appropriate encryption when it transmits PHI electronically; vii. storage of PHI only for such periods as are necessary to perform work under this Agreement and to conduct reasonable troubleshooting and quality-control checking in connection with performance of such work; viii. maintenance of a formal program to comply with privacy and security requirements, including written policies; ix. maintenance of a full-time privacy officer at each of the AHS Operating Companies' facilitiesfor such facility; x. prevention of the performance of any of the Services other than on the AHS Operating Companies' ’ premises; xi. ensuring that the AHS Operating Companies' facilities are such facility is guarded on a twenty-four (24-) hour-per-day basis and access to them such facility is controlled by key cards and posted guards or similar protection; xii. restriction of entry into work processing areas by proximity cards or similar protection; xiii. restriction of employee access to the Internet, e-mail, and removable media (including, without limitation, smart cards, USB devices, floppy disks, CDs, DVDs, removable hard drives, and tapes) to deter removal of PHI from the AHS Operating Companies' ’ premises; and xiv. active maintenance of an appropriate the then-current business continuity and disaster recovery plan mutually agreed upon by AHS USA and Athena and documented in writing to restore operations and services within the timeframes specified by Athenain such business continuity and disaster recovery plan.