Common use of Health Insurance Portability and Accountability Act Clause in Contracts

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, or to a subcontractor as appropriate under this Agreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreement. 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2, Section V. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreementagreement. 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2II, Section V. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with the requirements of HIPAA including the following: The HIPAA Privacy Rule; 45 CFR Part 160, Subparts A – C; 45 CFR Part 164, Subparts A, C, D, E,; 42 CFR Part 2, Subparts A – E (SUD Specific); and Michigan Mental Health Code 330.1748: 1. A. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, or to a subcontractor as appropriate under this Agreement. 2. B. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. C. The Grantee must only use the protected health data and information for the purposes of this Agreement. 4. D. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. E. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. F. Failure to comply with any of these contractual requirements may result in the termination cancellation of this Agreement in accordance with Part 21, Section V.12.0. 7. G. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. H. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. A. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreement. 2. B. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. C. The Grantee must only use the protected health data and information for the purposes of this Agreement. 4. D. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees.. DRAFT 5. E. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. F. Failure to comply with any of these contractual requirements may result in the termination cancellation of this Agreement in accordance with Part 21, Section V.12.0. 7. G. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. H. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee HIPA_A_)_i_s a_p_p_li_c_a_b_le t_o_t_h_e__G_r_a_n_t_e_e_u_n_de_r _t_h_is A_g_r_e_e_m_e_n_t_,_t_h_e G_r_a_n_t_e_e assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreement. 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2, Section V. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee Subrecipient under this Agreement, the Grantee Subrecipient assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee Subrecipient must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreement. 2. The Grantee Subrecipient will ensure that any subcontractor will have the same obligations as the Grantee Subrecipient not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee Subrecipient must only use the protected health data and information for the purposes of this Agreement. 4. The Grantee Subrecipient must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the GranteeSubrecipient’s employees. 5. The Grantee Subrecipient must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee Subrecipient becomes aware. The Grantee Subrecipient will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee Subrecipient must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2II, Section V. 7. In accordance with HIPAA requirements, the Grantee Subrecipient is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee Subrecipient from the Department or any other source. 8. The Grantee Subrecipient will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA. 9. Subrecipient will ensure Social Security Numbers are not stored in the NetCil database system.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreementagreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreementagreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreementagreement. 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach breach, and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement agreement in accordance with Part 2II, Section V.V. Agreement Termination. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreement.. DRAFT 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2, Section V. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreementagreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreementagreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreementagreement. 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department to mitigate the breach breach, and will provide assurances to the Department of corrective actions to prevent further unauthorized uses or disclosures. The Department may demand specific corrective actions and assurances and the Grantee must provide the same to the Department. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement agreement in accordance with Part 2II, Section V. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the Department’s costs in responding to a breach, received by the Grantee from the Department or any other source. 8. The Grantee will enter into a business associate agreement should the Department determine such an agreement is required under HIPAA.

Health Insurance Portability and Accountability Act. To the extent that the Health Insurance Portability and Accountability Act (HIPAA) is applicable to the Grantee under this Agreement, the Grantee assures that it is in compliance with requirements of HIPAA including the following: 1. The Grantee must not share any protected health information provided by the Department MFF that is covered by HIPAA except as permitted or required by applicable law, ; or to a subcontractor as appropriate under this Agreement. 2. The Grantee will ensure that any subcontractor will have the same obligations as the Grantee not to share any protected health data and information from the Department MFF that falls under HIPAA requirements in the terms and conditions of the subcontract. 3. The Grantee must only use the protected health data and information for the purposes of this Agreement. 4. The Grantee must have written policies and procedures addressing the use of protected health data and information that falls under the HIPAA requirements. The policies and procedures must meet all applicable federal and state requirements including the HIPAA regulations. These policies and procedures must include restricting access to the protected health data and information by the Grantee’s employees. 5. The Grantee must have a policy and procedure to immediately report to the Department MFF any suspected or confirmed unauthorized use or disclosure of protected health information that falls under the HIPAA requirements of which the Grantee becomes aware. The Grantee will work with the Department MFF to mitigate the breach and will provide assurances to the Department MFF of corrective actions to prevent further unauthorized uses or disclosures. The Department MFF may demand specific corrective actions and assurances and the Grantee must provide the same to the DepartmentMFF. 6. Failure to comply with any of these contractual requirements may result in the termination of this Agreement in accordance with Part 2II, Section V.V, Agreement Termination. 7. In accordance with HIPAA requirements, the Grantee is liable for any claim, loss or damage relating to unauthorized use or disclosure of protected health data and information, including without limitation the DepartmentMFF’s costs in responding to a breach, received by the Grantee from the Department MFF or any other source. 8. The Grantee will enter into a business associate agreement should the Department MFF determine such an agreement is required under HIPAA. MFF is not bound by any content on Xxxxxxx’s website unless expressly incorporated directly into this Agreement. MFF is not bound by any end user license agreement or terms of use unless specifically incorporated in this Agreement or any other agreement signed by MFF. The Grantee may not refer to MDHHS or MFF, or use the agencies’ respective logos, on the Grantee’s website without the prior approval through MFF.