HHS-OCIO Information Systems Security and Privacy Policy (xxxx Sample Clauses

Related to HHS-OCIO Information Systems Security and Privacy Policy (xxxx

Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:
Data Security and Privacy 12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC.
Network Security and Privacy Liability Insurance During the term of this Contract, Supplier will maintain coverage for network security and privacy liability. The coverage may be endorsed on another form of liability coverage or written on a standalone policy. The insurance must cover claims which may arise from failure of Supplier’s security resulting in, but not limited to, computer attacks, unauthorized access, disclosure of not public data – including but not limited to, confidential or private information, transmission of a computer virus, or denial of service. Minimum limits: $2,000,000 per occurrence $2,000,000 annual aggregate Failure of Supplier to maintain the required insurance will constitute a material breach entitling Sourcewell to immediately terminate this Contract for default.
CONFIDENTIALITY AND PRIVACY POLICIES AND LAWS The Contractor shall comply to the extent applicable with all State and Authorized User policies regarding compliance with various confidentiality and privacy laws, rules and regulations, including but not limited to the IRS Publication 1075, Family Educational Rights and Privacy Act (FERPA), the Health Insurance and Portability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Contractor shall cooperate in executing a written confidentiality agreement under FERPA and/or a Business Associate Agreement (HIPAA/HITECH) or other contractual provisions upon request by the State or any Authorized User.
Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.
Privacy Policy The Provider must publicly disclose material information about its collection, use, and disclosure of Student Data, including, but not limited to, publishing a terms of service agreement, privacy policy, or similar document.
Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.
Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.
Confidentiality and Safeguarding of University Records; Press Releases; Public Information Under this Agreement, Contractor may (1) create, (2) receive from or on behalf of University, or (3) have access to, records or record systems (collectively, University Records). Among other things, University Records may contain social security numbers, credit card numbers, or data protected or made confidential or sensitive by Applicable Laws. [Option (Include if University Records are subject to FERPA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Family Educational Rights and Privacy Act, 20 United States Code (USC) §1232g (FERPA) are addressed in Section 12.41.] [Option (Include if University is a HIPAA Covered Entity and University Records are subject to HIPAA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Health Insurance Portability and Accountability Act and 45 Code of Federal Regulations (CFR) Part 160 and subparts A and E of Part 164 (collectively, HIPAA) are addressed in Section 12.26.] Contractor represents, warrants, and agrees that it will: (1) hold University Records in strict confidence and will not use or disclose University Records except as (a) permitted or required by this Agreement, (b) required by Applicable Laws, or (c) otherwise authorized by University in writing; (2) safeguard University Records according to reasonable administrative, physical and technical standards (such as standards established by the National Institute of Standards and Technology and the Center for Internet Security [Option (Include if Section 12.39 related to Payment Card Industry Data Security Standards is not include in this Agreement.):, as well as the Payment Card Industry Data Security Standards]) that are no less rigorous than the standards by which Contractor protects its own confidential information; (3) continually monitor its operations and take any action necessary to assure that University Records are safeguarded and the confidentiality of University Records is maintained in accordance with all Applicable Laws and the terms of this Agreement; and (4) comply with University Rules regarding access to and use of University’s computer systems, including UTS165 at xxxx://xxx.xxxxxxxx.xxx/board-of-regents/policy-library/policies/uts165-information-resources-use-and-security-policy. At the request of University, Contractor agrees to provide University with a written summary of the procedures Contractor uses to safeguard and maintain the confidentiality of University Records.
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.