HIPAA. To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to Supplier or Supplier accesses, maintains, uses, or discloses PHI in connection with the performance of Services or functions under this Agreement, Supplier will: (a) not use or further disclose PHI other than as permitted or required by this Agreement or as required by law; (b) use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Security Rule with regard to electronic PHI; (c) report to DXC any use or disclosure of PHI not provided for under this Agreement of which Supplier becomes aware, including breaches of unsecured protected health information as required by 45 CFR §164.410, (d) in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to the same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524;
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directl...
HIPAA. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 as in effect and/or as amended.
HIPAA. Customer agrees that: (i) Oracle is not acting on Customer’s behalf as a Business Associate or subcontractor; (ii) the Cloud Service may not be used to store, maintain, process or transmit protected health information (“PHI”) and (iii) the Cloud Service will not be used in any manner that would require Oracle or the Cloud Service to be compliant with the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented (“HIPAA”). In the preceding sentence, the terms “Business Associate,” “subcontractor,” “protected health information” or “PHI” shall have the meanings described in HIPAA.
HIPAA. The Contractor and its Consultants shall comply with the Authorized User's policies regarding compliance with the Health Insurance and Portability Act of 1996 (HIPAA).
HIPAA. The parties understand and agree that this Agreement may be subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the administrative regulations and/or guidance which have issued or may in the future be issued pursuant to HIPAA, including, but not limited to, the Department of Health and Human Services regulations on privacy and security, and Texas state laws pertaining to medical privacy (collectively, "Privacy Laws"). Vendor agrees to comply with all Privacy Laws that are applicable to this Agreement and to negotiate in good faith to execute any amendment to this Agreement that is required for the terms of this Agreement to comply with applicable Privacy Laws. In the event the parties are unable to agree on the terms of an amendment pursuant to this paragraph
HIPAA. “HIPAA” shall mean the Health Insurance Portability and Accountability Act of 1996, as amended, and the implementation regulations thereunder, including without limitation the HIPAA Rules (as defined below) and the HITECH Standards (as defined below), and all future regulations promulgated thereunder.
HIPAA. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) and its implementing regulations at 45 C.F.R. Parts 160 through 164, as may be amended from time to time.
HIPAA. 11.1 If at any time NYC Health + Hospitals determines that a business associate agreement compliant with the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) (“HIPAA”) is required to be executed to comply with HIPAA, Vendor shall comply with such requirement. Failure to comply with this section shall constitute a material breach of this Agreement and NYC Health + Hospitals shall have the right to immediately terminate this Agreement without liability for any damages resulting therefrom.
11.2 NYC Health + Hospitals is a Hybrid Entity and Organized Health Care Arrangement as defined under the HIPAA Privacy Rule. NYC Health + Hospitals’ Correctional Health Services division does not engage in electronic transactions as defined in 45 CFR and was removed from HIPAA applicability at NYC Health + Hospitals’ option pursuant to CFR 164.105(a)(2)(iii)(D). Any agreement exclusively for its Correctional Health Services division shall not require a business associate agreement.
HIPAA. The Contractor and its Staff shall, at all times in the performance of the Services, ensure that it maintains compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) of 1966 and Balanced Budget Act of 1997, as amended, governing the protection of patient information.
