Common use of HIPAA Security Standards Clause in Contracts

HIPAA Security Standards. Any PHI that is transmitted via Electronic Media or maintained in Electronic Media (“Electronic Protected Health Information” or “e-PHI”) by Subcontractor will be protected under standards and specifications no less stringent than those described in 45 C.F.R. Parts 160 and 164 as are applicable to business associates and their subcontractors. In accordance with these standards, Subcontractor will: a. Implement administrative, physical, and technical safeguards that protect the confidentiality, integrity, and availability of e-PHI that it creates, receives, maintains, or transmits on behalf of Business Associate. b. Ensure that any agent (including another contractor) to whom it provides such e-PHI agrees to implement reasonable and appropriate safeguards to protect it. c. Report to Business Associate any Security Incident of which it becomes aware, and take appropriate action to prevent the recurrence of such incident, including but not limited to, training members of its workforce, imposing sanctions, and/or adopting policies and procedures. d. Authorize termination of the Agreement by Business Associate if it determines that Subcontractor violated a material term of this Addendum. e. Make its policies and procedures related to the implementation of security safeguards available to the Secretary of DHHS for purposes of determining Business Associate’s compliance with HIPAA.

HIPAA Security Standards. Any PHI that is transmitted via Electronic Media or maintained in Electronic Media (“Electronic Protected Health Information” or “e-PHI”) by Subcontractor will be protected under standards and specifications no less stringent than those described in 45 C.F.R. Parts 160 and 164 as are applicable to business associates and their subcontractors. In accordance with these standards, Subcontractor will: a. Implement administrative, physical, and technical safeguards that protect the confidentiality, integrity, and availability of e-PHI that it creates, receives, maintains, or transmits on behalf of Business Associate. b. Ensure that any agent (including another contractor) to whom it provides such e-e- PHI agrees to implement reasonable and appropriate safeguards to protect it. c. Report to Business Associate any Security Incident of which it becomes aware, and take appropriate action to prevent the recurrence of such incident, including but not limited to, training members of its workforce, imposing sanctions, and/or adopting policies and procedures. d. Authorize termination of the Agreement by Business Associate if it determines that Subcontractor violated a material term of this Addendum. e. Make its policies and procedures related to the implementation of security safeguards available to the Secretary of DHHS for purposes of determining Business Associate’s compliance with HIPAA.