HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations: (1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State: (a) Administrative safeguards under 45 CFR § 164.308 (b) Physical safeguards under 45 CFR § 164.310 (c) Technical safeguards under 45 CFR § 164.312 (d) Policies and procedures and documentation requirements under 45 CFR § 164.316; (2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster; (3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law; (4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware; (5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware; (6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it; (7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request; (8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for; (9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment; (10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor; (11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and (12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 6 contracts
Samples: Professional Services, Professional Services, Professional Services
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules,
(i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and
(j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, extend the protections in this Contract shall continue of the Agreement to be extended the information and limit further uses and disclosures to any Health Records and/or PHI maintained by those purposes that make the Contractor for as long as it is maintainedreturn or destruction of the information infeasible.
Appears in 4 contracts
Samples: Terms and Conditions, Terms and Conditions, Terms and Conditions
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect it;
in a Designated Record Set (7if any is maintained by Supplier) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making 45 CFR section 164.524; (f) make available the information PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject to amendment;
(10) Make Health Records and/or PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to individuals entitled to access and requesting access in the Secretary of the HHS for the purpose of determining DXC’s compliance with 45 CFR § 164.524 the HIPAA Privacy and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.Security Rules,
Appears in 3 contracts
Samples: Terms and Conditions, Terms and Conditions, Terms and Conditions
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 3 contracts
Samples: Professional Services, Professional Services, Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) : Administrative safeguards under 45 CFR § 164.308
(b) 164.308 Physical safeguards under 45 CFR § 164.310
(c) 164.310 Technical safeguards under 45 CFR § 164.312
(d) 164.312 Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) ; Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) ; Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) ; Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) ; Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) ; Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) ; Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) ; In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) ; Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) ; Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) ; At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 3 contracts
Samples: Professional Services, Professional Services Contract, Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) : Administrative safeguards under 45 CFR § 164.308
(b) 164.308 Physical safeguards under 45 CFR § 164.310
(c) 164.310 Technical safeguards under 45 CFR § 164.312
(d) 164.312 Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) ; Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) ; Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) ; Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) ; Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) ; Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) ; Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) ; In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) ; Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) ; Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) ; At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 3 contracts
Samples: Professional Services, Professional Services, Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 33(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 2 contracts
Samples: Professional Services, Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”)2009, in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”)Act, Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI)Information, as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the DCS person identified in Section 33 [Notice to Parties] of this Contract any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors subcontractors, or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 2 contracts
Samples: Child Advocacy Center Contract, Child Advocacy Center Contract
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 2 contracts
Samples: Professional Services, Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office DCS any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DCS any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors subcontractor or agents agent to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office DCS upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office DCS with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or and PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 2 contracts
Samples: Professional Services, Professional Services
HIPAA. The Contractor agrees In maintaining, using and affording access to comply the Practice’s Health Information (as defined in Section 11(c)(iii)) in accordance with all applicable this Agreement, MEDICAL INFORMATIX INC. (DBA MIFOINC.) will, in accordance with the requirements of the The Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the such requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required are informed by the provisions guidance given by the United Stated Department of HIPAA Health and regulations promulgated Human Services (or any office, department or agency operating thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to “HHS”): Not use or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than disclose such information except as permitted or required by this Contract Agreement or as required by applicable law;
law (4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating as such term is defined in 45 CFR §164.103); Use appropriate safeguards consistent with the requirements of the Security Rule with respect to the work performed for Practice’s Health Information to prevent the use or disclosure of such information in a manner inconsistent with the provisions of this Contract of which the Contractor becomes aware;
(5) Mitigating, Agreement; Report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office Practice any use or disclosure by of the Contractor, its agent, employees, subcontractors or third parties, of Practice’s Health Records and/or PHI obtained under this Contract in a manner Information not provided for by this Contract or by applicable law Agreement of which the Contractor MEDICAL INFORMATIX INC. (DBA MIFOINC.) becomes aware;
, including breaches of the Practice’s Health Information that meets the definition of “unsecured protected health information” under HIPAA, in each case as required by §164.410 of HIPAA, and any security incident (6as defined by HIPAA) Ensuring involving the Practice’s Health Information of which we become aware; In accordance with §§164.502(e)(1)(ii) and 164.308(b)(2) of HIPAA, as applicable, ensure that any subcontractors that create, receive, maintain or agents transmit the Practice’s Health Information on MEDICAL INFORMATIX INC. (DBA MIFOINC.)’s behalf agrees to whom the Contractor provides same restrictions, conditions, and requirements that apply to MEDICAL INFORMATIX INC. (DBA MIFOINC.) with respect to such information (as such requirement is interpreted or applicable in connection with or under HIPAA); and MEDICAL INFORMATIX INC. (DBA MIFOINC.) obtains satisfactory assurances (as such term is interpreted or applicable in connection with or under HIPAA) that such subcontractors will appropriately safeguard such information (it being understood, for the avoidance of doubt, that other users of the Services are not our subcontractors); Make available to the Practice, the Practice’s Health Records and/or PHI Information in furtherance of the Practice’s obligations under §164.524 of the Privacy Rule; Make available to the Practice, the Practice’s Health Information in furtherance of the Practice’s obligations to amend and incorporate any amendments to such information in accordance with §164.526 of the Privacy Rule; Maintain and make available the Practice’s Health Information to provide an accounting of disclosures in accordance with §164.528 of the Privacy Rule; Make our internal practices, books, and records relating to the use and disclosure of Protected Health Information received from or created or received by MEDICAL INFORMATIX INC. (DBA MIFOINC.) on the Practice’s behalf, available to the Secretary of HHS for purposes of determining the Practice’s compliance with the Privacy Rule; and At termination of this Agreement and provided that all fees payable by the Practice to MEDICAL INFORMATIX INC. (DBA MIFOINC.) have been fully paid, MEDICAL INFORMATIX INC. (DBA MIFOINC.) will provide the Practice with a copy of the Practice’s Health Information in an electronic form that is accessible through commercially available hardware and software. The Practice may have to purchase such hardware and software from third parties in order to access the Practice’s data, and the Practice may have to configure its systems in order to use the Practice’s data in its practice. Upon termination and provided that all fees payable by the Practice to MEDICAL INFORMATIX INC. (DBA MIFOINC.) have been fully paid, MEDICAL INFORMATIX INC. (DBA MIFOINC.) will, if feasible, return or destroy all Protected Health Information received from, or created or received by MEDICAL INFORMATIX INC. (DBA MIFOINC.) on the Contractor, subcontractors or agents on Practice’s behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
that MEDICAL INFORMATIX INC. (7DBA MIFOINC.) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of still maintains in any such request from the Secretary of DHHS or designeeform, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawinformation; or, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasiblefeasible (whether for technical, legal, regulatory or operational reasons), extend the protections in of this Contract shall continue Agreement to be extended the information and limit further uses and disclosures to any Health Records and/or PHI maintained by those purposes that make the Contractor for as long as it is maintainedreturn or destruction of the information infeasible.
Appears in 1 contract
Samples: Subscription Agreement
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) a. Administrative safeguards under 45 CFR § 164.308
(b) 164.308 b. Physical safeguards under 45 CFR § 164.310
(c) 164.310 c. Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502 (e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528,
(h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules, (i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, extend the protections in this Contract shall continue of the Agreement to be extended the information and limit further uses and disclosures to any Health Records and/or PHI maintained by those purposes that make the Contractor for as long as it is maintainedreturn or destruction of the information infeasible.
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures covenants that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the DCS person identified in Section 33 – Notices any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or and/ or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) a. Administrative safeguards under 45 CFR § 164.308
(b) b. Physical safeguards under 45 CFR § 164.310
(c) 164.310 c. Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor Provider agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contractthe Provider’s performance of DCS Services, to maintain compliance during the term performance of this Contract DCS Services and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract its provision of DCS Services in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s DCS’ HIPAA compliance. Terms used, but not otherwise defined, in this Contract paragraph 3 of this Confidentiality Agreement shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor Provider assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor Provider in the course performance of its work under this ContractDCS Services. The Contractor Provider agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State via its provision of DCS Services including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor Provider receives, maintains, or transmits on behalf of the StateDCS:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contractin the performance of DCS Services, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State DCS to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract in the performance of DCS Services or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract via the Provider’s provision of DCS Services of which the Contractor Provider becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor Provider and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the ContractorProvider, its agentagents, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract via its performance of DCS Services in a manner not provided for by this Contract DCS or by applicable law of which the Contractor Provider becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor Provider provides Health Records and/or PHI received from, or created or received by the ContractorProvider, subcontractors or agents on behalf of the State DCS agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the ContractorProvider's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor Provider on behalf of the State DCS available to the State DCS at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s DCS’ compliance with applicable law. The Contractor Provider shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor Provider of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the StateDCS, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor Provider include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor Provider maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the ContractorProvider;
(11) At the discretion of the StateDCS, authorizing termination of the Contract Provider’s performance of DCS Services if the Contractor Provider has violated a material provision of this Sectionparagraph (3) of this Confidentiality Agreement; and
(12) At the termination of the ContractProvider’s performance of DCS Services, the Contractor Provider shall return or destroy all Health Records and/or PHI received or created under the Contractpursuant to its provision of DCS Services. If the State DCS determines return or destruction is not feasible, the protections in this Contract Confidentiality Agreement shall continue to be extended to any Health Records and/or PHI maintained by the Contractor Provider for as long as it is maintained.
Appears in 1 contract
Samples: Confidentiality Agreement
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office DCS any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DCS any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office DCS upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office DCS with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures covenants that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it it
(1) performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(1012) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) ; At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) and At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Child Placing Agency Contract
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect it;
in a Designated Record Set (7if any is maintained by Supplier) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making 45 CFR section 164.524; (f) make available the information PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject to amendment;
(10) Make Health Records and/or PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to individuals entitled to access and requesting access in the Secretary of the HHS for the purpose of determining DXC’s compliance with 45 CFR § 164.524 the HIPAA Privacy and Security Rules, (i) in the duties event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Contractor;
Privacy Rule that apply to the performance of such obligations, and (11j) At the discretion of the State, authorizing at termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the ContractAgreement, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.received
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules, (i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, extend the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.protections
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI
in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules, (i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, extend the protections in this Contract shall continue of the Agreement to be extended the information and limit further uses and disclosures to any Health Records and/or PHI maintained by those purposes that make the Contractor for as long as it is maintainedreturn or destruction of the information infeasible.
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees (a) Each Loan Party and each of its Subsidiaries has implemented appropriate measures required for it to comply in all material respects with all applicable requirements its obligations as a “Business Associate” and as an “agent” or “subcontractor” of a Business Associate, as those terms are used in the Health Insurance Portability and Accountability Act of 19961996 (as amended, Title II, Administrative Simplification (“HIPAA”) and/or the privacy regulations promulgated thereunder (45 C.F.R. 160 and 164). As of the date of this Agreement, neither the Loan Parties nor any of their Subsidiaries is a Covered Entity as defined by HIPAA and/or the regulations, including, without limitation, the privacy standards and security standards, promulgated thereunder (collectively, the “HIPAA Laws and Regulations”). With respect to any HIPAA-related contractual privacy and security commitments for “Protected Health Information” (as that term is defined in the HIPAA Laws and Regulations), including amendments signed into law under for which compliance by any Loan Party or any of its Subsidiaries is required (collectively, the American Recovery and Reinvestment Act of 2009 (“ARRAHIPAA Commitments”),
(i) the Loan Parties and their Subsidiaries are in material compliance with the HIPAA Commitments;
(ii) the transactions contemplated by this Agreement will not violate any of the HIPAA Commitments;
(iii) the Loan Parties and their Subsidiaries have not received written inquiries from the U.S. Department of Health and Human Services or any other Governmental Authority regarding their compliance with the HIPAA Commitments;
(iv) the HIPAA Commitments have not been rejected by any applicable certification organization which has reviewed such HIPAA Commitments or to which any such HIPAA Commitment has been submitted; and
(v) the HIPAA Commitments do not violate HIPAA laws and regulations in any material respect.
(b) Each Loan Party and each of its Subsidiaries has either entered into valid and written business associate agreements or similar privacy agreements, to the extent required in particularthe HIPAA Commitments, applicable provisions with appropriate parties having access to “Protected Health Information” including, without limitation, all individuals involved in creating, editing or handling medical transcriptions at the request of, for or on behalf of, any Loan Party or any of Title XIII known as its Subsidiaries.
(c) Neither any Loan Party nor any of its Subsidiaries is aware of any material violation of HIPAA Laws and Regulations or of any of the HIPAA Commitments either by it or any of its subcontractors or agents.
(d) The Loan Parties and their Subsidiaries are taking appropriate steps to comply with and, where applicable, will be and remain in material compliance with, the Health Information Technology for Economic and Clinical Health Act (the “HITECHHITECH Act”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Credit Agreement (Medquist Inc)
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services Contract
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services Contract
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(ca) Technical safeguards under 45 CFR § 164.312
(db) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect it;
in a Designated Record Set (7if any is maintained by Supplier) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making 45 CFR section 164.524; (f) make available the information PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject to amendment;
(10) Make Health Records and/or PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to individuals entitled to access and requesting access in the Secretary of the HHS for the purpose of determining DXC’s compliance with 45 CFR § 164.524 the HIPAA Privacy and Security Rules, (i) in the duties event Supplier is to carry out any obligations by or on behalf of the Contractor;
(11) At the discretion DXC that DXC performs on behalf of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.a
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office DCS any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DCS any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, parties of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors subcontractor or agents agent to whom the Contractor provides Health Records and/or PHI received from, or created created, or received by the Contractor, subcontractors subcontractors, or agents on behalf of the State agree to the same restrictions, conditions conditions, and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, from or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office DCS upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office DCS with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or and PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”)2009, in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”)Act, Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI)Information, as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the DCS person identified in Section 34 [Notice to Parties] of this Contract any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors subcontractors, or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules, (i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, extend the protections in this Contract shall continue of the Agreement to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.information and limit further
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect it;
in a Designated Record Set (7if any is maintained by Supplier) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making 45 CFR section 164.524; (f) make available the information PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject to amendment;
(10) Make Health Records and/or PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to individuals entitled to access and requesting access in the Secretary of the HHS for the purpose of determining DXC’s compliance with 45 CFR § 164.524 the HIPAA Privacy and the duties of the Contractor;
Security Rules, (11i) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.the
Appears in 1 contract
Samples: Order
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502 (e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect it;
in a Designated Record Set (7if any is maintained by Supplier) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making 45 CFR section 164.524; (f) make available the information PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject to amendment;
(10) Make Health Records and/or PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to individuals entitled to access and requesting access in the Secretary of the HHS for the purpose of determining DXC’s compliance with 45 CFR § 164.524 the HIPAA Privacy and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.Security Rules,
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor Grantee agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this ContractGrant Agreement, to maintain compliance during the term of this Contract Grant Agreement and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract Grant Agreement in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract Grant Agreement shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor Grantee assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor Grantee in the course of its work under this ContractGrant Agreement. The Contractor Grantee agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor Grantee receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this ContractGrant Agreement, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract Grant Agreement or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract Grant Agreement of which the Contractor Grantee becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor Grantee and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the ContractorGrantee, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract Grant Agreement in a manner not provided for by this Contract Grant Agreement or by applicable law of which the Contractor Grantee becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor Grantee provides Health Records and/or PHI received from, or created or received by the ContractorGrantee, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's Grantee’s internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor Grantee on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor Grantee shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor Grantee of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor Grantee include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor Grantee maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the ContractorGrantee;
(11) At the discretion of the State, authorizing termination of the Contract Grant Agreement if the Contractor Grantee has violated a material provision of this Section; and
(12) At the termination of the ContractGrant Agreement, the Contractor Grantee shall return or destroy all Health Records and/or PHI received or created under the ContractGrant Agreement. If the State determines return or destruction is not feasible, the protections in this Contract Grant Agreement shall continue to be extended to any Health Records and/or PHI maintained by the Contractor Grantee for as long as it is maintained.
Appears in 1 contract
Samples: Grant Agreement
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules, (i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures DXC that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.Supplier still maintains
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules, (i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.is
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees to parties shall comply with all applicable requirements of HIPAA, as from time to time amended, and with all applicable laws of any applicable U.S. state relating to the Health Insurance Portability privacy, security, and Accountability Act administration of 1996, Title II, Administrative Simplification (patient health information. The parties acknowledge and agree that MoonlightOrtho is a “business associate” of Physician within the meaning of HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill . In accordance with the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms usedHIPAA, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures MoonlightOrtho agrees that it will appropriately safeguard all forms of Health Records and/or will:
a. Not use or disclose Protected Health Information (PHI), as such term is defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b§164.103) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than except as permitted or required by this Contract Agreement or as required by applicable law;
(4) Immediately reporting b. Use appropriate safeguards consistent with the requirements of the Security Rule with respect to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating Protected Health Information to prevent the work performed for use or disclosure of such information in a manner inconsistent with the provisions of this Contract of which the Contractor becomes awareAgreement;
(5) Mitigating, c. Report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office Physician any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Protected Health Records and/or PHI obtained under this Contract in a manner Information not provided for by this Contract or by applicable law Agreement of which the Contractor becomes MoonlightOrtho become aware;
(6d. In accordance with §§164.502(e)(1)(ii) Ensuring and 164.308(b)(2) of HIPAA, as applicable, ensure that any subcontractors that create, receive, maintain or agents to whom the Contractor provides transmit Protected Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents Information on behalf of the State MoonlightOrtho agree to the same restrictions, conditions conditions, and obligations applicable requirements that apply to MoonlightOrtho with respect to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect itinformation (as such requirement is interpreted or applicable in connection with or under HIPAA);
(7) Making e. Make available to Physician Protected Health Information in furtherance of Physician’s obligations under the Contractor's Privacy Rule;
f. Make all internal practices, books and records related relating to the use or and disclosure of Protected Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State Information available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) to the extent required for purposes of determining the State’s compliance with applicable law. The Contractor the Federal Privacy Regulations;
g. Without unreasonable delay and in no case later than ten (10) days after discovering a breach involving Confidential Information, MoonlightOrtho shall immediately notify DCS’ HIPAA Compliance Office upon receipt by report such breach to Physician in writing, setting forth the Contractor date of any discovery thereof, the identities of the affected individuals (or, if such request from identities are unknown at that time, the Secretary classes of DHHS or designeesuch individuals), a general description of the nature of the incident, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the other information as is required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;HIPAA or reasonably requested by Covered Entity; and
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance h. Comply with accounting obligations under 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained164.528(a)(1).
Appears in 1 contract
Samples: Physician Services Agreement
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect itin a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524;
(7f) Making the Contractor's internal practices, books make available PHI for amendment and records related incorporate any amendments to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject received from DXC, or created or received by Supplier on DXC’s behalf, available to amendment;the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules,
(10i) Make Health Records and/or PHI available in the event Supplier is to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties carry out any obligations by or on behalf of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.DXC that DXC
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”)2009, in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”)Act, Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or or PHI received from, or created or received by the Contractor, subcontractors subcontractors, or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Child Advocacy Center Contract
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents of Supplier that create, receive, maintain, or transmit PHI created, received, maintained or transmitted by Supplier on DXC’s behalf, agree to whom the Contractor provides Health Records and/or same restrictions and conditions that apply to Supplier with respect of such PHI; (e) make available PHI in a Designated Record Set (if any is maintained by Supplier) in accordance with 45 CFR section 164.524; (f) make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures in accordance with 45 CFR section 164.528, (h) make Supplier’s internal practices, applicable documentation and records to the extent that such relate to the use and disclosure of PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to the Secretary of the HHS for the purpose of determining DXC’s compliance with the HIPAA Privacy and Security Rules,
(i) in the event Supplier is to carry out any obligations by or on behalf of DXC that DXC performs on behalf of a covered entity arising under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to the performance of such obligations, and (j) at termination of this Agreement, return or destroy all PHI received from, or created or received by the Contractor, subcontractors or agents Supplier on behalf of the State agree to the same restrictions, conditions DXC that Supplier still maintains in any form and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with retain no copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable lawor, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines such return or destruction is not feasible, extend the protections in this Contract shall continue of the Agreement to be extended the information and limit further uses and disclosures to any Health Records and/or PHI maintained by those purposes that make the Contractor for as long as it is maintainedreturn or destruction of the information infeasible.
Appears in 1 contract
Samples: Terms and Conditions
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“"HIPAA”"), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“"ARRA”"), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“"HITECH”"), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s 's HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information ("PHI"), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“"DHHS”") for purposes of determining the State’s 's compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors subcontractors, or third parties, parties of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or or PHI received from, or created created, or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) : Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
Samples: Professional Services
HIPAA. The Contractor agrees to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (“PHI”), as defined by the regulations, which is made available to or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receives, maintains, or transmits on behalf of the State:
(a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using or further disclosing Health Records and/or PHI other than as permitted or required by this Contract or by applicable law;
(4) Immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any security and/or privacy breach directly relating to the work performed for this Contract of which the Contractor becomes aware;
(5) Mitigating, to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by this Contract or by applicable law of which the Contractor becomes aware;
(6) Ensuring that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received from, or created or received by the Contractor, subcontractors or agents on behalf of the State agree to the same restrictions, conditions and obligations applicable to such party regarding Health Records and/or PHI and agree to implement the required safeguards to protect it;
(7) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office the State representative listed in Section 34(A)(1) [Notice to Parties] with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making available the information required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526, if the Contractor maintains Health Records and/or PHI subject to amendment;
(10) Make Health Records and/or PHI available to individuals entitled to access and requesting access in compliance with 45 CFR § 164.524 and the duties of the Contractor;
(11) At the discretion of the State, authorizing termination of the this Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created under the Contract. If the State determines return or destruction is not feasible, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.
Appears in 1 contract
HIPAA. The Contractor agrees To the extent (if any) that DXC discloses “Protected Health Information” or “PHI” as defined in the HIPAA Privacy and Security Rules (45 CFR, Part 160-164) issued pursuant to comply with all applicable requirements of the Health Insurance Portability and Accountability Act of 1996, Title II, Administrative Simplification 1996 (“HIPAA”), including amendments signed into law under the American Recovery and Reinvestment Act of 2009 (“ARRA”), in particular, applicable provisions of Title XIII known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”), Subtitle D, in all activities related ) to this Contract, to maintain compliance during the term of this Contract and after as may be required by federal law, to operate any systems used to fulfill the requirements of this Contract in full compliance with all applicable provisions of HIPAA and to take no action which adversely affects the State’s HIPAA compliance. Terms used, but not otherwise defined, in this Contract shall have the same meaning as those found in the HIPAA Regulations under 45 CFR Parts 160, 162, and 164. To the extent required by the provisions of HIPAA and regulations promulgated thereunder, the Contractor assures that it will appropriately safeguard all forms of Health Records and/or Protected Health Information (PHI), as defined by the regulations, which is made available to Supplier or obtained by the Contractor in the course of its work under this Contract. The Contractor agrees to comply with all applicable requirements of law relating to Health Records and/or PHI with respect to any task or other activity it performs for the State including, as required by the final Privacy and Security regulations:
(1) Implementing the following HIPAA requirements for any forms of Health Records and/or PHI that the Contractor receivesSupplier accesses, maintains, uses, or transmits on behalf discloses PHI in connection with the performance of the State:
Services or functions under this Agreement, Supplier will: (a) Administrative safeguards under 45 CFR § 164.308
(b) Physical safeguards under 45 CFR § 164.310
(c) Technical safeguards under 45 CFR § 164.312
(d) Policies and procedures and documentation requirements under 45 CFR § 164.316;
(2) Implementing a disaster recovery plan, as appropriate for work conducted for this Contract, which includes mechanisms to recover data and/or alternative data storage sites, as determined by the State to be necessary to uphold integral business functions in the event of an unforeseen disaster;
(3) Not using not use or further disclosing Health Records and/or disclose PHI other than as permitted or required by this Contract Agreement or as required by applicable law;
; (4b) Immediately reporting use appropriate safeguards to DCS’ prevent use or disclosure of PHI other than as provided for by this Agreement, including implementing requirements of the HIPAA Compliance Office any security and/or privacy breach directly relating Security Rule with regard to the work performed for this Contract of which the Contractor becomes aware;
electronic PHI; (5c) Mitigating, report to the extent practicable, any harmful effect that is known to the Contractor and immediately reporting to DCS’ HIPAA Compliance Office DXC any use or disclosure by the Contractor, its agent, employees, subcontractors or third parties, of Health Records and/or PHI obtained under this Contract in a manner not provided for by under this Contract or by applicable law Agreement of which the Contractor Supplier becomes aware;
, including breaches of unsecured protected health information as required by 45 CFR §164.410, (6d) Ensuring in accordance with 45 CFR §164.502(e)(1)(ii), ensure that any subcontractors or agents to whom the Contractor provides Health Records and/or PHI received fromof Supplier that create, receive, maintain, or created transmit PHI created, received, maintained or received transmitted by the ContractorSupplier on DXC’s behalf, subcontractors or agents on behalf of the State agree to the same restrictions, restrictions and conditions and obligations applicable that apply to Supplier with respect of such party regarding Health Records and/or PHI; (e) make available PHI and agree to implement the required safeguards to protect it;
in a Designated Record Set (7if any is maintained by Supplier) Making the Contractor's internal practices, books and records related to the use or disclosure of Health Records and/or PHI received from, or created or received by the Contractor on behalf of the State available to the State at its request or to the Secretary of the United States Department of Health and Human Services (“DHHS”) for purposes of determining the State’s compliance with applicable law. The Contractor shall immediately notify DCS’ HIPAA Compliance Office upon receipt by the Contractor of any such request from the Secretary of DHHS or designee, and shall provide DCS’ HIPAA Compliance Office with copies of any materials made available in response to such a request;
(8) In accordance with procedures established by the State, making 45 CFR section 164.524; (f) make available the information PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance 45 CFR section 164.526; (g) make available PHI required to provide an accounting of disclosures pursuant to applicable law, if the duties of the Contractor include disclosures that must be accounted for;
(9) Making available Health Records and/or PHI for amendment and incorporating any amendments to Health Records and/or PHI in accordance with 45 CFR § 164.526section 164.528, if (h) make Supplier’s internal practices, applicable documentation and records to the Contractor maintains Health Records and/or extent that such relate to the use and disclosure of PHI subject to amendment;
(10) Make Health Records and/or PHI received from DXC, or created or received by Supplier on DXC’s behalf, available to individuals entitled to access and requesting access in the Secretary of the HHS for the purpose of determining DXC’s compliance with 45 CFR § 164.524 the HIPAA Privacy and Security Rules, (i) in the duties event Supplier is to carry out any obligations by or on behalf of the Contractor;
(11) At the discretion DXC that DXC performs on behalf of the State, authorizing termination of the Contract if the Contractor has violated a material provision of this Section; and
(12) At the termination of the Contract, the Contractor shall return or destroy all Health Records and/or PHI received or created covered entity arising under the Contract. If the State determines return or destruction is not feasiblePrivacy Rule, the protections in this Contract shall continue to be extended to any Health Records and/or PHI maintained by the Contractor for as long as it is maintained.comply
Appears in 1 contract
Samples: Terms and Conditions
