Common use of HITECH COMPLIANCE Clause in Contracts

HITECH COMPLIANCE. A. The Agency acknowledges and agrees to follow the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The HITECH Act outlines the Agency’s obligations when addressing privacy, security and breach of notification. B. In the event of a breach of unsecured protected health information (PHI) or disclosure that compromises the privacy or integrity of PHI, the Agency shall take all measures required by state or federal law. The Agency shall provide the County with a copy of its investigative results and other information requested. The Agency shall report all PHI breaches to the County. C. The Agency shall notify the County within one (1) business day by telephone and in writing of any acquisition, access, use or disclosure of PHI not allowed by the provisions of this Agreement of which it becomes aware, and of any instance where the PHI is subpoenaed, copied or removed by anyone except an authorized representative as outlined in 45 CFR §§164.304, 164.314 (a)(2)(C), 164.504(e)(2)(ii)(C), and 164.400-.414. D. The Agency shall notify the County within one (1) business day by telephone or e-mail of any potential breach of security or privacy. The Agency shall follow telephone or e-mail notification with a secured faxed or other written explanation of the breach, to include the following: date and time of the breach, medium that contained the PHI, origination and destination of PHI, the Agency’s personnel associated with the breach, detailed description of PHI, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible for the mitigation. The Agency shall address communications to: Snohomish County Human Services 3000 Rockefeller, MS 305 Everett, WA. 98201

HITECH COMPLIANCE. A. The Agency acknowledges and agrees to follow the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The HITECH Act outlines the Agency’s obligations when addressing privacy, security and breach of notification. B. In the event of a breach of unsecured protected health information (PHI) or disclosure that compromises the privacy or integrity of PHI, the Agency shall take all measures required by state or federal law. The Agency shall provide the County with a copy of its investigative results and other information requested. The Agency shall report all PHI breaches to the County. C. The Agency shall notify the County within one (1) business day by telephone and in writing of any acquisition, access, use or disclosure of PHI not allowed by the provisions of this Agreement of which it becomes aware, and of any instance where the PHI is subpoenaed, copied or removed by anyone except an authorized representative as outlined in 45 CFR §§164.304, 164.314 (a)(2)(C), 164.504(e)(2)(ii)(C), and 164.400-.414. D. The Agency shall notify the County within one (1) business day by telephone or e-mail of any potential breach of security or privacy. The Agency shall follow telephone or e-mail notification with a secured faxed or other written explanation of the breach, to include the following: date and time of the breach, medium that contained the PHI, origination and destination of PHI, the Agency’s personnel associated with the breach, detailed description of PHI, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible for the mitigation. The Agency shall address communications to: Snohomish County Human Services 3000 Rockefeller0000 Xxxxxxxxxxx, MS 305 XX 000 Everett, WA. 98201

HITECH COMPLIANCE. A. The Agency acknowledges and agrees to follow the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The HITECH Act outlines the Agency’s obligations when addressing privacy, security and breach of notification. B. In the event of a breach of unsecured protected health information (PHI) or disclosure that compromises the privacy or integrity of PHI, the Agency shall take all measures required by state or federal law. The Agency shall provide the County with a copy of its investigative results and other information requested. The Agency shall report all PHI breaches to the County. C. The Agency shall notify the County within one (1) business day by telephone and in writing of any acquisition, access, use or disclosure of PHI not allowed by the provisions of this Agreement of which it becomes aware, and of any instance where the PHI is subpoenaed, copied or removed by anyone except an authorized representative as outlined in 45 CFR §§164.304, 164.314 (a)(2)(C), 164.504(e)(2)(ii)(C), and 164.400-.414. D. The Agency shall notify the County within one (1) business day by telephone or e-mail of any potential breach of security or privacy. The Agency shall follow telephone or e-mail notification with a secured faxed or other written explanation of the breach, to include the following: date and time of the breach, medium that contained the PHI, origination and destination of PHI, the Agency’s personnel associated with the breach, detailed description of PHI, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible for the mitigation. The Agency shall address communications to: Snohomish County Human Services 3000 Rockefeller0000 Xxxxxxxxxxx Xxxxxx, MS 305 EverettXX 000 Xxxxxxx, WA. 98201XX 00000.