Source of Data A description of (1) the process used to identify claims in the Population, and (2) the specific documentation relied upon by the IRO when performing the Quarterly Claims Review (e.g., medical records, physician orders, certificates of medical necessity, requisition forms, local medical review policies (including title and policy number), CMS program memoranda (including title and issuance number), Medicare contractor manual or bulletins (including issue and date), other policies, regulations, or directives).
Use of Data (a) In connection with the provision of the services and the discharge of its other obligations under this Agreement, State Street (which term for purposes of this Section XXIX includes each of its parent company, branches and affiliates (''Affiliates")) may collect and store information regarding a Trust and share such information with its Affiliates, agents and service providers in order and to the extent reasonably necessary (i) to carry out the provision of services contemplated under this Agreement and other agreements between the Trusts and State Street or any of its Affiliates and (ii) to carry out management of its businesses, including, but not limited to, financial and operational management and reporting, risk management, legal and regulatory compliance and client service management.
Protection of Data The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Supervision of Data DHCS PHI or PI in paper form shall not be left unattended at any time, unless it is locked in a file cabinet, file room, desk or office. Unattended means that information is not being observed by an employee authorized to access the information. DHCS PHI or PI in paper form shall not be left unattended at any time in vehicles or planes and shall not be checked in baggage on commercial airplanes.
Licensee Data Licensee acknowledges and agrees that Licensee will be solely responsible for backing-up, and taking all appropriate measures to protect and secure, Licensee Data. Licensee acknowledges that Nuix may make, store and maintain back up copies of Licensee Data, but is not obliged to do so. Nuix will not be liable for any loss or corruption of Licensee Data.
Use of Data by User Registry Operator will permit user to use the zone file for lawful purposes; provided that (a) user takes all reasonable steps to protect against unauthorized access to and use and disclosure of the data and (b) under no circumstances will Registry Operator be required or permitted to allow user to use the data to, (i) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than user’s own existing customers, or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-‐accredited registrar.
