Information Privacy and Security Compliance. (a) Since January 1, 2020, except for such failures that, individually or in the aggregate, have not had and would not reasonably be expected to have a Company Material Adverse Effect, the collection, use, analysis, disclosure, retention, storage, security and dissemination of Personal Information by the Company or any Company Subsidiary complies with, and has not violated, (i) any applicable Contract, (ii) any applicable Law, including Privacy/Data Security Laws, (iii) any person’s right of publicity or (iv) any published privacy policy of the Company or any Company Subsidiary, then in effect.
(b) Since January 1, 2020, the Company has maintained commercially reasonable security measures to protect the confidentiality, integrity and availability of Personal Information and non-public information in its or any Company Subsidiary’s possession or control.
(c) Since January 1, 2020, to the knowledge of the Company, no person has gained unauthorized access to or made any unauthorized use of any Personal Information or other non-public information maintained by the Company or any Company Subsidiary and, to the knowledge of the Company, neither the Company nor any Company Subsidiary has been legally required to provide notice to any individuals, customers, third parties, or any Governmental Authority, nor has the Company or any Company Subsidiary provided any such notice relating to any unauthorized access to or use of Personal Information or other non-public information.
(d) To the knowledge of the Company, since January 1, 2020, (i) there have been no material security breaches in the Business Systems used by the Company or any Company Subsidiary, and (ii) the Business Systems and all Software owned by the Company or any Company Subsidiary is free from any material software defect, and does not contain any virus, software routine or hardware component designed to permit unauthorized access or to disable or otherwise harm any computer, systems or software.
(e) To the knowledge of the Company, (i) no Company Shareholder is under investigation by any Governmental Authority for a violation of any Privacy/Data Security Laws; (ii) since January 1, 2020, neither the Company nor any Company Subsidiary has received any written notices from any Governmental Authority relating to any such violations; and (iii) to the Company’s knowledge, since January 1, 2020, no representative of the Company or any Company Subsidiary has acted in a manner that would trigger a notificati...
Information Privacy and Security Compliance. Except as disclosed in the Registration Statement, the Time of Sale Disclosure Package and the Prospectus, (i)(x) to the knowledge of the Company, there has been no security breach or other compromise of or relating to any of the Company’s information technology and computer systems, networks, hardware, software, data (including the data of their respective customers, employees, suppliers, vendors and any third-party data maintained by or on behalf of them), equipment or technology (collectively, “IT Systems and Data”) requiring notice to any third party under applicable state or federal law and (y) the Company has not been notified of, and has no knowledge of any event or condition that would reasonably be expected to result in, any security breach or other compromise to their IT Systems and Data requiring notice to any third party under applicable state or federal law; (ii) the Company is presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification, except as would not, in the case of this clause (ii), individually or in the aggregate, have a Material Adverse Effect; and (iii) the Company has used commercially reasonable efforts to implement backup and disaster recovery technology consistent with industry standards and practices.
Information Privacy and Security Compliance. (a) Sellers and the Hospital (i) to the extent their operations are subject to the administrative simplification provisions of HIPAA, and the implementing regulations contained in 45 C.F.R. Parts 160, 162 and 164, are in compliance in all material respects with those administrative simplification provisions and implementing regulations, including, without limitation, in conducting any of the standard transactions set forth in 45 C.F.R. Part 162; and (ii) are in compliance in all material respects with all other applicable Information Privacy or Security Laws.
(b) Sellers have provided to Buyer accurate and complete copies of any written complaints delivered to Seller or the Hospital during the past three (3) years alleging a violation of any Information Privacy or Security Laws.
Information Privacy and Security Compliance. (a) Seller (i) to the extent Seller’s operations are subject to the administrative simplification provisions of HIPAA, and the implementing regulations contained in 45 C.F.R. Parts 160, 162 and 164, are in material compliance with those provisions and implementing regulations, including in conducting any of the standard transactions set forth in 45 C.F.R. Part 162; and (ii) are in compliance with all other applicable Information Privacy or Security Laws (as hereinafter defined).
(b) Copies of the compliance policies and/or procedures and privacy notices of Seller relating to Information Privacy or Security Laws have been delivered to Buyer.
(c) Seller has entered into business associate agreements with all third parties acting as a business associate as defined in 45 C.F.R. § 160.103 and to Seller’s Knowledge, no business associate is in breach of its business associate agreement with Seller or otherwise in violation of the Information Privacy or Security Laws. To the Knowledge of Seller, Seller is not under investigation by any Governmental Authority for a violation of any Information Privacy or Security Laws, including the receipt of any notices from the United States Department of Health and Human Services Office of Civil Rights, Federal Trade Commission, Department of Justice, or state attorney general relating to any such violations.
(d) Copies of any written complaints alleging a violation of any Information Privacy or Security Laws received by Seller during the preceding twenty-four (24) month period have been delivered to Buyer.
(e) Seller has not had a Breach of Unsecured Protected Health Information, as such terms are defined in 45 C.F.R. § 164.402.
(f) For purposes of this section: (i) “Information Privacy or Security Laws” means HIPAA and regulations as set forth in this section and any other applicable Law concerning the privacy and/or security of Personal Information, including state data breach notification laws, state patient, medical record and health information privacy Laws, the Federal Trade Commission Act and state consumer protection Laws; and (ii) “Personal Information” means any information with respect to which there is a reasonable basis to believe that the information can be used to identify an individual, including “individually identifiable health information” as defined in 45 C.F.R. 160.103, demographic information, and social security numbers and such other personally identifiable information protected by applicable Legal Req...
Information Privacy and Security Compliance. Except as disclosed in the Registration Statement, the Time of Sale Disclosure Package and the Prospectus, (i)(x) to the knowledge of the Company, there has been no security breach or other compromise of or relating to any of the Company’s or any subsidiary’s information technology and computer systems, networks, hardware, software, data (including the data of their respective customers, employees, suppliers, vendors and any third-party data maintained by or on behalf of them), equipment or technology (collectively, “IT Systems and Data”) requiring notice to any third party under applicable state or federal law and (y) the Company and its subsidiaries have not been notified of, and have no knowledge of any event or condition that would reasonably be expected to result in, any security breach or other compromise to their IT Systems and Data requiring notice to any third party under applicable state or federal law; (ii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification, except as would not, in the case of this clause (ii), individually or in the aggregate, have a Material Adverse Effect; and (iii) the Company and its subsidiaries have used commercially reasonable efforts to implement backup and disaster recovery technology consistent with industry standards and practices.
Information Privacy and Security Compliance. (a) Sellers and the Facilities (i) are, and at all times during the past five (5) years have been, in compliance with HIPAA in all material respects, (ii) are, and at all times during the past five (5) years have been, in compliance in all material respects with all other applicable Information Privacy or Security Laws and all rules and regulations promulgated thereunder, and (iii) are, and at all times during the past five (5) years have been, in compliance in all material respects with the written privacy policies of Sellers and Facilities. Sellers, to the extent required by HIPAA and other Information Privacy or Security Laws, have undertaken surveys, audits, inventories, reviews, analyses and/or assessments of all areas of the Business required by the HITECH Act and the administrative simplification provisions of HIPAA.
(b) Sellers have provided to Buyer accurate and complete copies of the compliance policies and/or procedures and privacy notices of the Facilities relating to Information Privacy or Security Laws. All of Sellers’ and the Facilities’ respective workforces (as such term is defined in 45 C.F.R. § 160.103) have received training with respect to compliance with Information Privacy or Security Laws.
(c) Where required by Information Privacy or Security Laws, Sellers have entered into business associate agreements with all third parties currently acting as a business associate (as such term is defined in 45 C.F.R. § 160.103) of any Seller or the Business. No Seller (i) is, to the Knowledge of Sellers, under investigation by any Governmental Authority for a violation of any Information Privacy or Security Law; (ii) during the five (5) years immediately preceding the date hereof, has received any written notices or, to the Knowledge of Sellers, oral notices, from the United States Department of Health and Human Services Office for Civil Rights, the Department of Justice, the FTC, or the Attorney General of any state or territory of the United States relating to any such violations; or (iii) except as set forth on Schedule 4.12(c), during the five (5) years immediately preceding the date hereof, to the Knowledge of Sellers, there has not been any incident, that would trigger a notification or reporting requirement under any business associate agreement or any Information Privacy or Security Law, including a Breach (as such term is defined in 45 C.F.R. § 164.402) with respect to any Unsecured Protected Health Information (as such term is defined i...
Information Privacy and Security Compliance. (a) Except as set forth on Schedule 4.23(a), Seller and the Businesses (to the knowledge of Seller exclusively with respect to Ontonagon and Chippewa): (i) to the extent their operations are subject to the administrative simplification provisions of HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act, and the implementing regulations contained in 45 C.F.R. Parts 160, 162 and 164, are in compliance in all material respects with those provisions and implementing regulations, including in conducting any of the standard transactions set forth in 45 C.F.R. Part 162; and (ii) are in compliance with all other applicable Information Privacy or Security Laws (as hereinafter defined).
(b) Copies of the compliance policies and/or procedures and privacy notices of the Businesses (to the knowledge of Seller exclusively with respect to Ontonagon and Chippewa) relating to Information Privacy or Security Laws have been delivered to Buyer. Except as set forth on Schedule 4.23(b), all of Seller’s and any Businesses’ (to the knowledge of Seller exclusively with respect to Ontonagon and Chippewa) workforces (as such term is defined in 45 C.F.R. 160.103) have received training with respect to compliance with Information Privacy or Security Laws as required by such laws.
(c) Except as set forth on Schedule 4.23(c)(i), Seller and the Businesses (to the knowledge of Seller exclusively with respect to Ontonagon and Chippewa) have entered into business associate agreements with all third parties acting as a business associate as defined in 45 C.F.R. 160.103 and to Seller’s knowledge, no business associate is in breach of its business associate agreement with the applicable Businesses or otherwise in violation of the Information Privacy or Security Laws. Except as set forth on Schedule 4.23(c)(ii), neither Seller nor any of the Businesses (to the knowledge of Seller exclusively with respect to Ontonagon and Chippewa) are under investigation by any governmental entity for a violation of any Information Privacy or Security Laws, including the receipt of any notices from the United States Department of Health and Human Services Office of Civil Rights, FTC or DOJ relating to any such violations.
(d) Copies of any written complaints alleging a violation of any Information Privacy or Security Laws received by Seller or any of the Businesses (to the knowledge of Seller exclusively with respect to Ontonagon and Chippewa) during the preceding 24 month ...
Information Privacy and Security Compliance. (i) The Company and each of its Subsidiaries, (A) to the extent their operations are subject to the administrative simplification provisions of HIPAA and the implementing regulations contained in 45 C.F.R. Parts 160, 162 and 164, are in compliance in all material respects with those administrative simplification provisions and implementing regulations, including in conducting any of the standard transactions set forth in 45 C.F.R. Part 162; and (B) are in compliance in all material respects with all other applicable Information Privacy or Security Laws (as hereinafter defined).
(ii) Except as set forth on Schedule 4.18(c), neither the Company nor any of its Subsidiaries are, to the knowledge of the Seller, under investigation by any Governmental Authority for a material violation of any Information Privacy or Security Laws, including the receipt of any notices from the United States Department of Health and Human Services Office of Civil Rights, Federal Trade Commission or Department of Justice relating to any such violations. Except as set forth on Schedule 4.18(c), during the past three years, none of the Company or any of its Subsidiaries has suffered any breach in security that has permitted any unauthorized access to the personal data under Company’s control or possession that has resulted in any obligation to report to any Governmental Authority. During the past three years, none of the Company or any of its Subsidiaries has received any material written claims, notices or complaints regarding their information practices and/or their collection, use, disclosure, retention and/or misuse of any personal data.
(iii) For purposes of this Section 4.17(c), “Information Privacy or Security Laws” means HIPAA and regulations as set forth in Healthcare Legal Requirement and any other Healthcare Legal Requirements or other applicable Law concerning the privacy and/or security of personal information applicable to the Company or its Subsidiaries
Information Privacy and Security Compliance. (a) Since January 1, 2017, the Company and each Subsidiary has complied and is in compliance with all applicable data protection, privacy and other Laws, in each case, governing the collection use, storage, distribution, transfer or disclosure (whether electronically or in any other form or medium) of all Personal Information, including by entering into agreements governing the flow of Personal Information across national borders and providing notice of such flow to each individual to whom such Personal Information relates as required by such Laws. To Company’s knowledge, all Personal Information in the custody or control of the Company has been collected, used, stored, distributed, transferred and disclosed with the consent of each individual to whom it relates as required by such Laws and has been used only for the purposes for which it was initially collected. No Personal Information has been collected, used, stored, distributed, transferred or disclosed by any third party on behalf of the Company. The Company has, and has had in place since January 1, 2017, a privacy policy governing the collection use, storage, distribution, transfer and disclosure of Personal Information by the Company, as the case may be, and has collected, used, stored, distributed, transferred and disclosed all Personal Information in accordance with such policy. Since January 1, 2017, to Company’s knowledge, there has not been any notice to, complaint against or audit, proceeding or investigation conducted or claim asserted with respect to the Company, by any Person (including any Governmental Authority) regarding the collection, use, storage, distribution, transfer or disclosure of Personal Information, and none is pending or, to the knowledge of the Company, threatened (and to the knowledge of the Company there is no basis for the same). The Company has implemented and is in compliance in all material respects with physical, technical and other measures complying with such Laws and meeting applicable industry standards to assure the integrity and security of transactions executed through its computer systems and of all confidential or proprietary data, including Personal Information. Since January 1, 2017, there has been no actual or alleged material breach of security or unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any Personal Information, confidential or proprietary data or any other such information maintained or stored by or on...
Information Privacy and Security Compliance. (a) Since the Formation Date, to the knowledge of the Company, the collection, use, analysis, disclosure, retention, storage, security and dissemination of Personal Information by the Company and any Subsidiary materially complies with, and has not materially violated, (i) any applicable contract, (ii) any applicable Privacy Law, or (iii) any published privacy policy of the Company or any Subsidiary, then in effect. Each of the Company and any Subsidiary has posted in accordance with applicable Privacy Laws a privacy policy governing its use of Personal Information on its websites and if required by contract, on websites it maintains on behalf of customers, and has materially complied at all times with such privacy policy.
(b) Since the Formation Date, the Company and each Subsidiary has maintained commercially reasonable security measures designed to protect the confidentiality, integrity and availability of Personal Information and non-public information in its possession or control.
(c) The Company has entered into a business associate agreement in each case in which it (i) acts as a business associate (as defined in 45 C.F.R. 160.103) and (ii) provides Protected Health Information to its agents, subcontractors or vendors, in each case as required by, and in conformity with, applicable Privacy Laws.
(d) Since the Formation Date, to the knowledge of the Company, no person has gained unauthorized access to or made any unauthorized use of any Personal Information maintained by the Company or of the information technology systems used by the Company or any Subsidiary.
(e) Since the Formation Date, to the knowledge of the Company, all software owned by the Company or any Subsidiary is free from any material software defect, and does not contain any virus, software routine or hardware component designed to permit unauthorized access or to disable or otherwise materially harm any computer, systems or software.
(f) To the knowledge of the Company, no member of the Company or any Subsidiary is under investigation by any Governmental Authority for a violation of any applicable Privacy Laws or received any notices from any Governmental Authority relating to any such violations.
(g) Since the Formation Date, to the knowledge of the Company, the Company and any Subsidiary has materially complied with all applicable material contracts, all applicable Privacy Laws and HIPAA.
