INFORMATION PRIVACY AND SECURITY REQUIREMENTS. 9 A. This Information Privacy and Security Requirements Exhibit (For Non-HIPAA/HITECH Act 10 Contracts) (hereinafter referred to as "this Exhibit") sets forth the information privacy and security 11 requirements CONTRACTOR is obligated to follow with respect to all personal and confidential 12 information (as defined herein) disclosed to CONTRACTOR, or collected, created, maintained, stored, 13 transmitted or used by CONTRACTOR for or on behalf of COUNTY, pursuant to CONTRACTOR's 14 agreement with COUNTY. (Such personal and confidential information is referred to herein collectively 15 as "COUNTY PCI".) COUNTY and CONTRACTOR desire to protect the privacy and provide for the 16 security of COUNTY PCI pursuant to this Exhibit and in compliance with state and federal laws 17 applicable to the COUNTY PCI.
INFORMATION PRIVACY AND SECURITY REQUIREMENTS. All personnel conducting ADAP/PrEP-AP enrollment services must abide by all applicable laws and CDPH/OA/ADAP and PrEP-AP guidelines regarding confidentiality of ADAP and PrEP- AP client eligibility files and protected health information when accessing or submitting client data. Must be maintained through the life of the contract. ADAP ES Contact Authorized Site Administrator/ Site Contact Notify the assigned ADAP or PrEP-AP Advisor immediately by phone call plus email or fax when a potential breach has occurred. EWs may be deactivated if more than two potential breaches occur within a calendar year. ESs may also be deactivated if potential breaches are committed by more than two EWs in a calendar year. Verified when ADAP Enrollment Worker(s) (EWs) email address is provided to the assigned CDPH/OA/ADAP Advisor. i. Ensure compliance with the provisions as stated in Exhibit D, “HIPAA Business Associate Addendum (CDPH HIPAA BAA 6-16). ii. Ensure that all EWs employed by or volunteering at the ES are issued/assigned an Agency email address. *To ensure client confidentiality, ADAP EWs are prohibited from using a personal email address (i.e. gmail, yahoo, etc.)
INFORMATION PRIVACY AND SECURITY REQUIREMENTS. This Information Privacy and Security Requirements Exhibit (For Non-HIPAA/HITECH Act Contracts) (hereinafter referred to as “this Exhibit”) sets forth the information privacy and security requirements Contractor is obligated to follow with respect to all personal and confidential information (as defined herein) disclosed to Contractor, or collected, created, maintained, stored, transmitted or used by Contractor for or on behalf of the California Department of State Hospitals (hereinafter “DSH”), pursuant to Contractor’s agreement with DSH. (Such personal and confidential information is referred to herein collectively as “DSH PCI”.) DSH and Contractor desire to protect the privacy and provide for the security of DSH PCI pursuant to this Exhibit and in compliance with state and federal laws applicable to the DSH PCI.
