Patient Information Each Party agrees to abide by all laws, rules, regulations, and orders of all applicable supranational, national, federal, state, provincial, and local governmental entities concerning the confidentiality or protection of patient identifiable information and/or patients’ protected health information, as defined by any other applicable legislation in the course of their performance under this Agreement.
Access to Company Information (a) During the period from the date of this Agreement to the Effective Time, the Company shall permit representatives of the Parent to have reasonable access (at all reasonable times, and in a manner so as not to interfere with the normal business operations of the Company) to all premises, properties, financial and accounting records, contracts, other records and documents, and personnel, of or pertaining to the Company.
(b) The Parent and each of its Subsidiaries (i) shall treat and hold as confidential any Company Confidential Information (as defined below), (ii) shall not use any of the Company Confidential Information except in connection with this Agreement, and (iii) if this Agreement is terminated for any reason whatsoever, shall return to the Company all tangible embodiments (and all copies) thereof which are in its possession. For purposes of this Agreement, “Company Confidential Information” means any information of the Company that is furnished to the Parent or any of its Subsidiaries by the Company in connection with this Agreement; provided, however, that it shall not include any information (A) which, at the time of disclosure, is available publicly other than as a result of non-permitted disclosure by the Parent, any of its Subsidiaries or their respective directors, officers, or employees, (B) which, after disclosure, becomes available publicly through no fault of the Parent, any of its Subsidiaries or their respective directors, officers, or employees, (C) which the Parent or any of its Subsidiaries knew or to which the Parent or any of its Subsidiaries had access prior to disclosure, as demonstrated by competent evidence, provided that the source of such information is not known by the Parent or any of its Subsidiaries to be bound by a confidentiality obligation to the Company, or (D) which the Parent or any of its Subsidiaries rightfully obtains from a source other than the Company, provided that the source of such information is not known by the Parent or any of its Subsidiaries to be bound by a confidentiality obligation to the Company.
Information/Cooperation Executive shall, upon reasonable notice, furnish such information and assistance to the Bank as may be reasonably required by the Bank, in connection with any litigation in which it or any of its subsidiaries or affiliates is, or may become, a party; provided, however, that Executive shall not be required to provide information or assistance with respect to any litigation between Executive and the Bank or any other subsidiaries or affiliates.
Authorization to Release and Transfer Necessary Personal Information The Grantee hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of the Grantee’s personal data by and among, as applicable, the Company and its Subsidiaries for the exclusive purpose of implementing, administering and managing the Grantee’s participation in the Plan. The Grantee understands that the Company may hold certain personal information about the Grantee, including, but not limited to, the Grantee’s name, home address and telephone number, date of birth, social security number (or any other social or national identification number), salary, nationality, job title, number of Award Units and/or shares of Common Stock held and the details of all Award Units or any other entitlement to shares of Common Stock awarded, cancelled, vested, unvested or outstanding for the purpose of implementing, administering and managing the Grantee’s participation in the Plan (the “Data”). The Grantee understands that the Data may be transferred to the Company or to any third parties assisting in the implementation, administration and management of the Plan, that these recipients may be located in the Grantee’s country or elsewhere, and that any recipient’s country (e.g., the United States) may have different data privacy laws and protections than the Grantee’s country. The Grantee understands that he or she may request a list with the names and addresses of any potential recipients of the Data by contacting his or her local human resources representative or the Company’s stock plan administrator. The Grantee authorizes the recipients to receive, possess, use, retain and transfer the Data, in electronic or other form, for the sole purpose of implementing, administering and managing the Grantee’s participation in the Plan, including any requisite transfer of such Data to a broker or other third party assisting with the administration of Award Units under the Plan or with whom shares of Common Stock acquired pursuant to the vesting of the Award Units or cash from the sale of such shares may be deposited. Furthermore, the Grantee acknowledges and understands that the transfer of the Data to the Company or to any third parties is necessary for the Grantee’s participation in the Plan. The Grantee understands that the Grantee may, at any time, view the Data, request additional information about the storage and processing of the Data, require any necessary amendments to the Data or refuse or withdraw the consents herein by contacting the Grantee’s local human resources representative or the Company’s stock plan administrator in writing. The Grantee further acknowledges that withdrawal of consent may affect his or her ability to vest in or realize benefits from the Award Units, and the Grantee’s ability to participate in the Plan. For more information on the consequences of refusal to consent or withdrawal of consent, the Grantee understands that he or she may contact his or her local human resources representative or the Company’s stock plan administrator.
Student Information In the course of providing services during the term of the contract, certain personnel of Consultant may have access to student education records that are subject to the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, et seq. and the regulations promulgated there under. Such information confidential and is therefore protected. To the extent that Consultant’s personnel require access to “education records” to perform Services pursuant to this Agreement, such personnel are deemed a “school official,” as each of these terms are defined under FERPA. Consultant agrees that it shall not use education records for any purpose other than in the performance of this contract. Except as required by law, Consultant shall not disclose or share education records with any third party unless permitted by the terms of the contract or to subcontractors who have agreed to maintain the confidentiality of the education records to the same extent required of Consultant under this contract. For the avoidance of doubt, District will be responsible for obtaining any necessary consents from students or parents pursuant to FERPA to provide the information to Consultant. In the event any person(s) seek to access protected education records, whether in accordance with FERPA or other Federal or relevant State law or regulations, the Consultant will immediately inform the District of such request in writing if allowed by law or judicial and/or administrative order. Consultant shall not provide direct access to such data or information or respond to individual requests. Consultant shall only retrieve such data or information upon receipt of, and in accordance with, written directions by the District and shall only provide such data and information to the District. It shall be District’s sole responsibility to respond to requests for data or information received by Vendor regarding District data or information. Should Consultant receive a court order or lawfully issued subpoena seeking the release of such data or information, Consultant shall provide immediate notification to the District of its receipt of such court order or lawfully issued subpoena and shall immediately provide the District with a copy of such court order or lawfully issued subpoena prior to releasing the requested data or information, if allowed by law or judicial and/or administrative order. If Consultant experiences a security breach concerning any education record covered by this contract, then Consultant will immediately notify the District and take immediate steps to limit and mitigate such security breach to the extent possible. The parties agree that any breach of the confidentiality obligation set forth in the contract may, at District’s discretion, result in cancellation of further consideration for contract award and the eligibility for Consultant to receive any information from District for a period of not less than five (5) years. In addition, Consultant agrees to indemnify and hold the District harmless for any loss, cost, damage or expense suffered by the District, including but not limited to the cost of notification of affected persons, as a direct result of the unauthorized disclosure of education records. Upon termination of Agreement, Consultant shall return and/or destroy all data or information received from the District upon, and in accordance with, direction from the District. Consultant shall not retain copies of any data or information received from the District once the District has directed Consultant as to how such information shall be returned to the District and/or destroyed. Furthermore, Consultant shall ensure that they dispose of any and all data or information received from the District in a District-approved manner that maintains the confidentiality of the contents of such records (e.g. shredding paper records, erasing and reformatting hard drives, erasing and/or physically destroying any portable electronic devices).
RELEASE OF GENERAL INFORMATION TO THE PUBLIC AND MEDIA NASA or Partner may, consistent with Federal law and this Agreement, release general information regarding its own participation in this Agreement as desired. Pursuant to Section 841(d) of the NASA Transition Authorization Act of 2017, Public Law 115-10 (the "NTAA"), NASA is obligated to publicly disclose copies of all agreements conducted pursuant to NASA's 51 U.S.C. §20113(e) authority in a searchable format on the NASA website within 60 days after the agreement is signed by the Parties. The Parties acknowledge that a copy of this Agreement will be disclosed, without redactions, in accordance with the NTAA.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.
Why We Collect Information and For How Long We are collecting your data for several reasons: · To better understand your needs and provide you with the services you have requested; · To fulfill our legitimate interest in improving our services and products; · To send you promotional emails containing information we think you may like when we have your consent to do so; · To contact you to fill out surveys or participate in other types of market research, when we have your consent to do so; · To customize our website according to your online behavior and personal preferences. The data we collect from you will be stored for no longer than necessary. The length of time we retain said information will be determined based upon the following criteria: the length of time your personal information remains relevant; the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations; any limitation periods within which claims might be made; any retention periods prescribed by law or recommended by regulators, professional bodies or associations; the type of contract we have with you, the existence of your consent, and our legitimate interest in keeping such information as stated in this Policy.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
