SOFTWARE SECURITY If applicable, BA warrants that software security features will be compatible with the CE’s HIPAA compliance requirements. This HIPAA Business Associate Agreement-Addendum shall supersede any prior HIPAA Business Associate Agreements between CE and BA. EXHIBIT E
CONFIDENTIALITY AND NON-DISCLOSURE; SECURITY BREACH REPORTING 2.1 For purposes of this Contract, confidential information will not include information or material which (a) enters the public domain (other than as a result of a breach of this Contract); (b) was in the receiving party’s possession prior to its receipt from the disclosing party; (c) is independently developed by the receiving party without the use of confidential information; (d) is obtained by the receiving party from a third party under no obligation of confidentiality to the disclosing party; or (e) is not exempt from disclosure under applicable State law.
Future Services The Consultant acknowledges each of the following with regard to performing future services for the City: • The Consultant’s performance of Work in an Approved Service Order may create an actual or appearance of a conflict of interest with regard to the Consultant performing or participating in the performance of some related future services, particularly when the Work in an Approved Service Order comprises one element or aspect of a multi- phase process or project; • Such an actual or appearance of a conflict of interest would be a ground for the City to disqualify the Consultant from performing or participating in the performance of such future services; and • The Consultant is solely responsible for considering what potential conflicts of interest, if any, performing Work in an Approved Service Order might have on its ability to obtain contracts to perform future services.
Security of State Information To the extent Contractor shall have access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Master Agreement the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Signature Section For the CONTRACTOR Name (Please print) Title Signature Date For the MICHIGAN DEPARTMENT OF COMMUNITY HEALTH Xxxx Xxxx, Deputy Director, Operations Administration Date Part II General Provisions
Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.
Contact Information for Privacy and Security Officers and Reports 2.1 Business Associate shall provide, within ten (10) days of the execution of this Agreement, written notice to the Contract or Grant manager the names and contact information of both the HIPAA Privacy Officer and HIPAA Security Officer of the Business Associate. This information must be updated by Business Associate any time these contacts change.
ACCESS TO SECURITY LOGS AND REPORTS Upon request, the Contractor shall provide access to security logs and reports to the State or Authorized User in a format as specified in the Authorized User Agreement.
Acupuncture Services Benefits will be provided for Medically Necessary acupuncture services when provided by a provider licensed to perform such services.
Disclosure to FERC its Staff, or a State. Notwithstanding anything in this Article 22 to the contrary, and pursuant to 18 C.F.R. section 1b.20, if FERC or its staff, during the course of an investigation or otherwise, requests information from one of the Parties that is otherwise required to be maintained in confidence pursuant to this Agreement or the NYISO OATT, the Party shall provide the requested information to FERC or its staff, within the time provided for in the request for information. In providing the information to FERC or its staff, the Party must, consistent with 18 C.F.R. section 388.112, request that the information be treated as confidential and non-public by FERC and its staff and that the information be withheld from public disclosure. Parties are prohibited from notifying the other Parties to this Agreement prior to the release of the Confidential Information to the Commission or its staff. The Party shall notify the other Parties to the Agreement when it is notified by FERC or its staff that a request to release Confidential Information has been received by FERC, at which time the Parties may respond before such information would be made public, pursuant to 18 C.F.R. section 388.112. Requests from a state regulatory body conducting a confidential investigation shall be treated in a similar manner if consistent with the applicable state rules and regulations. A Party shall not be liable for any losses, consequential or otherwise, resulting from that Party divulging Confidential Information pursuant to a FERC or state regulatory body request under this paragraph.