Electronic Visit Verification ("EVV A. To ensure: 1. the EVV system is used to verify the provision of services governed under 40 TAC, Chapter 68 or its successor; 2. only authorized people access the Contractor's EVV account; 3. all data elements required by HHSC or HHSC's designee are uploaded or entered and maintained in the EVV system completely, accurately, and prior to submitting the claim; 4. that each time services governed by 40 TAC Chapter 68 or its successor are delivered to an individual, the Contractor's staff uses an HHSC-approved EVV system; and 5. service delivery documentation is immediately available for review by HHSC when requested. B. Equipment provided to Contractor by HHSC, HHSC’s designee, or an HHSC-approved EVV vendor, must be returned in good condition when the equipment is no longer needed under this Contract. In the context of this agreement, “good condition” means Contractor must not place any marks or identifying information on the equipment and may not alter information on the equipment including logos and serial numbers. If the equipment is lost, stolen, marked, altered or damaged by Contractor, Contractor may be required to pay the replacement cost for each piece of equipment that is lost, stolen, marked or damaged. Replacement costs for lost, stolen, marked or damaged equipment may be assessed periodically. If Contractor recovers previously lost or stolen equipment for which Contractor paid the replacement cost in the prior 12 months, Contractor may return the equipment and be reimbursed for the replacement costs within 12 months of the date HHSC, HHSC’s designee or an HHSC-approved EVV vendor (as applicable) received payment in full from the Contractor. This is provided the equipment is returned in good condition as specified above. C. HHSC may perform EVV compliance oversight reviews to determine if Contractor has complied with EVV compliance requirements as outlined in 40 TAC Chapter 68 or its successor, EVV Policy posted on the HHSC EVV website or EVV Policy Handbook. D. If the Contractor determines an electronic record in the EVV system needs to be adjusted at any time, the Contractor will make the adjustment in the EVV system using the most appropriate EVV reason code number(s), EVV reason code description(s) and enter any required free text when completing visit maintenance in the EVV system, if applicable. E. Contractor must begin using an HHSC-approved EVV system prior to submitting an EVV relevant claim. F. All claims for services required to use EVV (EVV claims) must match to an accepted EVV visit transaction in the EVV Aggregator (the state’s centralized EVV database) prior to reimbursement of an EVV claim. Without a matching accepted EVV visit transaction, the claim will be denied. G. Contractor must submit all EVV related claims through the Texas Medicaid Claims Administrator, or as otherwise described in the EVV Policy posted on the HHSC EVV website or in the EVV Policy Handbook. H. Contractor must complete all required EVV training as outlined in the EVV Policy posted on the HHSC EVV website or EVV Policy Handbook: • Prior to using either an EVV vendor system or an EVV proprietary system and • Yearly thereafter. I. Contractor and, if applicable, the Contractor’s appointed EVV system administrator, must complete, sign and date the EVV Onboarding Form as outlined in 40 TAC Chapter 68 or its successor, EVV Policy posted on the HHSC website or EVV Policy Handbook.
Transmission encryption All data transmissions of County PHI or PI outside the secure internal network must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as AES. Encryption can be end to end at the network level, or the data files containing PHI can be encrypted. This requirement pertains to any type of PHI or PI in motion such as website access, file transfer, and E-Mail.
Incident Event and Communications Management a. Incident Management/Notification of Breach - DST shall develop, implement and maintain an incident response plan that specifies actions to be taken when DST or one of its subcontractors suspects or detects that a party has gained material unauthorized access to Fund Data or systems or applications containing any Fund Data (the “Response Plan”). Such Response Plan shall include the following: i. Escalation Procedures - An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Fund Data (including backed up data) to Fund via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as DST is prohibited by law, rule, regulation or other governmental authority from notifying Fund. ii. Incident Reporting - DST will use commercially reasonable efforts to promptly furnish to Fund information that DST has regarding the general circumstances and extent of such unauthorized access to the Fund Data.
Workstation/Laptop encryption All workstations and laptops that process and/or store DHCS PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk unless approved by the DHCS Information Security Office.
Transmission The Custodian and the Fund shall comply with SWIFT’s authentication procedures. The Custodian will act on FT Instructions received via SWIFT provided the instruction is authenticated by the SWIFT system. § Written Instructions. Instructions may be transmitted in an original writing that bears the manual signature of an Authorized Person(s).
Data Protection During Transmission DST shall encrypt, using an industry standard encryption algorithm, personally identifiable Fund Data when such data is transmitted.