Common use of Minimum Security Requirements Clause in Contracts

Minimum Security Requirements. To promote the confidentiality, integrity, and availability of EHI and minimize the potential for Breaches of EHI, each Participant Member shall be required to: (i) maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting EHI; (ii) protect against reasonably anticipated impermissible Uses and Disclosures of EHI; (iii) identify and protect against reasonably anticipated threats to the security or integrity of EHI; and (iv) monitor compliance with such safeguards by its workforce. In determining which administrative, technical and physical safeguards to implement, the Participant Member shall consider the following: (i) its size, complexity, and capabilities; (ii) its technical, hardware, and software infrastructure; (iii) the costs of security measures; and (iv) the likelihood and possible impact of potential risks to EHI. Each Participant Member further shall review and modify such safeguards to continue protecting EHI in a changing environment of security threats within a reasonable period of time. Additionally, each Participant Member shall be required to implement the following minimum security requirements described below.

Minimum Security Requirements. To promote the confidentiality, integrity, and availability of EHI and minimize the potential for Breaches of EHI, each Participant Member shall be required to: (i) maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting EHI; (ii) protect against reasonably anticipated impermissible Uses and Disclosures of EHI; (iii) identify and protect against reasonably anticipated threats to the security or integrity of EHI; and (iv) monitor compliance with such safeguards by its workforce. In determining which administrative, technical and physical safeguards to implement, the Participant Member shall consider the following: (i) its size, complexity, and capabilities; (ii) its technical, hardware, and software infrastructure; (iii) the costs of security measures; and (iv) the likelihood and possible impact of potential risks to EHI. Each Participant Member further shall review and modify such safeguards to continue protecting EHI in a changing environment of security threats within a reasonable period of time. Additionally, each Participant Member shall be required to implement the following minimum security requirements described below.