Common use of Obligations and Activities of Contractor Clause in Contracts

Obligations and Activities of Contractor. A. Contractor will develop, document, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of, and to prevent non-permitted use or disclosure of, PHI created or received for or from the Plan. B. Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to Contractor of a use or disclosure of PHI by Contractor in violation of the requirements of this BA Agreement. C. Contractor agrees to report to Covered Entity, without unreasonable delay and in any event within thirty (30) days, any use or disclosure of the PHI not provided for by this BA Agreement or otherwise in writing by the Plan. Contractor shall maintain a written log recording the date, name of Covered Person and description of PHI for all such unauthorized use or disclosure and shall submit such log to the Plan Sponsor semiannually and by request. Contractor agrees to directly provide notice to any effected participants in the event of a Breach and to send a written log each such Breach and notice to participants to the Covered Entity within thirty (30) days of notification. Contractor agrees to notify participants in accordance with the guidelines and standards set forth by the Department of Health and Human Services under the American Reinvestment & Recovery Act and the HITECH Act. D. Contractor will require that any agent, including a subcontractor, to whom it provides PHI as permitted by this BA Agreement (or as otherwise permitted with the Plan’s prior written approval), agrees to the same restrictions and conditions that apply through this BA Agreement to Contractor with respect to such information. E. Contractor agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Contractor on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Rules. F. Contractor agrees to implement administrative, physical, and technical safeguards (as set forth in the Security Rule) that reasonably and appropriately protect the confidentiality and integrity (as set forth in the Security Rule), and the availability of Electronic PHI, if any, that Contractor creates, receives, maintains, or transmits electronically on behalf of Covered Entity. Contractor agrees to establish and maintain security measures sufficient to meet the safe harbor requirements established pursuant to ARRA by making data unreadable, indecipherable, and unusable upon receipt by an unauthorized person. Contractor agrees to provide adequate training to its staff concerning HIPAA and Contractors responsibilities under HIPAA. G. Contractor agrees to report to Covered Entity any Security Incident of which Contractor becomes aware. H. Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect such information.

Obligations and Activities of Contractor. A. In consideration of the PHI of customers and clientele that will be provided by TotalWellness to Contractor, as required for Contractor will developto perform the Services under this Agreement, documentand in order to protect such PHI as required by HIPAA, implementHITECH and any agreement between TotalWellness and any third-party, maintain and Contractor agrees to: a. Not use or disclose the PHI other than as permitted or required by this Agreement or as Required By Law. b. Use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of, and to prevent non-permitted use or disclosure of, of the PHI created or received other than as provided for or from the Planby this Agreement. B. Contractor agrees to mitigatec. Mitigate, to the extent practicable, any harmful effect that is becomes known to Contractor of a use or disclosure of PHI by Contractor in violation of the requirements of this BA Agreement. C. Contractor agrees d. Report to report to Covered Entity, without unreasonable delay and TotalWellness in any event within thirty (30) days, writing any use or disclosure of the PHI not provided for by this BA Agreement or otherwise in writing by the Plan. of which Contractor shall maintain a written log recording the date, name of Covered Person and description of PHI for all such unauthorized use or disclosure and shall submit such log to the Plan Sponsor semiannually and by request. Contractor agrees to directly provide notice to any effected participants in the event of a Breach and to send a written log each such Breach and notice to participants to the Covered Entity becomes aware within thirty (30) two business days of notification. Contractor agrees to notify participants in accordance with becoming aware of the guidelines and standards set forth by the Department of Health and Human Services under the American Reinvestment & Recovery Act and the HITECH Actsame. D. Contractor will require e. Ensure that any agent, including a subcontractoran independent contractor to the Contractor, to whom it Contractor provides PHI as permitted received from, or created or received by this BA Agreement (or as otherwise permitted with the Plan’s prior written approval)Contractor on behalf of, TotalWellness, agrees in writing, prior to the provision of such PHI to the agent, to the same restrictions and conditions that apply through this BA Agreement to Contractor with respect to such information. E. f. Make available, at the request of TotalWellness and in such time and manner as may be reasonably requested by TotalWellness, PHI in a Designated Record Set to the extent required under 45 CFR 164.524. If Contractor maintains an Electronic Health Record, Contractor agrees to make provide such information in electronic format in accordance with 42 USC 17935(e). g. Make available PHI in a Designated Record Set for amendment and incorporate any amendments to PHI, at the request of TotalWellness and in such time and manner as may be reasonably requested by TotalWellness, in accordance with 45 CFR 164.526. h. Document such disclosures of PHI and information related to such disclosures as would be required for a Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR 164.528 and to provide the same at the request of TotalWellness and in such time and manner as may be reasonably requested by TotalWellness, in order that an accounting of disclosures may be timely provided in accordance with 45 CFR 164.528. i. Make its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Contractor on behalf of, Covered Entity TotalWellness available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, Secretary for purposes of the Secretary determining a Covered Entity’s compliance with the HIPAA RulesPrivacy Rule and to TotalWellness in such time and manner as may be reasonably requested by TotalWellness for purposes of TotalWellness determining Contractor’s compliance with this Agreement. F. Contractor agrees to implement j. Implement administrative, physical, physical and technical safeguards (as set forth in the Security Rule) that reasonably and appropriately protect the confidentiality confidentiality, integrity and integrity (as set forth in the Security Rule), and the availability of Electronic PHI, if any, electronic PHI that Contractor creates, receives, maintains, or transmits electronically on behalf of Covered Entity. Contractor agrees to establish and maintain security measures sufficient to meet the safe harbor requirements established pursuant to ARRA by making data unreadable, indecipherable, and unusable upon receipt by an unauthorized person. Contractor agrees to provide adequate training to its staff concerning HIPAA and Contractors responsibilities under HIPAATotalWellness. G. Contractor agrees to report to Covered Entity any Security Incident of which Contractor becomes aware. H. Contractor agrees to ensure k. Ensure that any agent, including a subcontractoran independent contractor to the Contractor, to whom it Contractor provides Electronic PHI, or with whom Contractor contracts to create, receive, maintain or transmit Electronic PHI, agrees in writing, prior to the provision of such Electronic PHI to the agent, to implement reasonable and appropriate safeguards to protect such informationElectronic PHI. l. Comply with the policies and procedures and documentation requirements of the HIPAA Security Rule, including but not limited to, 45 CFR 164.316. m. Report to TotalWellness in writing any security incident of which Contractor becomes aware within two business days of becoming aware of the same.

Obligations and Activities of Contractor. A. 2.1 Contractor will develop, document, implement, maintain and agrees to not use or further disclose Protected Health Information other than as permitted or required by the Agreement or as Required by Law. 2.2 Contractor agrees to use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of, and to prevent non-permitted use or disclosure of, PHI created or received of the Protected Health Information other than as provided for or from the Planby this Agreement. B. 2.3 Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to Contractor of a use or disclosure of PHI Protected Health Information by Contractor in violation of the requirements of this BA Agreement. C. 2.4 Contractor agrees to report to Covered Entity, without unreasonable delay and in any event within thirty (30) days, Entity any use or disclosure of the PHI Protected Health Information not provided for by this BA Agreement or otherwise in writing by the Plan. Contractor shall maintain a written log recording the date, name of Covered Person and description of PHI for all such unauthorized use or disclosure and shall submit such log to the Plan Sponsor semiannually and by request. which it becomes aware. 2.5 Contractor agrees to directly provide notice to any effected participants in the event of a Breach and to send a written log each such Breach and notice to participants to the Covered Entity within thirty (30) days of notification. Contractor agrees to notify participants in accordance with the guidelines and standards set forth by the Department of Health and Human Services under the American Reinvestment & Recovery Act and the HITECH Act. D. Contractor will require ensure that any agent, including a subcontractor, to whom it provides PHI as permitted Protected Health Information received from, or created or received by this BA Agreement (or as otherwise permitted with the Plan’s prior written approval)Contractor on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this BA Agreement to Contractor with respect to such information. E. 2.6 Contractor agrees to provide access, at the request of Covered Entity, and in the time and manner designated by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524. 2.7 Contractor agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity. 2.8 Contractor agrees to make internal practices, books, and records relating to the use and disclosure of PHI Protected Health Information received from, or created or received by Contractor on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Rules.Covered F. 2.9 Contractor agrees to implement administrative, physical, document such disclosures of Protected Health Information and technical safeguards (information related to such disclosures as set forth in the Security Rule) that reasonably and appropriately protect the confidentiality and integrity (as set forth in the Security Rule), and the availability of Electronic PHI, if any, that Contractor creates, receives, maintains, or transmits electronically on behalf of would be required for Covered Entity. Contractor agrees Entity to establish and maintain security measures sufficient respond to meet the safe harbor requirements established pursuant to ARRA by making data unreadable, indecipherable, and unusable upon receipt a request by an unauthorized person. Individual for an accounting of disclosures of Protected Health Information in accordance with CFR § 164.528. 2.10 Contractor agrees to provide adequate training to its staff concerning HIPAA and Contractors responsibilities under HIPAA. G. Contractor agrees to report to Covered Entity any Security Incident or an Individual, in time and manner designated by Covered Entity, information collected in accordance with Section 2.9 of which Contractor becomes aware. H. Contractor agrees to ensure that any agent, including a subcontractorthis Agreement, to whom it provides Electronic PHI, agrees permit Covered Entity to implement reasonable and appropriate safeguards respond to protect such informationa request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.

Obligations and Activities of Contractor. A. Contractor will develop, document, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of, and to prevent non-non- permitted use or disclosure of, PHI created or received for or from the Plan. B. Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to Contractor of a use or disclosure of PHI by Contractor in violation of the requirements of this BA Agreement. C. Contractor agrees to report to Covered Entity, without unreasonable delay and in any event within thirty (30) days, any use or disclosure of the PHI not provided for by this BA Agreement or otherwise in writing by the Plan. Contractor shall maintain a written log recording the date, name of Covered Person and description of PHI for all such unauthorized use or disclosure and shall submit such log to the Plan Sponsor semiannually and by request. Contractor agrees to directly provide notice to any effected participants in the event of a Breach and to send a written log each such Breach and notice to participants to the Covered Entity within thirty (30) days of notification. Contractor agrees to notify participants in accordance with the guidelines and standards set forth by the Department of Health and Human Services under the American Reinvestment & Recovery Act and the HITECH Act. D. Contractor will require that any agent, including a subcontractor, to whom it provides PHI as permitted by this BA Agreement (or as otherwise permitted with the Plan’s prior written approval), agrees to the same restrictions and conditions that apply through this BA Agreement to Contractor with respect to such information. E. Contractor agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Contractor on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Rules. F. Contractor agrees to implement administrative, physical, and technical safeguards (as set forth in the Security Rule) that reasonably and appropriately protect the confidentiality and integrity (as set forth in the Security Rule), and the availability of Electronic PHI, if any, that Contractor creates, receives, maintains, or transmits electronically on behalf of Covered Entity. Contractor agrees to establish and maintain security measures sufficient to meet the safe harbor requirements established pursuant to ARRA by making data unreadable, indecipherable, and unusable upon receipt by an unauthorized person. Contractor agrees to provide adequate training to its staff concerning HIPAA and Contractors responsibilities under HIPAA. G. Contractor agrees to report to Covered Entity any Security Incident of which Contractor becomes aware. H. Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect such information.