OBLIGATIONS AND ACTIVITIES OF RECIPIENT. A. Permitted Uses of MNPS Student Data and Information (“SDI”). Recipient shall only use or disclose SDI as required to execute the services.
OBLIGATIONS AND ACTIVITIES OF RECIPIENT a. Permitted Uses of MBPE Student Data and Information (“SDI”). Recipient shall not use or disclose SDI other than as permitted or required by this Contract or as permitted or required by the Family Educational Rights and Privacy Act (“FERPA”), 34 C.F.R. §99 et. seq and the Children’s Online Privacy Protection Act of 1998 (COPPA) 15 U.S.C. § 6501-6506.
OBLIGATIONS AND ACTIVITIES OF RECIPIENT. A. Permitted Uses of KCS Student Data and Information (“SDI”). Recipient shall only use or disclose SDI as required to execute the services.
OBLIGATIONS AND ACTIVITIES OF RECIPIENT. In return for the provision of the Data by Provider, Recipient agrees:
A. To use or disclose the Data received from Provider as permitted under this Agreement only in connection with the following activity (the “Research”):
B. To permit only the following individuals (the “Authorized Users”) to access and use the Data on behalf of the Recipient for the purposes of the Research: ____________________________________________________________________________________________________________________________________________________________
C. To ensure that any Authorized Users understand, acknowledge, and will comply with the terms of this Agreement.
D. To not further disclose or use the Data for any purpose other than the Research or as required by law, unless specifically permitted by Provider.
E. To use appropriate administrative, technical, and physical safeguards to assure the confidentiality of the Data and prevent uses or disclosures other than as provided for by this Agreement. Recipient shall treat the Data with at least the same degree of care as Recipient treats its own confidential or sensitive information.
F. To report to Provider any use or disclosure of the Data not provided for by this Agreement of which it becomes aware, including without limitation, any disclosure of Data to an unauthorized third party, within X (X) days of its discovery.
G. To not use the Data alone or with other information to re-identify the individuals, or their family members, from whom the Data were derived, and will not contact the individual or family members under any circumstances.
H. To ensure that any Authorized User, including a subcontractor, or other third party to whom it provides the Data or any extract of the Data agrees to the same restrictions and conditions that apply through this Agreement to the Recipient with respect to such information.
I. That the Data requested represents the minimum information necessary to reasonably accomplish the Research.
J. That Recipient, to the extent necessary, has secured approval from its institutional review board, or an equivalent institutional research review body, to use the Data as provided for in this Agreement.
K. To comply with all applicable federal, state, and local laws, regulations, guidelines, and institutional policies pertaining to, or governing, the use of the Data or the activities conducted pursuant to the Research. This includes, , _______________.
L. To permit Recipient to conduct an inspection of the Rec...
OBLIGATIONS AND ACTIVITIES OF RECIPIENT. Recipient shall:
(a) not use or further disclose the Limited Data Set other than as permitted or required by this Agreement or by law;
(b) not re-identify the Limited Data Set, nor attempt to contact any individual who is the subject of the Limited Data Set provided to Recipient by Woman’s Hospital Foundation;
(c) use appropriate safeguards to prevent the use or disclosure of the Limited Data Set other than as provided for by this Agreement;
(d) report to Woman’s Hospital Foundation any use or disclosure of the Limited Data Set, that is not provided for by this Agreement, of which the Recipient becomes aware; and
(e) ensure that any agent, including a subcontractor, to whom the Recipient provides the Limited Data Set received from Woman’s Hospital Foundation, agrees to the same restrictions and conditions that apply through this Agreement to the Recipient with respect to such information.
OBLIGATIONS AND ACTIVITIES OF RECIPIENT. RECIPIENT agrees to comply with applicable federal and District confidentiality and security laws, including, but not limited to the Privacy Rule and Security Rule and the following:
a. RECIPIENT agrees not to use or disclose PHI or ePHI (other than as permitted or required by this DUA or as Required By Law.
b. RECIPIENT agrees to use appropriate safeguards and comply with administrative, physical, and technical safeguards requirements described at 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316 as required by § 13401 of the Health Information Technology Economic and Clinical Health Act (“HITECH”), enacted as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”)(Pub.L 111-5, 123 Stat 115) approved February 17, 2009, to maintain the security of the PHI and to prevent use or disclosure of such PHI other than as provided for by this DUA. RECIPIENT acknowledges that, pursuant to § 13401 of the HITECH, RECIPIENT must comply with the Security Rule and privacy provisions detailed in this DUA. The additional requirements of § 13401 of HITECH that relate to security and apply to a Covered Entity shall also apply to RECIPIENT and shall be incorporated into this an agreement between RECIPIENT and DHCF. RECIPIENT shall be directly liable for any violations of this DUA or HIPAA Regulations. A summary of HIPAA Security Standards for the Protection of ePHI, found at Appendix A to Subpart C or 45 C.F.R. Part 164 is as follows: Security Management Process 164.308(a)(1) Risk Analysis (R) Risk Management (R) Sanction Policy (R) Information System Activity Review (R) Workforce Security 164.308(a)(3) Authorization and/or Supervision (A) Workforce Clearance Procedure Termination Procedures (A) Information Access Management 164.308(a)(4) Isolating Health care Clearinghouse Function (R) Access Authorization (A) Access Establishment and Modification (A) Security Awareness and Training 164.308(a)(5) Security Reminders (A) Protection from Malicious Software (A) Log-in Monitoring (A) Password Management (A) Contingency Plan 164.308(a)(7 Data Backup Plan (R) Disaster Recovery Plan (R) Emergency Mode Operation Plan (R) Testing and Revision Procedure (A) Applications and Data Criticality Analysis (A) Business Associate Contracts and Other Arrangement 164.308(b)(1) Written Contract or Other Arrangement (R) Facility Access Controls 164.310(a)(1) Contingency Operations (A) Facility Security Plan (A) Access Control and Validation Procedures (A) Maintenance Records (A) Devic...
OBLIGATIONS AND ACTIVITIES OF RECIPIENT. Recipient agrees not to use or disclose the Limited Data Set for any purpose other than the Research Project or as may be required by Law. Recipient agrees to use appropriate safeguards to prevent use or disclosure of the Limited Data Set other than as provided for by this Agreement. Recipient agrees to report to the Covered Entity any use or disclosure of the Limited Data Set not provided for by this Agreement of which it becomes aware, including without limitation, any disclosure of PHI to an unauthorized subcontractor, within ten (10) days of its discovery. Recipient agrees to ensure that any agent, including subcontractor, to whom it provides the Limited Data Set agrees to the same restrictions and conditions that apply herein to the Recipient with respect to such information. Recipient agrees not to identify the information contained in the Limited Data Set or contact the individual. Recipient will indemnify, defend and hold harmless Covered Entity and Covered Entity’s affiliates, their respective trustees, officers, directors, employees, students, and agents (“Indemnitees”) from and against any claim, cause of action, liability, damage, cost or expense (including, without limitation, reasonable attorney’s fees and court costs) arising out of or in connection with any unauthorized or prohibited use or disclosure of the Limited Data Set or any other breach of this Agreement by Recipient or any subcontractor, agent or person under Recipient’s control.
OBLIGATIONS AND ACTIVITIES OF RECIPIENT a. Permitted Uses of BTCS Student Data and Information (“SDI”). Recipient shall not use or disclose SDI other than as permitted or required by this Contract or as permitted or required by the Family Educational Rights and Privacy Act (“FERPA”), 34 C.F.R. §99 et. seq and the Children’s Online Privacy Protection Act of 1998 (COPPA) 15 U.S.C. § 6501- 6506. Recipient shall regard all SDI as confidential and shall not disclose SDI to any third party unless the third party is an “Authorized Disclosee.” Authorized Disclosees are: 1) third parties with whom BTCS has a current Data Use and Integration Security Contract;
OBLIGATIONS AND ACTIVITIES OF RECIPIENT. 3.1 Non-disclosure: Recipient will not use or disclose a Limited Data Set other than as permitted or required by this Agreement or as required by law or as otherwise authorized by Mayo.
OBLIGATIONS AND ACTIVITIES OF RECIPIENT
