Obligations and Responsibilities of Customer. (a) Customer will comply fully with its obligations under the HIPAA Rules.
(b) Customer will not place any restrictions in a notice of privacy practices under 45 CFR 164.520 that will conflict with applicable law or Splunk’s obligations under this BAA. Customer agrees that any reports, notifications or other notice by Splunk pursuant to this BAA may be made electronically. Customer will provide Splunk with the designated contact information for reporting purposes (e.g., name, email address, etc.) and will update it as needed during the term of this BAA.
(c) Customer will notify Splunk of any changes in, or revocation of, the permission by an Individual to Use or Disclose Protected Health Information, to the extent that such changes may affect Splunk’s Use or Disclosure of Protected Health Information.
(d) Customer will notify Splunk of any restriction on the Use or Disclosure of Protected Health Information that Customer has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Splunk’s Use or Disclosure of Protected Health Information.
(e) Customer will be responsible for implementing appropriate privacy and security safeguards to protect its Protected Health Information in compliance with its obligations under HIPAA. Without limitation, it is Customer’s responsibility to implement privacy and security safeguards in the systems, applications and software the Customer controls, configures, or otherwise makes accessible in connection with the Agreement and uploads to Splunk.
(f) Customer will not ask Splunk to Use or Disclose Protected Health Information in any manner that would be impermissible under Subpart E of 45 CFR Part 164 if done by Customer (or Customer’s Covered Entity, if applicable). Nothing herein will restrict Splunk from using Protected Health Information for Data Aggregation or management, administration and legal responsibilities of Splunk as permitted by this BAA.
Obligations and Responsibilities of Customer. 3.1. The Customer shall (i) provide Magnolia with all necessary co-operation in relation to this Agreement and all necessary access to such information as may be required by Magnolia in order to provide the Services; (ii) inform Magnolia at least 20 Business Days in advance of any Traffic Spike; (iii) inform Magnolia of any security issue relating to the Services as soon as possible but not later than 24 hours after knowledge of such security issue; (iv) upgrade the Software in accordance with Magnolia’s instructions and within the applicable time periods, whereby Minor Releases must be deployed not later than 30 days upon the release and Major Releases not later than 60 days after the release; (v) deploy security updates in accordance with Magnolia’s instructions as soon as possible; (vi) comply with all applicable laws and regulations with respect to its activities under this Agreement; (vii) be responsible for Authorised Users compliance with this Agreement; (viii) ensure that its network and systems comply with the relevant specifications provided by Magnolia from time to time; (ix) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Magnolia's data centres; and
Obligations and Responsibilities of Customer
