Common use of Privacy; Confidentiality Clause in Contracts

Privacy; Confidentiality. Subcontractor understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontract, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shall, and shall require Provider to notify U nited and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor i) Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's ’s information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("“HIPAA"”), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 434, 42 CFR 438.6 (if applicable), and A.A.C. R9-22-512, as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. . ii) Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. . iii) Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shall, and Provider shall require Provider to notify U nited United and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontract, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shall, and shall require Provider to notify U nited United and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons Members is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered PersonMember's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons Members in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 438.3 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member Member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shall, and Provider shall require Provider to notify U nited United and the Department of any breach of confidential information related to Covered Persons Members within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor (i) Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's ’s information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("“HIPAA"”), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 434, 42 CFR 438.6 (if applicable), and A.A.C. R9-22-512 as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. . (ii) Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. . (iii) Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shallProvider shall notify Health Plan, and shall require Provider to notify U nited Subcontractor, and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Health Plan, Subcontractor and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Health Plan, Subcontractor, and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge acknowledges that, in some cases, Provider it will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shallProvider shall notify Subcontractor, and shall require Provider to notify U nited Health Plan and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Subcontractor, Health Plan and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Subcontractor, Health Plan and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-de- identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Rule and 42 CFR 431, Subpart F. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Provider shall notify Subcontractor shalland/or Health Plan, and shall require Provider to notify U nited as applicable, and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Subcontractor and/or Health Plan, and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Subcontractor and/or Health Plan and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-de- identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shallProvider shall notify Subcontractor, and shall require Provider to notify U nited Health Plan and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Subcontractor, Health Plan and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Subcontractor, Health Plan and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor i) Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's ’s information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("“HIPAA"”), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 434, 42 CFR 438.6 (if applicable), and A.A.C. R9-22-512, as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. . ii) Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. . iii) Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Provider shall notify Health Plan and/or Subcontractor shall, and shall require Provider to notify U nited and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Health Plan and/or Subcontractor and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Health Plan and/or Subcontractor and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor (a) Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's ’s information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("“HIPAA"”), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 434; 42 CFR 438.6 (if applicable), and A.R.S. §36-2932, and AHCCCS Rules, as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. . (b) Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. . (c) Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shallProvider shall notify Health Plan, and shall require Provider to notify U nited Subcontractor, and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Health Plan, Subcontractor, and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Health Plan, Subcontractor, and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-de- identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Provider shall notify Subcontractor shalland/or Health Plan, and shall require Provider to notify U nited as applicable, and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Subcontractor and/or Health Plan, and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Subcontractor and/or Health Plan and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's Persons’ information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department HCA and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are P r o v i d e r is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-de- identification of protected health information is performed in compliance with the HIPAA Privacy Rule. Federal and State Medicaid regulations, and some other federal f e d e r a l and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Provider shall notify Carrier, Subcontractor shall, and shall require Provider to notify U nited and the Department HCA of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Carrier, Subcontractor and the Department HCA with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Carrier, Subcontractor and the Department HCA to ensure that the breach has been mitigated and reporting requirements, if any, complied with.

Privacy; Confidentiality. Subcontractor (a) Provider understands and shall require that Provider understand that the use and disclosure of information concerning Covered Persons is restricted to purposes directly connected with the administration of the State Program and shall maintain the confidentiality of Covered Person's ’s information and records as required by the State Contract and in federal and State law including, but not limited to, all applicable privacy, security and Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 ("“HIPAA"”), Public Law 104-191, and associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as applicable and as may be amended from time to time, and shall safeguard information about Covered Persons in accordance with applicable federal and State privacy laws and rules including but not limited to 42 CFR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F; 42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time. Subcontractor will require that Provider further acknowledge that, in some cases, Provider will have access to information on individuals with whom Provider has no treatment or other relationship. In such cases Provider will abide by all requirements under HIPAA and ensure that the confidentiality of such information is fully maintained. . (b) Access to member identifying information shall be limited by Subcontractor and/or Provider to persons or agencies that require the information in order to perform their duties in accordance with the Agreement and Subcontractthis Agreement, including the U.S. Department of Health and Human Services (HHS), the Department and other individuals or entities as may be required. (See 42 CFR §431.300, et seq. and 45 CFR Parts 160 and 164.) Any other party shall be granted access to confidential information only after complying with the requirements of state and federal laws, including but not limited to HIPAA, and regulations pertaining to such access. Subcontractor and Provider are is responsible for knowing and understanding the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall prohibit the disclosure of information in summary, statistical or other form that does not identify particular individuals, provided that de-identification of protected health information is performed in compliance with the HIPAA Privacy Rule. . (c) Federal and State Medicaid regulations, and some other federal and State laws and regulations, including but not limited to those listed above, are often more stringent than the HIPAA regulations. Subcontractor shallProvider shall notify Health Plan, and shall require Provider to notify U nited Subcontractor, and the Department of any breach of confidential information related to Covered Persons within the time period required by applicable federal and State laws and regulations following actual knowledge of a breach, including any use or disclosure of confidential information, any breach of unsecured PHI, and any Security Incident (as defined in HIPAA regulations) and provide United Health Plan, Subcontractor, and the Department with an investigation report within the time period required by applicable federal and State laws and regulations following the discovery. Subcontractor and/or Provider shall work with United Health Plan, Subcontractor, and the Department to ensure that the breach has been mitigated and reporting requirements, if any, complied with.