Security Rule Obligations The following provisions of this section apply to the extent that Business Associate creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity.
17.1 Business Associate shall implement and use administrative, physical, and technical safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312 with respect to the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall identify in writing upon request from Covered Entity all of the safeguards that it uses to protect such Electronic PHI.
17.2 Business Associate shall ensure that any Agent and Subcontractor to whom it provides Electronic PHI agrees in a written agreement to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of the Electronic PHI. Business Associate must enter into this written agreement before any use or disclosure of Electronic PHI by such Agent or Subcontractor. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the use or disclosure of Electronic PHI. Business Associate shall provide a copy of the written agreement to Covered Entity upon request. Business Associate may not make any disclosure of Electronic PHI to any Agent or Subcontractor without the prior written consent of Covered Entity.
17.3 Business Associate shall report in writing to Covered Entity any Security Incident pertaining to such Electronic PHI (whether involving Business Associate or an Agent or Subcontractor). Business Associate shall provide this written report as soon as it becomes aware of any such Security Incident, and in no case later than two (2) business days after it becomes aware of the incident. Business Associate shall provide Covered Entity with the information necessary for Covered Entity to investigate any such Security Incident.
17.4 Business Associate shall comply with any reasonable policies and procedures Covered Entity implements to obtain compliance under the Security Rule.
Privacy Rule “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 Code of Federal Regulations Part 160 and Part 164, Subparts A and E.
Business Associate Obligations Business Associate agrees to comply with applicable federal confidentiality and security laws, specifically the provisions of the HIPAA Rules and the HITECH Act applicable to business associates, including:
2.1 Use and Disclosure of PHI. Except as otherwise permitted by this Agreement, the HIPAA Rules, or applicable law, Business Associate shall not make any uses or disclosures of PHI except as necessary to provide services to, or on behalf of, Covered Entity as described in the Underlying Agreement, and shall not use or disclose PHI that would violate the HIPAA Rules or HITECH Act if used or disclosed by Covered Entity; provided, however, Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities, consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate may not use or disclose PHI which it creates, receives, maintains or transmits for or on behalf of the Covered Entity for any purpose except as otherwise provided by the Agreement and this BAA. Business Associate agrees to review and understand any state privacy and security laws to the extent that such laws are not preempted by HIPAA, as may be amended from time to time. Business Associate acknowledges that it shall comply specifically with the HIPAA Security Rule, and, to the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under the Privacy Rule, it shall comply with the requirements of the Privacy Rule which apply to Covered Entity in the performance of such obligation(s). Business Associate shall in such cases:
2.1.1 provide information to members of its workforce using or disclosing PHI regarding the confidentiality requirements in the HIPAA Rules and this Agreement;
2.1.2 obtain reasonable assurances, in writing from the person or entity to whom the PHI is disclosed that: (i) the PHI will be held in confidence and further used and disclosed only as required by law or for the purpose for which it was disclosed to the person or entity; and (ii) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and
2.1.3 agree to notify the Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules or HITECH Act.
2.2 Marketing; Sale of PHI. Business Associate may not use or disclose PHI for marketing purposes. Marketing includes any communication which would encourage the recipient to use or purchase a product or service. Business Associate may not use or disclose PHI where it has directly or indirectly received remuneration, financial or otherwise, from or on behalf of the recipient of the PHI in exchange for the PHI. “Sale” is not limited to circumstances where a transfer of ownership occurs, and would include access, license or lease agreements.
Nondisclosure Obligations 2.1 Confidential Information of Disclosing Party shall be used by the Receiving Party solely for the purpose of evaluating whether or not the Receiving Party wishes to enter into an agreement for purchase of assets of the Disclosing Party and shall not be used for any other purpose. Receiving Party shall hold the Disclosing Party’s Confidential Information in strictest confidence at all times in perpetuity and shall not disclose Confidential Information without the prior written consent of Disclosing Party. Receiving party may disclose Disclosing Party’s Confidential Information to Receiving Party’s employees, representatives, agents and consultants on a need-to-know basis provided that such employees and consultants shall have executed appropriate written agreements with such party to ensure compliance with all the provisions of this Agreement. Receiving Party agrees to take all reasonable measures to protect the Confidential Information from falling into the public domain or the possession of persons other than those persons authorized to have any such Confidential Information, which measures shall include the highest degree of care that such party utilizes to protect its own information of a similar nature, but in no event less than a reasonable degree of care.
2.2 Nothing in this Agreement shall prohibit Receiving Party from disclosing Confidential Information if legally required to do so by judicial or governmental order or in a judicial or governmental proceeding (“Required Disclosure”); provided that the disclosing party shall (i) give the other party prompt notice of such Required Disclosure prior to disclosure; (ii) cooperate with the other party in the event that it elects to contest such disclosure or seek a protective order with respect thereto, and/or (iii) in any event only disclose the exact Confidential Information, or portion thereof, specifically requested by the Required Disclosure.
Disclosure Obligations LAUSD expects Contractors and their Representatives to satisfy the following public disclosure obligations:
Non-Disclosure Obligations 12.1 During the term of this Agreement, the parties may disclose certain Confidential Information to each other in the performance of their rights and obligations under this Agreement. Without the prior written authorization of the disclosing party, the receiving party shall not use or copy any Confidential Information for any purpose other than as specifically authorized by this Agreement, and shall not transfer or disclose any Confidential Information to any person, except for the purposes of performing its obligations and exercising its rights in accordance with this Agreement to the necessary extent. The receiving party shall take steps necessary or appropriate to protect Confidential Information against unauthorized disclosure or use, including, without limitation, ensuring that each of its personnel and any Authorized Users with access to Confidential Information is aware of and complies with the non-disclosure obligations set out in this Section. The receiving party shall promptly notify the disclosing party of any unauthorized disclosure or use of any Confidential Information that comes to the receiving party’s attention, and shall take all action that the disclosing party reasonably requests to prevent any further unauthorized use or disclosure of it. Each party expressly acknowledges and agrees that, except as specifically provided in this Agreement, at no time shall it acquire or retain, or appropriate for its own use, any right, title or interest in or to any Confidential Information of the other party.
12.2 The obligations set out in Section 12.1 shall not apply to the extent, that any Confidential Information (i) becomes generally available to the public through no fault of the receiving party; (ii) is or has been disclosed to the receiving party, directly or indirectly, by any person that is under no obligation of non-disclosure to the disclosing party or an affiliate of the disclosing party; or (iii) is required to be disclosed under any applicable law, rule, regulation or governmental order.
12.3 Notwithstanding the termination of this Agreement, each party shall continue to abide by the terms of the non- disclosure obligations with respect to Confidential Information as set out in this Section and indemnification as set out in Section 12.2 hereof.
Nondisclosure Obligation All Information disclosed by one Party to the other Party hereunder shall be maintained in confidence by the receiving Party and shall not be disclosed to any Third Party or used for any purpose except as set forth herein without the prior written consent of the disclosing Party, except to the extent that such Information:
4.1.1 is known by the receiving Party at the time of its receipt, and not through a prior disclosure by the disclosing Party, as documented by the receiving Party’s business records;
4.1.2 is in the public domain by use and/or publication before its receipt from the disclosing Party, or thereafter enters the public domain through no fault of the receiving Party;
4.1.3 is subsequently disclosed to the receiving Party by a Third Party who may lawfully do so and is not under an obligation of confidentiality to the disclosing Party;
4.1.4 is developed by the receiving Party independently of Information received from the disclosing Party, as documented by the receiving Party’s business records;
4.1.5 is disclosed to governmental or other regulatory agencies in order to obtain patents on Inventions in accordance with Article 7 herein or to gain or maintain approval to conduct clinical trials on Compound or Product or to market Product, but such disclosure may be only to the extent reasonably necessary to obtain such patents or approvals;
4.1.6 is deemed necessary by Merck to be disclosed to Related Parties, agent(s), consultant(s), and/or other Third Parties for any and all purposes Merck and its Affiliates deem necessary or advisable in the ordinary course of business to achieve the objectives of this Agreement on the condition that such Third Parties agree to be bound by confidentiality and non-use obligations that substantially are no less stringent than those confidentiality and non-use provisions contained in this Agreement; provided, however, that the term of confidentiality for such Third Parties shall be no less than ten (10) years; or
4.1.7 is deemed necessary by counsel to the receiving Party to be disclosed to such Party’s attorneys, independent accountants or financial advisors for the sole purpose of enabling such attorneys, independent accountants or financial advisors to provide advice to the receiving Party, on the condition that such attorneys, independent accountants and financial advisors agree to be bound by the confidentiality and non-use obligations contained in this Agreement; provided, however, that the term of confidentiality for such attorneys, independent accountants and financial advisors shall be no less than ten (10) years.
4.1.8 is deemed necessary by the receiving Party to be disclosed to such Party’s executives, management and other advisors, including but not limited to members of the Board of Directors and/or Scientific Advisory Board, consultants, bankers, lenders, existing and prospective bona fide investors, and prospective merger and/or acquisition partners (“Representatives”) on the following conditions: [***]. Any combination of features or disclosures shall not be deemed to fall within the foregoing exclusions merely because individual features are published or available to the general public or in the rightful possession of the receiving Party unless the combination itself and principle of operation are published or available to the general public or in the rightful possession of the receiving Party. If a Party is required by judicial or administrative process (including a request for discovery received in an arbitration or litigation proceeding), or by a statute, regulation or rule of law (e.g., securities laws, rules and regulations), to disclose information that is subject to the non-disclosure provisions of this Section 4.1 or Section 4.2, such Party shall promptly inform the other Party of the disclosure that is being sought in order to provide the other Party an opportunity to challenge or limit the disclosure obligations. Information that is disclosed by judicial or administrative process shall remain otherwise subject to the confidentiality and non-use provisions of this Section 4.1 and Section 4.2, and the Party disclosing information pursuant to law or court order shall take all steps reasonably necessary, including without limitation obtaining an order of confidentiality, to ensure the continued confidential treatment of such information. The Parties will consult and cooperate fully with each other on the provisions of this Agreement to be redacted in any filings made by the Parties with the Securities and Exchange Commission or similar governmental agency in the U.S. or abroad, or as otherwise required by law.
Non-Disclosure Obligation Except as required by court order, subpoena, or Applicable Law, neither Party shall disclose to third parties any confidential or proprietary information regarding the other Party’s business affairs, finances, technology, processes, plans or installations, product information, know-how, or other information that is received from the other Party pursuant to this Agreement or the Parties’ relationship prior thereto or is developed pursuant to this Agreement, without the express written consent of the other Party, which consent shall not be unreasonably withheld. The Parties shall at all times use their respective reasonable efforts to keep all information regarding the terms and conditions of this Agreement confidential and shall disclose such information to third Persons only as reasonably required for the permitting of the Project; financing the development, construction, ownership, operation and maintenance of the Plant; or as reasonably required by either Party for performing its obligations hereunder and if prior to such disclosure, the disclosing Party informs such third Persons of the existence of this confidentiality obligation and only if such third Persons agree to maintain the confidentiality of any information received. This Article 13 shall not apply to information that was already in the possession of one Party prior to receipt from the other, that is now or hereafter becomes a part of the public domain through no fault of the Party wishing to disclose, or that corresponds in substance to information heretofore or hereafter furnished by third parties without restriction on disclosure.
Recipient Obligations 2.1 The Recipient agrees to support the Project in accordance with this Agreement.
2.2 In supporting the Project, the Recipient must:
(a) exercise reasonable diligence, care and skill;
(b) administer the Funding in accordance with the Agreement to support the Fellow to complete the Project;
(c) not replace the Fellow named in the Application with another person;
(d) complete the Project Deliverables by the relevant Deliverable due dates. This includes the provision of the required Reports, Financial Acquittal Statements and valid tax invoices;
(e) ensure that the Fellow completes the Project Milestones annually;
(f) ensure it makes the Recipient Contribution to the Project as per the Application and summarised in Item 11 of Schedule 1;
(g) ensure the Partners provide the Partner Contributions to the Project as per the Application and summarised in Item 12 of Schedule 1;
(h) ensure that the Project expenditure is managed in accordance with the project expenditure table in the Application;
(i) notify the Department within 20 Business Days of any matter that may affect the Fellow or Recipient’s eligibility for funding under the Guidelines, including but not limited to:
(i) the Fellow ceasing employment with the Recipient;
(ii) the Fellow moving residence to outside of Queensland;
(iii) the Fellow travelling outside of Queensland for more than six weeks;
(iv) the Fellow taking extended leave or being unable to undertake the Project for an extended period;
(v) the Fellow changing the proportion of their time committed to the Project;
(vi) the Recipient Contributions or Partner Contributions changing;
(vii) the Project Partner organisations changing; and
(viii) the Project expenditure changing.
(j) ensure that (where relevant):
(i) the Project complies with National Health and Medical Research Council Guidelines;
(ii) the Project complies with the Code of Ethical Practice for Biotechnology in Queensland;
(iii) the Project is cleared by all relevant ethical committees prescribed by the Recipient organisation’s research rules; and
(iv) evidence of compliance with this clause is provided, if requested by the Department;
(k) not assign, transfer or subcontract its obligations, without prior written consent of the Department;
(l) notify the Department of any breach of these terms or any matter that may affect the performance of the Agreement; and
(m) comply with all relevant laws.
PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.
13 A. DEFINITIONS
