Common use of PROCEDURES FOR PRIVACY AND SECURITY Clause in Contracts

PROCEDURES FOR PRIVACY AND SECURITY. In signing this agreement and the corresponding DRA, the PMA attests that the requested CMS Data will be protected as required by applicable law, including but not limited to the HIPAA Privacy and Security Rules at 45 CFR parts 160 and 164, including through the establishment of appropriate administrative technical and physical safeguards to protect the integrity, security, and confidentiality of the data, and to prevent unauthorized use or access to it. Additionally, the PMA acknowledges that various provisions of the U.S. Code, including, but not limited to, the Privacy Act (5 U.S.C. § 552a), 42 U.S.C. 1320d–6 (HIPAA), and Title 18, as well as the corresponding regulations, specify civil and/or criminal penalties that may be applied by applicable law enforcement authorities with respect to various misuse, including wrongful acquisition or use of, data. In signing this agreement, the PMA further affirms that such safeguards will provide a level and scope of security that is not less than the level and scope of security requirements established for federal agencies by the OMB in: OMB Circular No. A-130, Appendix III--Security of Federal Automated Information Systems, Federal Information Processing Standard 200 entitled “Minimum Security Requirements for Federal Information and Information Systems,” and