Common use of Protection of Personally Identifiable Information and Protected Health Information Clause in Contracts

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR shall adhere to all existing and future federal, state and local laws, rules and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTOR. Additionally, CONTRACTOR shall only access, use or disclose County Protected Information if such access, use, or disclosure is expressly permitted by the terms of its agreement with County. Any other access, use or disclosure of County Protected Information is prohibited. Examples of prohibited accesses, uses and disclosures include, but are not limited to: the removal of confidential files, documents or devices containing County Protected Information from a County facility; the unauthorized transmission of County Protected Information via email, fax or other means; and the discussion of such information with other individuals (including other CONTRACTOR or County employees) who do not have a County approved business reason to obtain the information. (2) CONTRACTOR shall ensure that its staff and any third party organizations or individuals that it engages to perform services in conjunction with the terms if this agreement are trained to its privacy and security policies, as well as Paragraph 15 of this agreement; and procedures and that appropriate physical, technological and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information. Upon request, CONTRACTOR shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information that it becomes aware of. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing services. (4) CONTRACTOR will be responsible for all costs associated with CONTRACTOR’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach.

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR shall adhere to all existing and future federal, state and local laws, rules and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTOR. Additionally, CONTRACTOR shall only access, use or disclose County Protected Information if such access, use, or disclosure is expressly permitted by the terms of its agreement with County. Any other access, use or disclosure of County Protected Information is prohibited. Examples of prohibited accesses, uses and disclosures include, but are not limited to: the removal of confidential files, documents or devices containing County Protected Information from a County facility; the unauthorized transmission of County Protected Information via email, fax or other means; and the discussion of such information with other individuals (including other CONTRACTOR or County employees) who do not have a County approved business reason to obtain the information. (2) CONTRACTOR shall ensure that its staff and any third party organizations or individuals that it engages to perform services in conjunction with the terms if this agreement are is trained to its privacy and security policies, as well as Paragraph 15 of this agreement; policies and procedures and that appropriate physical, technological and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information that it becomes aware of. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing services. (4) CONTRACTOR will be responsible for all costs associated with CONTRACTOR’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach.

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR shall adhere to all existing and future federal, state and local laws, rules and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTOR. Additionally, CONTRACTOR shall only access, use or disclose County Protected Information if such access, use, or disclosure is expressly permitted by the terms of its agreement with County. Any other access, use or disclosure of County Protected Information is prohibited. Examples of prohibited accesses, uses and disclosures include, but are not limited to: the removal of confidential files, documents or devices containing County Protected Information from a County facility; the unauthorized transmission of County Protected Information via email, fax or other means; and the discussion of such information with other individuals (including other CONTRACTOR or County employees) who do not have a County approved business reason to obtain the information. (2) CONTRACTOR shall ensure that its staff and any third party organizations or individuals that it engages to perform services in conjunction with the terms if this agreement are is trained to its privacy and security policies, as well as Paragraph 15 of this agreement; policies and procedures and that appropriate physical, technological and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 152.15. (3) CONTRACTOR agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information that it becomes aware of. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing services. (4) CONTRACTOR will be responsible for all costs associated with CONTRACTOR’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach.