Common use of Protection of Personally Identifiable Information and Protected Health Information Clause in Contracts

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR shall adhere to all existing and future federal, state, and local laws, rules, and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTOR. (2) CONTRACTOR shall ensure that its staff is trained to its privacy and security policies and procedures and that appropriate physical, technological, and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information of which it becomes aware. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing services. (4) CONTRACTOR will be responsible for all costs associated with CONTRACTOR’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach.

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR shall adhere to all existing and future federal, state, state and local laws, rules, rules and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTOR. (2) CONTRACTOR shall ensure that its staff is trained to its privacy and security policies and procedures and that appropriate physical, technological, technological and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information of which that it becomes aware. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing servicesaware of. (4) CONTRACTOR will be responsible for all costs associated with CONTRACTOR’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County COUNTY of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach.

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR shall adhere to all existing and future federal, state, state and local laws, rules, rules and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTOR. (2) CONTRACTOR shall ensure that its staff is trained to its privacy and security policies and procedures and that appropriate physical, technological, technological and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information of which that it becomes aware. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing servicesaware of. (4) CONTRACTOR will be responsible for all costs associated with CONTRACTOR’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach. (5) All desktop and laptop computers, as well other similar type computer systems, used by CONTRACTOR shall be encrypted using the same encryption algorithm described above. All data in transit shall require the same encryption. Storage of COUNTY data on removable portable storage is prohibited. (6) Upon termination of this agreement, CONTRACTOR shall purge all COUNTY data from all CONTRACTOR systems using a forensic grade deletion that conforms to US Department of Defense DoD 5220.22-M (E) standards. CONTRACTOR shall reimburse the COUNTY for all associated costs of a breach, including but not limited to reporting costs and associated penalties the COUNTY must bear.

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR CITY is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR CITY shall adhere to all federal, state state, and local laws, rules rules, and regulations protecting the privacy of such information. CONTRACTOR CITY shall adhere to all existing and future federal, state, and local laws, rules, and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTORCITY. Additionally, CITY shall only access, use, or disclose COUNTY Protected Information if such access, use, or disclosure is expressly permitted by the terms of its agreement with COUNTY. Any other access, use or disclosure of COUNTY Protected Information is prohibited. Examples of prohibited accesses, uses and disclosures include, but are not limited to: the removal of confidential files, documents, or devices containing COUNTY Protected Information from a COUNTY facility; the unauthorized transmission of COUNTY Protected Information via email, fax, or other means; and the discussion of such information with other individuals (including other CITY or COUNTY employees) who do not have a COUNTY-approved business reason to obtain the information. (2) CONTRACTOR CITY shall ensure that its staff is and any third-party organizations or individuals that it engages to perform services in conjunction with the terms if this agreement are trained to its privacy and security policies policies, as well as Paragraph 15 of this agreement; and procedures and that appropriate physical, technological, and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR CITY shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR CITY agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information of which it becomes aware. This includes instances wherein CONTRACTOR CITY encounters unsecured Protected Information in areas where CONTRACTOR CITY employees are performing services. (4) CONTRACTOR CITY will be responsible for all costs associated with CONTRACTORCITY’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County COUNTY of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules rules, or regulations applicable at the time of the breach.

Protection of Personally Identifiable Information and Protected Health Information. (1) To the extent CONTRACTOR GRANTEE is provided, creates, or has access to, Protected Health Information (PHI), Personally Identifiable Information (PII), or any other legally protected confidential information or data in any form or matter (collectively referred to as “Protected Information”), CONTRACTOR GRANTEE shall adhere to all federal, state and local laws, rules and regulations protecting the privacy of such information. CONTRACTOR GRANTEE shall adhere to all existing and future federal, state, state and local laws, rules, rules and regulations regarding the privacy and security of Protected Information, including, but not limited to, laws and regulations requiring data encryption or policy and awareness programs for the protection of COUNTY Protected Information provided to, or accessed or created by, CONTRACTORby GRANTEE. (2) CONTRACTOR GRANTEE shall ensure that its staff is trained to its privacy and security policies and procedures and that appropriate physical, technological, technological and administrative safeguards are in place to protect the confidentiality of COUNTY’s Protected Information, including, but not limited to, PHI and PII. Upon request, CONTRACTOR GRANTEE shall make available to COUNTY its policies and procedures, staff training records and other documentation of compliance with this Paragraph 15. (3) CONTRACTOR GRANTEE agrees to notify COUNTY immediately of any unauthorized access to or disclosure of Protected Information of which it becomes aware. This includes instances wherein CONTRACTOR encounters unsecured Protected Information in areas where CONTRACTOR employees are performing services. (4) CONTRACTOR GRANTEE will be responsible for all costs associated with CONTRACTORXXXXXXX’s breach of the security and privacy of COUNTY’s Protected Information, or its unauthorized access to or disclosure of COUNTY’s Protected Information, including, but not limited to, mitigation of the breach, cost to the County of any monetary sanctions resulting from breach, notification of individuals affected by the breach, and any other action required by federal, state, or local laws, rules or regulations applicable at the time of the breach.