Common use of Protection of Private Information Clause in Contracts

Protection of Private Information. Agent understands and acknowledges that, while performing services under this Agreement, Agent may receive from UnitedHealthcare, or create or receive on behalf of UnitedHealthcare, certain information that is defined as “Protected Health Information” (“PHI”) under the privacy regulations issued under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or “nonpublic personal information” under the Xxxxx-Xxxxx-Xxxxxx Act and implementing regulations (“GLB”), or both. To the extent Agent provides services or assistance to UnitedHealthcare and requires access to PHI in order to perform such services or act on behalf of UnitedHealthcare, Agent shall be considered a Business Associate of UnitedHealthcare and Agent shall agree to the terms of subsections (a) through (i) of Section 2.10 of this Agreement regarding Agent’s use and disclosure of this information. To the extent Agent is not acting on behalf of or at the direction of UnitedHealthcare, Agent shall not be considered a Business Associate of UnitedHealthcare. Regardless of whether Agent is considered a Business Associate of UnitedHealthcare, Agent agrees that it will use or disclose PHI it receives from, or is created or received on behalf of, UnitedHealthcare and nonpublic personal information (“Personal Information”) received from or created or received on behalf of UnitedHealthcare, only to the extent to which HIPAA, GLB or other federal or state privacy laws applicable to UnitedHealthcare would permit UnitedHealthcare to use or disclose the information. Agent acknowledges that being considered a Business Associate of UnitedHealthcare does not automatically entitle Agent to access certain PHI and Personal Information and that UnitedHealthcare may deny broker access to PHI and Personal Information or condition such access on Agent meeting certain requirements, at UnitedHealthcare’s discretion. With regard to its use or disclosure of PHI or Personal Information, Agent agrees, represents and warrants to UnitedHealthcare that Agent will: not use or further disclose any PHI or Personal Information, except as permitted by this Agreement or as Required By Law; maintain and use appropriate safeguards at all times to prevent PHI or Personal Information from being used or disclosed, except as permitted by this Agreement or Required By Law; and ensure that any subcontractor or agent to whom Agent provides any PHI or Personal Information agrees, in writing, to abide by the same conditions and restrictions with regard to the PHI or Personal Information that apply to Agent, including, without limitation, all of the requirements of this Section 2.10, subsections (a) through (i). With regard to its use or disclosure of PHI, Agent hereby agrees, represents and warrants to UnitedHealthcare that Agent will, in the time and manner designated by UnitedHealthcare: report promptly to UnitedHealthcare if Agent becomes aware of any use or disclosure of any PHI that is not permitted by this Agreement; mitigate, to the extent practicable, any harmful effect caused by Agent’s violation of the terms of this Agreement; make available to UnitedHealthcare (or to an Individual, if directed to do so by UnitedHealthcare) PHI in a Designated Record Set, so that UnitedHealthcare may respond to an Individual’s Request For Access to information about the Individual in accord with the HIPAA privacy regulation; Amend or correct PHI in a Designated Record Set in accord with the HIPAA privacy regulation; document disclosures of PHI and information related to disclosures by Agent that will permit for UnitedHealthcare to respond to a request from an Individual for an Accounting of Disclosures of PHI in accord with the HIPAA privacy regulations; make available to UnitedHealthcare (or to an Individual, if directed to do so by UnitedHealthcare) the information documented under subsection (b)(5) above, that would permit UnitedHealthcare to respond to a request from an Individual for an Accounting of Disclosures, in accordance with the HIPAA privacy regulations; and make its internal practices, books and records relating to the use and disclosure of PHI available to UnitedHealthcare and the Secretary of Health and Human Services (“the Secretary”) for purposes of determining UnitedHealthcare's compliance with the HIPAA privacy regulations. Information provided under this subsection must be provided in the time and manner designated by the Secretary, as well as in the time and manner designated by UnitedHealthcare. With regard to its use and/or disclosure of electronic protected health information (“EPHI”), as such term is defined by the Security Standards published on February 20, 2003 at 68 Fed. Reg. 8334 et seq. (45 C.F.R. Parts 160, 162 and 164) as hereafter amended (“HIPAA Security Rule”), Agent shall: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Agent creates, receives, maintains or transmits on behalf of UnitedHealthcare; Ensure that any and all of our subcontractors or agents to whom Agent provides EPHI agrees, in writing, to implement reasonable and appropriate safeguards to protect such EPHI; and Report to UnitedHealthcare any Security Incident (as defined in 45 CFR Section 164.304) relating to EPHI of which Agent become aware, in accordance with its standard reporting procedures. From and after the compliance date applicable to UnitedHealthcare with respect to the Standards for Electronic Transactions and Code Sets promulgated at 45 CFR parts 160 and 162 (EDI Rules), Agent will take all steps necessary and appropriate to ensure that Agent complies with the applicable provisions of the EDI Rules. Each term and condition of this Section 2.10 that is required by HIPAA or GLB is effective on the date the applicable HIPAA regulations and/or GLB apply to UnitedHealthcare or this Agreement, respectively. When this Agreement terminates, regardless of the reason, Agent must return to UnitedHealthcare or destroy all PHI and Personal Information, and retain no copies in any form whatsoever. This provision applies to PHI and/or Personal Information that is in the possession of subcontractors, vendors or agents of Agent. Unless otherwise specified in this Agreement, all capitalized terms in this Agreement not otherwise defined have the meaning established by HIPAA, as amended from time to time. UnitedHealthcare and Agent agree to take such action as is necessary to amend this Agreement from time to time as is necessary for UnitedHealthcare to comply with the requirements of HIPAA, the HIPAA privacy regulations, HIPAA Security Rule, GLB and other federal and state privacy and consumer rights laws and regulations applicable to UnitedHealthcare. Agent agrees to cooperate with and assist UnitedHealthcare in order for UnitedHealthcare to meet its obligations under applicable privacy laws and regulations. This Section 2.10 survives termination of this Agreement. The terms and conditions of this section required by HIPAA shall be construed in light of any applicable interpretation of or guidance on the HIPAA privacy regulation or Security Rule issued by the Secretary from time to time. Any ambiguity in this Section 2.10 shall be resolved in favor of a meaning that permits UnitedHealthcare to comply with applicable laws and regulations. ARRA

Protection of Private Information. Agent understands and acknowledges that, while performing services under this Agreement, Agent may receive from UnitedHealthcare, or create or receive on behalf of UnitedHealthcare, certain information that is defined as “Protected Health Information” (“PHI”) under the privacy regulations issued under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or “nonpublic personal information” under the Xxxxx-Xxxxx-Xxxxxx Act and implementing regulations (“GLB”), or both. To the extent Agent provides services or assistance to UnitedHealthcare and requires access to PHI in order to perform such services or act on behalf of UnitedHealthcare, Agent shall be considered a Business Associate of UnitedHealthcare and Agent shall agree to the terms of subsections (a) through (i) of Section 2.10 of this Agreement regarding Agent’s use and disclosure of this information. To the extent Agent is not acting on behalf of or at the direction of UnitedHealthcare, Agent shall not be considered a Business Associate of UnitedHealthcare. Regardless of whether Agent is considered a Business Associate of UnitedHealthcare, Agent agrees that it will use or disclose PHI it receives from, or is created or received on behalf of, UnitedHealthcare and nonpublic personal information (“Personal Information”) received from or created or received on behalf of UnitedHealthcare, only to the extent to which HIPAA, GLB or other federal or state privacy laws applicable to UnitedHealthcare would permit UnitedHealthcare to use or disclose the information. Agent acknowledges that being considered a Business Associate of UnitedHealthcare does not automatically entitle Agent to access certain PHI and Personal Information and that UnitedHealthcare may deny broker access to PHI and Personal Information or condition such access on Agent meeting certain requirements, at UnitedHealthcare’s discretion. With regard to its use or disclosure of PHI or Personal Information, Agent agrees, represents and warrants to UnitedHealthcare that Agent will: not use or further disclose any PHI or Personal Information, except as permitted by this Agreement or as Required By Law; maintain and use appropriate safeguards at all times to prevent PHI or Personal Information from being used or disclosed, except as permitted by this Agreement or Required By Law; and ensure that any subcontractor or agent to whom Agent provides any PHI or Personal Information agrees, in writing, to abide by the same conditions and restrictions with regard to the PHI or Personal Information that apply to Agent, including, without limitation, all of the requirements of this Section 2.10, subsections (a) through (i). With regard to its use or disclosure of PHI, Agent hereby agrees, represents and warrants to UnitedHealthcare that Agent will, in the time and manner designated by UnitedHealthcare: report promptly to UnitedHealthcare if Agent becomes aware of any use or disclosure of any PHI that is not permitted by this Agreement; mitigate, to the extent practicable, any harmful effect caused by Agent’s violation of the terms of this Agreement; make available to UnitedHealthcare (or to an Individual, if directed to do so by UnitedHealthcare) PHI in a Designated Record Set, so that UnitedHealthcare may respond to an Individual’s Request For Access to information about the Individual in accord with the HIPAA privacy regulation; Amend or correct PHI in a Designated Record Set in accord with the HIPAA privacy regulation; document disclosures of PHI and information related to disclosures by Agent that will permit for UnitedHealthcare to respond to a request from an Individual for an Accounting of Disclosures of PHI in accord with the HIPAA privacy regulations; make available to UnitedHealthcare (or to an Individual, if directed to do so by UnitedHealthcare) the information documented under subsection (b)(5) above, that would permit UnitedHealthcare to respond to a request from an Individual for an Accounting of Disclosures, in accordance with the HIPAA privacy regulations; and make its internal practices, books and records relating to the use and disclosure of PHI available to UnitedHealthcare and the Secretary of Health and Human Services (“the Secretary”) for purposes of determining UnitedHealthcare's compliance with the HIPAA privacy regulations. Information provided under this subsection must be provided in the time and manner designated by the Secretary, as well as in the time and manner designated by UnitedHealthcare. With regard to its use and/or disclosure of electronic protected health information (“EPHI”), as such term is defined by the Security Standards published on February 20, 2003 at 68 Fed. Reg. 8334 et seq. (45 C.F.R. Parts 160, 162 and 164) as hereafter amended (“HIPAA Security Rule”), Agent shall: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that Agent creates, receives, maintains or transmits on behalf of UnitedHealthcare; Ensure that any and all of our subcontractors or agents to whom Agent provides EPHI agrees, in writing, to implement reasonable and appropriate safeguards to protect such EPHI; and Report to UnitedHealthcare any Security Incident (as defined in 45 CFR Section 164.304) relating to EPHI of which Agent become aware, in accordance with its standard reporting procedures. From and after the compliance date applicable to UnitedHealthcare with respect to the Standards for Electronic Transactions and Code Sets promulgated at 45 CFR parts 160 and 162 (EDI Rules), Agent will take all steps necessary and appropriate to ensure that Agent complies with the applicable provisions of the EDI Rules. Each term and condition of this Section 2.10 that is required by HIPAA or GLB is effective on the date the applicable HIPAA regulations and/or GLB apply to UnitedHealthcare or this Agreement, respectively. When this Agreement terminates, regardless of the reason, Agent must return to UnitedHealthcare or destroy all PHI and Personal Information, and retain no copies in any form whatsoever. This provision applies to PHI and/or Personal Information that is in the possession of subcontractors, vendors or agents of Agent. Unless otherwise specified in this Agreement, all capitalized terms in this Agreement not otherwise defined have the meaning established by HIPAA, as amended from time to time. UnitedHealthcare and Agent agree to take such action as is necessary to amend this Agreement from time to time as is necessary for UnitedHealthcare to comply with the requirements of HIPAA, the HIPAA privacy regulations, HIPAA Security Rule, GLB and other federal and state privacy and consumer rights laws and regulations applicable to UnitedHealthcare. Agent agrees to cooperate with and assist UnitedHealthcare in order for UnitedHealthcare to meet its obligations under applicable privacy laws and regulations. This Section 2.10 survives termination of this Agreement. The terms and conditions of this section required by HIPAA shall be construed in light of any applicable interpretation of or guidance on the HIPAA privacy regulation or Security Rule issued by the Secretary from time to time. Any ambiguity in this Section 2.10 shall be resolved in favor of a meaning that permits UnitedHealthcare to comply with applicable laws and regulations. ARRA.