Common use of Safeguarding EPHI Clause in Contracts

Safeguarding EPHI. Contractor agrees to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the City. These safeguards shall include the following: a) Encryption of EPHI that Contractor stores and transmits; b) Implementation of strong access controls, including physical locks, firewalls, and strong passwords; c) Use of updated antivirus software; d) Adoption of contingency planning policies and procedures, including data backup and disaster recovery plans; and e) Conduct of periodic security training.

Safeguarding EPHI. Contractor agrees to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the CityDepartment or Board. These safeguards shall include the following: a) Encryption of EPHI that Contractor stores and transmits; b) Implementation of strong access controls, including physical locks, firewalls, and strong passwords; c) Use of updated antivirus software; d) Adoption of contingency planning policies and procedures, including data backup and disaster recovery plans; and e) Conduct of periodic security training.

Safeguarding EPHI. Contractor Provider agrees to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the CityCounty. These safeguards shall include the following: a) Encryption of EPHI that Contractor Provider stores and transmits; b) Implementation of strong access controls, including physical locks, firewalls, and strong passwords; c) Use of updated antivirus software; d) Adoption of contingency planning policies and procedures, including data backup and disaster recovery plans; and e) Conduct of periodic security training.