Safeguarding Protected Health Information a. Screening Information.
i. Outside of incident camps, if Management has employees monitor their health, answer spoken screening questions, or perform temperature checks in relation to COVID-19, the Agency will not keep records of employee’s temperatures or spoken answers to screening questions other than to note that an employee’s temperature was above/below the threshold and whether the employee answered yes to any of the screening questions.
ii. At incident camps where records may be kept, Personal Identifiable Information (PII) or Personal Health Information (PHI) will be properly protected and secured as required by applicable law.
b. Employee test results, illness and recovery status, and reasonable accommodation information.
i. Only those with a need to know will have access to information about an employee’s health related to COVID.
ii. This information is considered Personal Health Information and will be properly protected and secured as required by applicable law.
Safeguarding Protected Health Information. FAI will maintain commercially reasonable and appropriate administrative, technical and physical safeguards, as required by Social Security Act § 1173(d) and 45 Code of Federal Regulation § 164.530(c), to protect against reasonably anticipated threats or hazards to, and to ensure, the security or integrity of Protected Health Information, to protect against reasonably anticipated unauthorized use or disclosure of Protected Health Information, and to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure in violation of this Business Associate Agreement.
Safeguarding Protected Health Information a. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of PHI other than as provided for by the Agreement;
b. Business Associate shall, at its own cost, review and modify its privacy and security safeguarding measures as needed to continue providing reasonable and appropriate protection of PHI and maintain documentation of privacy and security safeguarding measures as required by HIPAA.
c. Business Associate shall cooperate in good faith in response to any reasonable requests from the Covered Entity to discuss, review, inspect, and/or audit Business Associate’s safeguards.
Safeguarding Protected Health Information. Privacy of Protected Health Information. Florida Blue will maintain reasonable and appropriate administrative, physical, and technical safeguards, consistent with 45 C.F.R. § 164.530(c) and any other implementing regulations issued by DHHS that are applicable to Florida Blue as GHP's Business Associate, to protect against reasonably anticipated threats or hazards to and to ensure the security and integrity of Protected Health Information, to protect against reasonably anticipated unauthorized use or disclosure of Protected Health Information, and to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure in violation of this Contract. Security of Electronic Protected Health Information. Florida Blue will develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that Florida Blue creates, receives, maintains, or transmits on behalf of GHP consistent with the Security Rule, 45 C.F.R. Part 164, Subpart C.
Safeguarding Protected Health Information. (a) Business Associate agrees:
(i) To implement appropriate safeguards and internal controls designed to prevent the use or disclosure of Protected Health Information other than as permitted in this Agreement, the Underlying Agreement or by the HIPAA Rules.
(ii) To implement “Administrative Safeguards,” “Physical Safeguards,” and “Technical Safeguards” as defined in the HIPAA Rules designed to protect and secure the confidentiality, integrity, and availability of Electronic Protected Health Information (45 CFR 164.308, 164.310, 164.312). Business Associate shall document policies and procedures for safeguarding Electronic Protected Health Information in accordance with 45 CFR 164.316,as applicable.
(iii) To notify Covered Entity of any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system (“Security Incident”) upon discovery of the Security Incident; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence and attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to Covered Entity shall be required “Unsuccessful Security Incidents” shall include, but not limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any other combination of the above, so long as no such incident results in unauthorized access to, or use and disclosure of PHI.
(b) When a known and confirmed impermissible acquisition, access, use, or disclosure of Protected Health Information (“Breach”) occurs, Business Associate agrees:
(i) To notify the Covered Entity HIPAA Program Management Office within 15 days of discovery of the Breach, and
(ii) Within 15 business days of the discovery of the Breach, provide Covered Entity with all required content of notification in accordance with 45 CFR 164.410 and 45 CFR 164.404, and
(iii) To reasonably cooperate with Covered Entity’s analysis and final determination on whether to notify affected individuals, media, or Secretary of the U.S. Department of Health and Human Services,
(iv) To pay all reasonable actual costs associated with the notification of affected individuals and reasonable actual costs associated with mitigating potential harmful effects to affected individuals.
Safeguarding Protected Health Information. (a) Business Associate agrees:
(i) To implement appropriate safeguards and internal controls to prevent the use or disclosure of Protected Health Information other than as permitted in this Agreement or by the HIPAA Rules.
(ii) To implement “Administrative Safeguards,” “Physical Safeguards,” and “Technical Safeguards” as defined in the HIPAA Rules to protect and secure the confidentiality, integrity, and availability of Electronic Protected Health Information (45 CFR 164.308, 164.310, 164.312). Business Associate shall document policies and procedures for safeguarding Electronic Protected Health Information in accordance with 45 CFR 164.316.
(iii) To notify Covered Entity of any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system (“Security Incident”) upon discovery of the Security Incident.
(b) When an impermissible acquisition, access, use, or disclosure of Protected Health Information (“Breach”) occurs, Business Associate agrees:
(i) To notify Covered Entity’s Chief Privacy Officer immediately upon discovery of the Breach, and
(ii) Within 15 business days of the discovery of the Breach, provide Covered Entity with all required content of notification in accordance with 45 CFR 164.410 and 45 CFR 164.404, and
(iii) To fully cooperate with Covered Entity’s analysis and final determination on whether to notify affected individuals, media, or Secretary of the U.S. Department of Health and Human Services, and
(iv) To pay all costs associated with the notification of affected individuals and costs associated with mitigating potential harmful effects to affected individuals.
Safeguarding Protected Health Information. In accordance with 45 CFR § 164.504(e)(2)(ii)(B) and 45 CFR Part 164, Subpart C, Contractor shall use appropriate safeguards to prevent use or disclosure of PHI, except as provided in this Agreement or as required by law. In accordance with 45 CFR Part 164, Subpart C and 45 CFR § 164.314(a)(2)(i)(A) & (B), Contractor shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI, including electronic PHI, it creates, receives, maintains, or transmits in an electronic format on behalf of DDS to prevent unauthorized access, viewing, use, disclosure or breach of PHI, other than as provided for by this Agreement or required by law. Contractor shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of Contractor’s operations and the nature and scope of its activities, and which incorporates the requirements of Section 7, Security, below.
Safeguarding Protected Health Information. Outside of incident camps, if Management has employees monitor their health, answer screening questions, or perform temperature checks in relation to COVID-19, the Agency will not keep records of employee’s temperatures or answers to screening questions other than to note that an employee’s temperature was above/below the threshold and whether the employee answered yes to any of the screening questions. At incident camps where records may be kept, Personal Identifiable Information (PII) or Personal Health Information (PHI) will be properly protected and secured as required by applicable law.
Safeguarding Protected Health Information. Contractor agrees to use appropriate safeguards to prevent the unauthorized use or disclosure of PHI. Contractor shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI that Contractor creates, receives, maintains or transmits on behalf of the County; and to prevent use or disclosure of protected information other then as provided in this Contract.
(1) Encrypting Electronic PHI that it stores and transmits; (2) Implementing strong access controls, including physical locks, firewalls and strong passwords; (3) Using antivirus software that is upgraded regularly; (4) Adopting contingency planning policies and procedures, including data backup and disaster recovery plans; and (4) Conducting periodic security training.