Security and Privacy Obligations Sample Clauses

Security and Privacy Obligations a. The Organization agrees to reasonably assist Hoag in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. Organization will direct Users to complete the required Data Access & Acceptable Use Agreement for Non-Hoag Workforce Members summarizing their responsibilities and be familiar with applicable Hoag policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag policies shall only apply to the extent Users are accessing Systems. x. Xxxx will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag rules and policies governing privacy and security as provided by Hoag. x. Xxxx reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Hoag, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. Organization agrees to notify the abo...
AutoNDA by SimpleDocs
Security and Privacy Obligations. Master Subscription Agreement - Domestic 3 Last revised on: 10/16/18
Security and Privacy Obligations a. Rock represents, warrants and covenants that it has, and agrees to maintain, an information security program containing appropriate measures to protect all the data that it receives and/or stores in connection with this Agreement and performing the Services, including, without limitation, Customer information, Personal Information and any data provided by Vroom hereunder, against accidental or unlawful destruction, alteration, unauthorized disclosure or access consistent with applicable laws and in conformity with data processing industry standards and all applicable laws, rules and regulations. In addition, Rock shall implement and maintain physical, logical, administrative, managerial and technical safeguards, controls and measures in accordance with industry standards, relative to the sensitivity of the data involved. b. Without limiting the foregoing, the Parties acknowledge and agree that Rock is a service provider for the purposes of the CCPA. Rock certifies that it understands the rules, restrictions, requirements and definitions of the CCPA and agrees to refrain from taking any action that would cause any transfers of Personal Information to or from Rock to qualify as a sale of Personal Information under the CCPA. Rock acknowledges and confirms that it does not receive any Personal Information from Vroom as consideration for any services or other items provided to Vroom. Rock shall not sell any such Personal Information. Rock shall not retain, use or disclose any Personal Information provided by Vroom or otherwise received by Rock pursuant to the Services, except as necessary for the specific purpose of performing the Services for Vroom pursuant to this Agreement or otherwise as set forth in this Agreement or as permitted by the CCPA. Rock shall assist Vroom with any requests received from individuals under the CCPA or other similar data protection laws and shall, pursuant to Section 10 hereof, defend, indemnify and hold Vroom harmless from any claims relating to Rock’s breach of the foregoing or applicable data protection laws. The terms “sale,” and “sell” are as defined in Section 1798.140 of the CCPA. c. Rock represents, warrants and covenants that it has implemented a mature information security management program that incorporates the key elements and protections of a mature industry IS framework such as ISO 27000, COBIT, BITS, NIST, etc. Without limiting the foregoing, Rock represents, warrants and covenants that it is responsible for meet...
Security and Privacy Obligations a. The Organization agrees to reasonably assist Swedish in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Swedish Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required HIM Managed Epic Access Request form. User Access will not be granted until the User completes the required form. d. Swedish will provide access information for each unique User. Access to Systems will be granted according to Swedish policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Swedish rules and policies governing privacy and security as provided by Swedish. f. Swedish reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Swedish, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or Us...
Security and Privacy Obligations 

Related to Security and Privacy Obligations

  • Security and Privacy Security and privacy policies for the Genesys Cloud Service addressing use of Customer Data, which are incorporated by reference and may be updated from time to time in accordance with Section 10.12 of the Agreement, are located at xxxxx://xxxx.xxxxxxxxxxx.xxx/articles/purecloud-security-compliance/.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Data Privacy and Security Laws The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Company has taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data” as defined by GDPR; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies: (i) it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!