Common use of Security and Privacy Obligations Clause in Contracts

Security and Privacy Obligations. a. The Organization agrees to reasonably assist Hoag in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. Organization will direct Users to complete the required Data Access & Acceptable Use Agreement for Non-Hoag Workforce Members summarizing their responsibilities and be familiar with applicable Hoag policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag policies shall only apply to the extent Users are accessing Systems. x. Xxxx will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag rules and policies governing privacy and security as provided by Hoag. x. Xxxx reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Hoag, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. Organization agrees to notify the above identified Hoag Access Support Team the same business day if a User has experienced a separation/termination from Organization so that account Access may be terminated immediately. g. Organization agrees to notify the above identified Hoag Access Support Team the same business day for any changes in Access, but in no event will notice be longer than five (5) days after any changes in roles or job function of a User. h. Organization agrees to notify the above identified Hoag Access Support Team the same business day if there is any change of personnel for the above designated Organization Business Contact/Authority, but in no event will notice be longer than five (5) days after any changes in roles or job function. i. Organization will direct Users to contact the above identified Hoag Access Support Team for issues specifically related to failure to access or issues with the application to which they have been granted Access. Organization is responsible for the maintenance and repairs to their own devices, computer systems or network connections, including the connection to Hoag. j. Organization will respond to Hoag periodic User account reviews within five (5) business days. k. Organization agrees that it obtains consent from patients to provide treatment if applicable; the parties agree that the sole purpose of this Agreement is for Hoag to provide Access to Systems for treatment, payment, or health care operations. x. Xxxx may disable User accounts that are inactive for 45 days or longer without notice to Organization. In these situations, Organization shall contact Hoag Member Services to request that Access be reactivated. m. Organization shall ensure that each User is trained and complies with the legal obligations relating to the information to which the User has Access, including but not limited to PHI. n. Organization will ensure that Users do not share login and password information with other individuals. Organization will ensure that Users do not permit login and password to be automatically saved on any computers or devices. Sharing of login and/or password information or permitting such to be automatically saved may result in termination of Access. o. Users will only be granted Access if they are a member of Organization’s Workforce and the forms required by Hoag have been fully executed. p. Organization will ensure Users only access minimum necessary information for which they have a legitimate reason and are authorized by law to access. Organization will ensure Users do not access their own record or records of their family members. q. Organization agrees that it will implement all appropriate safeguards to prevent unauthorized acquisition, access, use or disclosure of PHI received from Hoag hereunder. Organization agrees to comply with all federal and state laws and regulations regarding security and electronic exchange of health information, as currently enacted or amended in the future in connection with any such information received hereunder.

Security and Privacy Obligations. a. The Organization agrees to reasonably assist Hoag Providence in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Providence Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required Data Access & Acceptable Use Agreement for Non-Hoag Workforce Members summarizing their responsibilities and be familiar with applicable Hoag Providence policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag Providence policies shall only apply to the extent Users are accessing Systems. x. Xxxx d. Providence will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag Providence policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag Providence rules and policies governing privacy and security as provided by HoagProvidence. x. Xxxx f. Providence reserves the right to monitor, log, review, and/or audit all data access and use of Systems. HoagProvidence, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. g. Organization agrees to notify the above identified Hoag Providence Access Support Team the same business day if a User has experienced a separation/termination from Organization so that account Access may be terminated immediately. g. h. Organization agrees to notify the above identified Hoag Providence Access Support Team the same business day for any changes in Access, but in no event will notice be longer than five (5) days after any changes in roles or job function of a User. h. i. Organization agrees to notify the above identified Hoag Providence Access Support Team the same business day if there is any change of personnel for the above designated Organization Business Contact/Authority, but in no event will notice be longer than five (5) days after any changes in roles or job function. i. j. Organization will direct Users to contact the above identified Hoag Providence Access Support Team for issues specifically related to failure to access or issues with the application to which they have been granted Access. Organization is responsible for the maintenance and repairs to their own devices, computer systems or network connections, including the connection to HoagProvidence. j. k. Organization will respond to Hoag Providence periodic User account reviews within five (5) business days. k. l. Organization agrees that it obtains consent from patients to provide treatment if applicable; the parties agree that the sole purpose of this Agreement is for Hoag Providence to provide Access to Systems for treatment, payment, or health care operations. x. Xxxx m. Providence may disable User accounts that are inactive for 45 days or longer without notice to Organization. In these situations, situations Organization shall contact Hoag Member Services the above identified Providence Business Liaison/Primary Contact to request that Access be reactivated. m. n. Organization shall ensure that each User is trained and complies with the legal obligations relating to the information to which the User has Access, including but not limited to PHIProtected Health Information. n. o. Organization will ensure that Users do not share login and password information with other individuals. Organization will ensure that Users do not permit login and password to be automatically saved on any computers or devices. Sharing of login and/or password information or permitting such to be automatically saved may result in termination of Access. o. p. Users will only be granted Access if they are a member of Organization’s Workforce and the forms required by Hoag Providence have been fully executed. p. q. Organization will ensure Users only access minimum necessary information for which they have a legitimate reason and are authorized by law to access. Organization will ensure Users do not access their own record or records of their family members. q. r. Organization agrees that it will implement all appropriate safeguards to prevent unauthorized acquisition, access, use or disclosure of PHI Protected Health Information received from Hoag Providence hereunder. Organization agrees to comply with all federal and state laws and regulations regarding security and electronic exchange of health information, as currently enacted or amended in the future in connection with any such information received hereunder.

Security and Privacy Obligations. a. The Organization agrees to reasonably assist Hoag in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. Organization will direct Users to complete the required Data Access & Acceptable Use Agreement for Non-Non- Hoag Workforce Members Employees summarizing their responsibilities and be familiar with applicable Hoag policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag policies shall only apply to the extent Users are accessing Systems. x. Xxxx will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag rules and policies governing privacy and security as provided by Hoag. x. Xxxx reserves the right to monitor, log, review, and/or audit all data access and use of Systems. Hoag, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. Organization agrees to notify the above identified Hoag Access Support Team the same business day if a User has experienced a separation/termination from Organization so that account Access may be terminated immediately. g. Organization agrees to notify the above identified Hoag Access Support Team the same business day for any changes in Access, but in no event will notice be longer than five (5) days after any changes in roles or job function of a User. h. Organization agrees to notify the above identified Hoag Access Support Team the same business day if there is any change of personnel for the above designated Organization Business Contact/Authority, but in no event will notice be longer than five (5) days after any changes in roles or job function. i. Organization will direct Users to contact the above identified Hoag Access Support Team for issues specifically related to failure to access or issues with the application to which they have been granted Access. Organization is responsible for the maintenance and repairs to their own devices, computer systems or network connections, including the connection to Hoag. j. Organization will respond to Hoag periodic User account reviews within five (5) business days. k. Organization agrees that it obtains consent from patients to provide treatment if applicable; the parties agree that the sole purpose of this Agreement is for Hoag to provide Access to Systems for treatment, payment, or health care operations. x. Xxxx may disable User accounts that are inactive for 45 days or longer without notice to Organization. In these situations, situations Organization shall contact the Hoag Clinic Member Services to request that Access be reactivated. m. Organization shall ensure that each User is trained and complies with the legal obligations relating to the information to which the User has Access, including but not limited to PHIProtected Health Information. n. Organization will ensure that Users do not share login and password information with other individuals. Organization will ensure that Users do not permit login and password to be automatically saved on any computers or devices. Sharing of login and/or password information or permitting such to be automatically saved may result in termination of Access. o. Users will only be granted Access if they are a member of Organization’s Workforce and the forms required by Hoag have been fully executed. p. Organization will ensure Users only access minimum necessary information for which they have a legitimate reason and are authorized by law to access. Organization will ensure Users do not access their own record or records of their family members. q. Organization agrees that it will implement all appropriate safeguards to prevent unauthorized acquisition, access, use or disclosure of PHI Protected Health Information received from Hoag hereunder. Organization agrees to comply with all federal and state laws and regulations regarding security and electronic exchange of health information, as currently enacted or amended in the future in connection with any such information received hereunder.

Security and Privacy Obligations. a. The Organization agrees to reasonably assist Hoag Providence in enforcing appropriate security and privacy controls governing the Systems and the information contained therein to which Users are granted Access as described herein. b. If any User makes any change to patient medical information in the System, including documenting services or medical care, the User shall do so in compliance with the applicable bylaws, rules, regulations, policies, and procedures of the Providence Medical/Professional Staff to which the User is a member. c. Organization will direct Users to complete the required Data Request for Access & and Non-Employee Confidentiality/ Non-Disclosure/ Acceptable Use Agreement for Non-Hoag Workforce Members summarizing their responsibilities and be familiar with applicable Hoag Providence policies. Access will not be granted until each User completes the required forms. The parties recognize and agree that Hoag Providence policies shall only apply to the extent Users are accessing Systems. x. Xxxx d. Providence will provide an initial password and login for each unique User. Access to Systems will be granted according to Hoag Providence policies and procedures, and shall comply with applicable federal and state laws, including but not limited to HIPAA or ARRA/HITECH. Each User shall be responsible for his/her login and password and shall not share his/her login and password with anyone else. User may log onto Systems in order to access a patient’s record for treatment, payment, or health care operations. Organization agrees to ensure that workstations and mobile devices (“devices”) with access to any shared data or Systems are not accessible to unauthorized persons. Organization represents that it has policies in place covering the use of devices with respect to Access to PHI. Organization will direct Users not to use any device not managed or approved by Organization to access Systems. Organization will maintain firewall protection on all Internet connections for computers or devices located at Organization’s locations. d. e. The Organization will ensure the use of updated versions of commercially reasonable anti-virus protection on all computers or devices that are used to access Systems. Organization agrees to keep its computers and devices updated with commercially reasonable operating system patches and to use and maintain firewall protection. Organization agrees that when and while remotely connecting to Systems, it is subject to Hoag Providence rules and policies governing privacy and security as provided by HoagProvidence. x. Xxxx f. Providence reserves the right to monitor, log, review, and/or audit all data access and use of Systems. HoagProvidence, in its sole determination, may take action against any unauthorized use or access to Systems, including but, not limited to termination of Organization or User Access, or immediate termination of this Agreement. f. g. Organization agrees to notify the above identified Hoag PH&S Access Support Team the same business day if a User has experienced a separation/termination from Organization so that account Access may be terminated immediately. g. h. Organization agrees to notify the above identified Hoag PH&S Access Support Team the same business day for any changes in Access, but in no event will notice be longer than five (5) days after any changes in roles or job function of a User. h. i. Organization agrees to notify the above identified Hoag PH&S Access Support Team the same business day if there is any change of personnel for the above designated Organization Business Contact/Authority, but in no event will notice be longer than five (5) days after any changes in roles or job function. i. j. Organization will direct Users to contact the above identified Hoag PH&S Access Support Team for issues specifically related to failure to access or issues with the application to which they have been granted Access. Organization is responsible for the maintenance and repairs to their own devices, computer systems or network connections, including the connection to HoagProvidence. j. k. Organization will respond to Hoag PH&S periodic User account reviews within five (5) business days. k. l. Organization agrees that it obtains consent from patients to provide treatment if applicable; the parties agree that the sole purpose of this Agreement is for Hoag Providence to provide Access to Systems for treatment, payment, or health care operations. x. Xxxx m. Providence may disable User accounts that are inactive for 45 days or longer without notice to Organization. In these situations, situations Organization shall contact Hoag Member Services the above identified Providence Business Liaison/Primary Contact to request that Access be reactivated. m. n. Organization shall ensure that each User is trained and complies with the legal obligations relating to the information to which the User has Access, including but not limited to PHIProtected Health Information. n. o. Organization will ensure that Users do not share login and password information with other individuals. Organization will ensure that Users do not permit login and password to be automatically saved on any computers or devices. Sharing of login and/or password information or permitting such to be automatically saved may result in termination of Access. o. p. Users will only be granted Access if they are a member of Organization’s Workforce and the forms required by Hoag Providence have been fully executed. p. q. Organization will ensure Users only access minimum necessary information for which they have a legitimate reason and are authorized by law to access. Organization will ensure Users do not access their own record or records of their family members. q. r. Organization agrees that it will implement all appropriate safeguards to prevent unauthorized acquisition, access, use or disclosure of PHI Protected Health Information received from Hoag Providence hereunder. Organization agrees to comply with all federal and state laws and regulations regarding security and electronic exchange of health information, as currently enacted or amended in the future in connection with any such information received hereunder.