Security of Electronic PHI. If applicable, Business Associate shall take reasonable and necessary measures to comply with the Security Rule as set forth in HIPAA, including but not limited to:
Security of Electronic PHI. Subcontractor shall develop, implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of all electronic PHI received from, or created or received by Subcontractor on behalf of, the University, which pertains to an Individual. As of the Compliance Date of 42 USC §17931, Subcontractor shall comply with the requirements set forth in 45 CFR §§164.308, 164.310, 164.312 and 164.316.
Security of Electronic PHI. If Business Associate will receive, maintain, or transmit Electronic PHI on behalf, Business Associate will also comply and will require each subcontractor involved in such activity to comply with each applicable requirement of the regulations at 45 CFR Parts 160 and 164 governing the security of EPHI (the Business Associate shall, among other requirements:
17.1 Implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of such EPHI including but not limited to the encryption safeguards set forth in the HITECH Act and its implementing regulations (reference Section 18.3 herein);
17.2 Ensure that any agent, including a subcontractor, to whom it provides EPHI, agrees to implement reasonable and appropriate safeguards to protect it in accordance with the Security Standards; and
17.3 Keep a log of all attempted and successful Security Incidents and report to Covered Entity any successful Security Incident of which it becomes aware through its security practices, which shall include, but not be limited to, a regular review of such logs. Business Associate will also provide Covered Entity with access to the log of all unsuccessful Security Incidents upon at least thirty
Security of Electronic PHI. Per-Se shall report to Customer any Security Incident with respect to Electronic PHI of which it becomes aware and which has compromised the protections set forth in the Security Rule. This reporting obligation does not include trivial occurrences, such as scans, “pings” or unsuccessful attempts to penetrate computer networks or servers containing PHI maintained by Per-Se; provided that, upon Customer's written request, Per-Se will provide an aggregate report of the number of such trivial occurrences.
Security of Electronic PHI. To fulfill its obligations under the Security Rule, Business Associate agrees to do the following:
(a) Establish and maintain appropriate administrative, physical and technical safeguards, as provided in 45 CFR §§ 164.308, 164.310, and 164.312, respectively, that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI.
(b) Follow generally accepted system security principles and the requirements of the Security Rule.
(c) Establish and maintain appropriate policies and procedures and documentation, as provided in 45 CFR §164.316.
(d) Ensure that any agent, including a subcontractor, to whom it provides Electronic PHI, agrees to implement reasonable and appropriate safeguards to protect such Electronic PHI.
(e) Report any Security Incident to Covered Entity within ten (10) business days of becoming aware of such Security Incident.
Security of Electronic PHI. Business Associate agrees to: (1) implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity; (2) ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect it; and (3) report to the Covered Entity any security incidents of which it becomes aware.
Security of Electronic PHI. BUSINESS ASSOCIATE shall Use and implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of PHI and/ or Electronic PHI that it creates, receives, maintains, or transmits on behalf of COMPANY as required by the Security Rule, 45 C.F.R. Part 164, Subpart C, and as required by the HITECH ACT. BUSINESS ASSOCIATE shall also develop and implement policies and procedures and meet the Security Rule documentation requirements as required by the HITECH ACT.
Security of Electronic PHI. COMPANY shall report to CUSTOMER any Security Incident with respect to Electronic PHI of which it becomes aware and which has compromised the protections set forth in the Security Rule. This reporting obligation does not include trivial occurrences, such as scans, “pings” or unsuccessful attempts to penetrate computer networks or servers containing PHI maintained by COMPANY; provided that, upon CUSTOMER’s written request, COMPANY will provide an aggregate report of the number of such trivial occurrences.
Security of Electronic PHI. McKesson shall report to Customer any Security Incident with respect to Electronic PHI of which it becomes aware and which has compromised the protections set forth in the Security Rule. This reporting obligation does not include trivial occurrences, such as scans, “pings” or unsuccessful attempts to penetrate computer networks or servers containing PHI maintained by McKesson; provided that, upon Customer's written request, McKesson will provide an aggregate report of the number of such trivial occurrences.
Security of Electronic PHI. MegaEasy shall report to Customer any Security Incident with respect to Electronic PHI of which it becomes aware and which has compromised the protections set forth in the Security Rule. This reporting obligation does not include trivial occurrences, such as scans, “pings” or unsuccessful attempts to penetrate computer networks or serves containing PHI maintained by MegaEasy; provided that, upon Customer’s written request, Megaeasy will provide an aggregate report of the number of such trivial occurrences.
