Common use of Security of Electronic Protected Health Information Clause in Contracts

Security of Electronic Protected Health Information. (a) Business Associate has implemented policies and procedures to ensure that its receipt, maintenance, or transmission of “electronic protected health information” (as defined in 45 C.F.R. §160.103) (“ePHI”) on behalf of SBBC complies with the applicable administrative, physical, and technical safeguards required for protecting the confidentiality and integrity of ePHI under the Security Standards 45 C.F.R. Part 160 and 164 subpart C. (b) Business Associate agrees that it will ensure that agents or subcontractors agree to implement the applicable administrative, physical, and technical safeguards required to protect the confidentiality and integrity of ePHI under the Security Standards 45 C.F.R. Part 164. (c) Business Associate agrees to report to SBBC all Security Incidents (as defined 45 C.F.R. Part 164.304 and in accordance with applicable Florida law) of which it becomes aware. Business Associate agrees to report the Security Incident to SBBC as soon as reasonably practicable, but not later than 10 business days from the date the Business Associate becomes aware of the incident. (d) SBBC agrees and understands that SBBC is independently responsible for the security of ePHI in its possession or for ePHI that it receives from outside sources including “Business Associate”.

Security of Electronic Protected Health Information. (a) Business Associate has implemented policies and procedures to ensure that its receipt, maintenance, or transmission of “electronic protected health information” (as defined in 45 C.F.R. §160.103) (“ePHI”) on behalf of SBBC complies with the applicable administrative, physical, and technical safeguards required for protecting the confidentiality and integrity of ePHI under the Security Standards in 45 C.F.R. Part 160 and 164 subpart C. (b) Business Associate agrees that it will ensure that its agents or subcontractors agree to implement the applicable administrative, physical, and technical safeguards required to protect the confidentiality and integrity of ePHI under the Security Standards pursuant to 45 C.F.R. Part 164. (c) Business Associate agrees to report to SBBC all Security Incidents (as defined by 45 C.F.R. Part 164.304 and in accordance with applicable Florida law) of which it becomes aware. Business Associate agrees to report the Security Incident to SBBC as soon as reasonably practicable, but not later than 10 business days from the date the Business Associate becomes aware of the incident. (d) SBBC agrees and understands that SBBC is independently responsible for the security of ePHI in its possession or for ePHI that it receives from outside sources including “Business Associate”.

Security of Electronic Protected Health Information. (a) Business Associate has implemented policies and procedures to ensure that its receipt, maintenance, or transmission of “electronic protected health information” (as defined in 45 C.F.R. §160.103) (“ePHI”) on behalf of SBBC complies with the applicable administrative, physical, and technical safeguards required for protecting the confidentiality and integrity of ePHI under the Security Standards in 45 C.F.R. Part 160 and 164 subpart C. (b) Business Associate agrees that it will ensure that its agents or subcontractors agree to implement the applicable administrative, physical, and technical safeguards required to protect the confidentiality confidential ity and integrity of ePHI under the Security Standards pursuant to 45 C.F.R. Part 164. (c) Business Associate agrees to report to SBBC all Security Incidents (as defined by 45 C.F.R. Part 164.304 and in accordance with applicable Florida law) of which it becomes aware. Business Associate agrees to report the Security Incident to SBBC as soon as reasonably practicable, but not later than 10 business days from the date the Business Associate becomes aware of the incident. (d) SBBC agrees and understands that SBBC is independently responsible for the security of ePHI in its possession or for ePHI that it receives from outside sources including “Business Associate”.