Security of Protected Health Information. In accordance with the HIPAA Security Rule in 45 CFR Part 160 and Subparts A and C of Part 164, the Trustees and SASMI, with respect to the group health benefit operations of SASMI, directly or in relation to another covered entity under HIPAA, will safeguard Electronic Protected Health Information by:
(a) Administrative, Physical, and Technical Safeguards. Implementing administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that SASMI creates, receives, maintains, or transmits on behalf of a group health plan.
Security of Protected Health Information. (a) Business Associate has implemented policies and procedures to ensure that its receipt, maintenance, or transmission of all PHI, either electronic or otherwise, on behalf of Covered Entity complies with the applicable administrative, physical, and technical safeguards required protecting the confidentiality, availability and integrity of PHI as required by the HIPAA Privacy Rules and Security Standards.
(b) Business Associate agrees that it will ensure that agents or subcontractors agree to implement the applicable administrative, physical, and technical safeguards required to protect the confidentiality, availability and integrity of PHI as required by HIPAA Privacy Rules and Security Standards.
(c) Business Associate agrees to report to Covered Entity any Security Incident (as defined 45 C.F.R. Part 164.304) of which it becomes aware. Business Associate agrees to report the Security Incident to the Covered Entity as soon as reasonably practicable, but not later than 10 business days from the date the Business Associate becomes aware of the incident.
(d) Business Associate agrees to establish procedures to mitigate, to the extent possible, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Agreement.
(e) Business Associate agrees to immediately notify Covered Entity upon discovery of any Breach of Unsecured Protected Health Information (as defined in 45 C.F.R. §§ 164.402 and 164.410) and provide to Covered Entity, to the extent available to Business Associate, all information required to permit Covered Entity to comply with the requirements of 45 C.F.R. Part 164 Subpart D.
(f) Covered Entity agrees and understands that the Covered Entity is independently responsible for the security of all PHI in its possession (electronic or otherwise), including all PHI that it receives from outside sources including the Business Associate.
Security of Protected Health Information. Subscriber may not use the Service in any way that is illegal, fraudulent, or violates the provisions of the Health Insurance Portability and Accountability Act of 1996 and its later extensions and modifications, including the Health Information Technology for Economic and Clinical Health Act (collectively “HIPAA”). These provisions restrict all unauthorized hacking, testing, or assessment which is intended to bypass the security policies and controls of the software. Subscriber acknowledges that Psych Select is not responsible for violation of these laws or related regulations due to Subscriber's actions or circumstances outside of Psych Select's control. These actions and circumstances include, but are not limited to the failure of Subscriber or Subscriber's employees and agents to: (a) choose adequate account passwords, and to protect those passwords from unauthorized disclosure; (b) log out of the Service on any computer or other device; (c) authenticate the identity of any patient or staff member requesting access to patient or staff passwords; (d) ensure that staff members with access to passwords are aware of HIPAA and have agreed to be bound by them; (e) use tools provided within the Service to monitor log-in activity for security breaches; (f) guard any protected health information (as defined by HIPAA) (hereinafter "PHI") downloaded to Subscriber's own storage device in accordance with HIPAA; (g) ensure that all individuals who are granted access to PHI have a legitimate need for that information in order to conduct healthcare operations (as defined by HIPAA); (h) ensure that any device used to access PHI is free from software viruses and any other hardware or software methods for collecting and disseminating information to unauthorized individuals;
(i) promptly report suspicious activity or misuse of the system to Psych Select for further investigation; and (k) cooperate with Psych Select to safeguard against such activity or misuse and to mitigate any harm arising therefrom.
Security of Protected Health Information. (a) Sub-Business Associate agrees to use appropriate safeguards to protect against any use or disclosure of Personal Information not provided for herein and to comply, where applicable, with Subpart C of 45 CFR Part 164 with respect to Electronic Protected Health Information. Without limiting the foregoing, Sub-Business Associate agrees to implement appropriate administrative, physical, and technical safeguards to prevent the unauthorized use and disclosure of Personal Information, and to protect the confidentiality, integrity, and availability of Electronic Personal Information against accidental or unlawful destruction, alteration, unauthorized or improper disclosure or access, including monitoring access to, use and disclosure of Personal Information whether in physical or electronic form. Sub-Business Associate will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures, and will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality, integrity, and availability of the Personal Information, and ensure that these risks are addressed. Sub-Business Associate shall use secure user identification and authentication protocols, including, but not limited to unique user identification, use of appropriate access controls, and strict measures to protect identification and authentication processes.
(b) Sub-Business Associate agrees, to the extent practicable, to Secure all Personal Information at rest, in motion or in use. Without limiting the foregoing, Sub-Business Associate agrees in all cases to Secure all Electronic Protected Health Information in motion and all Electronic Personal Information placed or stored on portable devices, and to dispose of all Protected Health Information in a Secure manner, including the permanent removal of all Protected Health Information from Electronic Media and hard disks, whether on fax, copier, computer, portable device or otherwise, before making such Electronic Media available for re- use. Notwithstanding the foregoing, beginning January 1, 2017, Sub-Business Associate agrees to Secure all electronic Personal Information at rest.
(c) Sub-Business Associate’s security practices for Protected Health Information must be evaluated and certified by a person holding a Certified Information Systems Security Professional (“CISSP”) certification or an equivalent qualification as meeting health care industry security best practices. Sub-Busi...
Security of Protected Health Information to be in force at the effective date of this BA Contract:
Security of Protected Health Information a. Business Associate agrees to implement the administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information that it creates, receives, maintains, or transmits on Covered Entity’s behalf;
b. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate standards to protect the information;
c. Business Associate agrees to report to Covered Entity any security incident of which it becomes aware that involves the information; and
d. Business Associate agrees that that the obligations set forth in Sections 3(a) through 3(c) above shall by implemented by the final compliance date for the Security Rule to the extent required by law.
Security of Protected Health Information. In accordance with the HIPAA Security Rule in 45 CFR Part 160 and Subparts A and C of Part 164, the Trustees and SASMI, with respect to the group health benefit operations of SASMI, directly or in relation to another covered entity under HIPAA, will safeguard Electronic Protected Health Information by:
(a) Administrative, Physical, and Technical Safeguards. Implementing administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that XXXXX creates, receives, maintains, or transmits on behalf of a group health plan.
Security of Protected Health Information. (a) Business Associate agrees to implement appropriate administrative, physical, and technical safeguards required by the HIPAA Rules.
Security of Protected Health Information. (a) Business Associate agrees to use appropriate safeguards to protect against any use or disclosure of PHI not provided for herein and to comply, where applicable, with Subpart C of 45 CFR Part 164 with respect to Electronic PHI Without limiting the foregoing, Business Associate agrees it has implemented, documented and will maintain appropriate administrative, physical, and technical safeguards to protect against and prevent the unauthorized use and disclosure of PHI, and to protect the confidentiality, integrity, and availability of Electronic PHI.
(b) Business Associate will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures, and will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality, integrity, and availability of the PHI, and ensure that these risks are addressed.
(c) Prior to allowing any Workforce members to Process any PHI, Business Associate shall provide the Workforce member with appropriate privacy and security training. Business Associate will also monitor its Workforce members for compliance with its obligations under this Addendum and the HIPAA Rules.
Security of Protected Health Information. User may not use the Service in any way that is illegal, fraudulent, or violates the provisions of the Health Insurance Portability and Accountability Act of 1996 and its later extensions and modifications, including the Health Information Technology for Economic and Clinical Health Act (collectively “HIPAA”). These provisions restrict all unauthorized hacking, testing, or assessment which is intended to bypass the security policies and controls of the software. User acknowledges that Psych Select is not responsible for violation of these laws or related regulations due to User's actions or circumstances outside of Psych Select's control. These actions and circumstances include, but are not limited to the failure of User to: (a) choose adequate passwords, and to protect those passwords from unauthorized disclosure; (b) log out of the Service on any computer or other device; (c) promptly report suspicious activity or misuse of the system to Psych Select for further investigation; and (d) cooperate with Psych Select to safeguard against such activity or misuse and to mitigate any harm arising therefrom.
