Common use of Security Practices Clause in Contracts

Security Practices. The Provider that creates, receives, maintains, or transmits electronic protected health information in its role as a provider shall undertake the following acts regarding such information: a. Ensure the information’s confidentiality, integrity, and availability. 45 C.F.R. 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards), and 164.316 (policies, procedures and documentation requirements) shall apply to the Provider in the same manner that such sections apply to DHSS, and shall be implemented in accordance with HIPAA, the HITECH Act, and the Privacy and Security Rule. The additional requirements of Title XIII of the HITECH Act contained in Public Law 111-5 that relate to security and that are made applicable to covered entities shall also apply to the Provider and are incorporated into this Privacy and Security Procedures. b. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information, including during its transmission to and from the provider. c. Protect against reasonably anticipated uses or disclosures of such information when the use or disclosure is not required or permitted by law. d. Implement protections that govern the receipt, removal, disposition, and re-use of hardware and electronic media (which includes, but is not limited to hard disks, magnetic tapes, compact disks, videotapes, audiotapes, handheld electronic devices and removable storage devices such as floppy disks, zip disks, and memory cards) that contain or have contained electronic protected health information. In particular, the provider shall: i. Ensure that all hardware used or electronic media developed by the provider through the provision of services under the agreement be cleaned with a wipe utility that prevents the recovery of any information from the device, prior to the hardware or device being re-used, salvaged, surplussed, or disposed. ii. For each piece of hardware or electronic media to be re-used, salvaged, surplused, or disposed, furnish a Disposal Assurance Form (attached as Exhibit 1 to these procedures) to the contact person named in the Provider Agreement. e. Ensure that its workforce protect the security of such information.

Security Practices. The Provider that creates, receives, maintains, or transmits electronic protected health information in its role as a provider shall undertake the following acts regarding such information: a. Ensure the information’s confidentiality, integrity, and availability. 45 C.F.R. 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards), and 164.316 (policies, procedures and documentation requirements) shall apply to the Provider in the same manner that such sections apply to DHSSDFCS, and shall be implemented in accordance with HIPAA, the HITECH Act, and the Privacy and Security Rule. The additional requirements of Title XIII of the HITECH Act contained in Public Law 111-5 that relate to security and that are made applicable to covered entities shall also apply to the Provider and are incorporated into this Privacy and Security Procedures. b. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information, including during its transmission to and from the provider. c. Protect against reasonably anticipated uses or disclosures of such information when the use or disclosure is not required or permitted by law. d. Implement protections that govern the receipt, removal, disposition, and re-use of hardware and electronic media (which includes, but is not limited to hard disks, magnetic tapes, compact disks, videotapes, audiotapes, handheld electronic devices and removable storage devices such as floppy disks, zip disks, and memory cards) that contain or have contained electronic protected health information. In particular, the provider shall: i. Ensure that all hardware used or electronic media developed by the provider through the provision of services under the agreement be cleaned with a wipe utility that prevents the recovery of any information from the device, prior to the hardware or device being re-used, salvaged, surplussed, or disposed. ii. For each piece of hardware or electronic media to be re-used, salvaged, surplused, or disposed, furnish a Disposal Assurance Form (attached as Exhibit 1 to these procedures) to the contact person named in the Provider Agreement. e. Ensure that its workforce protect the security of such information.

Security Practices. The Provider that creates, receives, maintains, or transmits electronic protected health information in its role as a provider shall undertake the following acts regarding such information: a. Ensure the information’s confidentiality, integrity, and availability. 45 C.F.R. 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards), and 164.316 (policies, procedures and documentation requirements) shall apply to the Provider in the same manner that such sections apply to DHSSDFCS, and shall be implemented in accordance with HIPAA, the HITECH Act, and the Privacy and Security Rule. The additional requirements of Title XIII of the HITECH Act contained in Public Law 111-5 that relate to security and that are made applicable to covered entities shall also apply to the Provider and are incorporated into this Privacy and Security Procedures. b. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information, including during its transmission to and from the provider. c. Protect against reasonably anticipated uses or disclosures of such information when the use or disclosure is not required or permitted by law. d. Implement protections that govern the receipt, removal, disposition, and re-use of hardware and electronic media (which includes, but is not limited to hard disks, magnetic tapes, compact disks, videotapes, audiotapes, handheld electronic devices and removable storage devices such as floppy disks, zip disks, and memory cards) that contain or have contained electronic protected health information. In particular, the provider shall: i. Ensure that all hardware used or electronic media developed by the provider through the provision of services under the agreement be cleaned with a wipe utility that prevents the recovery of any information from the device, prior to the hardware or device being re-used, salvaged, surplussed, or disposed. ii. For each piece of hardware or electronic media to be re-used, salvaged, surplused, or disposed, furnish a Disposal Assurance Form (attached as Exhibit 1 to these procedures) to the contact person named in the Provider Agreement. e. Ensure that its workforce protect the security of such information.

Security Practices. The Provider grantee that creates, receives, maintains, or transmits electronic protected health information in its role as a provider grantee shall undertake the following acts regarding such information: a. Ensure the information’s confidentiality, integrity, and availability. 45 C.F.R. 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards), and 164.316 (policies, procedures and documentation requirements) shall apply to the Provider grantee in the same manner that such sections apply to DHSS, and shall be implemented in accordance with HIPAA, the HITECH Act, and the Privacy and Security Rule. The additional requirements of Title XIII of the HITECH Act contained in Public Law 111-5 that relate to security and that are made applicable to covered entities shall also apply to the Provider grantee and are incorporated into this Privacy and Security Procedures. b. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information, including during its transmission to and from the providergrantee. c. Protect against reasonably anticipated uses or disclosures of such information when the use or disclosure is not required or permitted by law. d. Implement protections that govern the receipt, removal, disposition, and re-use of hardware and electronic media (which includes, but is not limited to hard disks, magnetic tapes, compact disks, videotapes, audiotapes, handheld electronic devices and removable storage devices such as floppy disks, zip disks, disks and memory cards) that contain or have contained electronic protected health information. In particular, the provider grantee shall: i. Ensure that all hardware used or electronic media developed by the provider through grantee for the provision of services under the agreement grant project be cleaned with a wipe utility that prevents the recovery of any information from the device, prior to the hardware or device being re-used, salvaged, surplussed, or disposed. ii. For each piece of hardware or electronic media to be re-used, salvaged, surplusedsurplussed, or disposed, furnish a Disposal Assurance Form (attached as Exhibit 1 to these procedures) to the contact person grants administrator named in the Provider Grant Agreement. e. Ensure that its workforce protect the security of such information.