Common use of Social Security Administration (SSA) Required Provisions for Data Security Clause in Contracts

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor shall have in place administrative, physical, and technical safeguards for data. 3. The Contractor shall not duplicate in a separate file or disseminate, without prior written permission from TennCare the data governed by this Contract for any purpose other than that set forth in this Contract for the administration of the TennCare program. Should the Contractor propose a redisclosure of said data, the Contractor must specify in writing to TennCare the data the Contractor proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. The Contractor agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this Contract. 5. The Contractor shall provide a current list of the employees of such Contractor with access to SSA data and provide such lists to TennCare. 6. The Contractor shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this Contract. The Contractor shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. The Contractor shall ensure that its employees: i. Properly safeguard PHI/PII furnished by TennCare under this Contract from loss ,theft or inadvertent disclosure; ii. Understand that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s employee is at his or her regular duty station; iii. Ensure that laptops and other electronic devices/ media containing PHI/PII are encrypted and/or password protected; iv. Send emails containing PHI/PII only if encrypted or if to and from addresses that are secure; and v. Limit disclosure of the information and details relating to a PHI/PII loss only to those with a need to know. vi. Contractor’s employees who access, use, or disclose TennCare SSA- supplied data in a manner or purpose not authorized by this Contract may be subject to civil and criminal sanctions pursuant to applicable federal statutes.

Appears in 2 contracts

Samples: Contract for the Operation of a Medicare Advantage Plan, Contract for the Operation of a Medicare Advantage Plan

AutoNDA by SimpleDocs

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor DHS shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541, et seq.), and related National Institute of Standards and Technology guidelines, which provide the requirements that the SSA stipulates that DHS must follow with regard to use, treatment, and safeguarding data in the event data is exchanged with a federal information system. In addition, the Contractor Contracting State Agency shall have in place administrative, physical, and technical safeguards for data. DHS shall also comply with Section 1106(a) of the Act (42 U.S.C. 1306) and the regulations promulgated pursuant to that Section (20 C.F.R. Part 401). 3. The Contractor a. DHS shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to DHS pursuant to this Section; b. DHS shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Agreement for any purpose other than that set forth in this Contract Agreement for the administration of the TennCare program. Should the Contractor DHS propose a redisclosure of said data, the Contractor DHS must specify in writing to TennCare the data the Contractor DHS proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. The Contractor agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractAgreement. 5. The Contractor d. DHS shall provide maintain a current list of the employees of such Contractor DHS with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. The Contractor e. DHS shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractAgreement. The Contractor DHS shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. The Contractor f. DHS shall ensure that its employees: i. (1) Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Contract Agreement from loss ,loss, theft or inadvertent disclosure; ii. (2) Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; (3) Understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s DHS’ employee is at his or her regular duty station; iii. (4) Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password protected; iv. (5) Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. (6) Limit disclosure of the information and details relating to a PHI/PII SSA-supplied data loss only to those with a need to know. vi. Contractor’s g. DHS employees who access, use, or disclose TennCare SSA- or TennCare SSA-supplied data in a manner or purpose not authorized by this Contract Agreement may be subject to civil and criminal sanctions pursuant to applicable federal statutes. h. Loss or Suspected Loss of Data - If an employee of DHS becomes aware of suspected or actual loss of SSA-supplied data, DHS or must notify TennCare immediately upon becoming aware to report the actual or suspected loss. DHS must provide TennCare with timely updates as any additional information about the loss of SSA-supplied data becomes available. If DHS experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and DHS shall bear any costs associated with the notice or any mitigation. i. TennCare may immediately and unilaterally suspend the data flow under this Agreement, or terminate this Agreement, if TennCare, in its sole discretion, determines that DHS has: (1) made an unauthorized use or disclosure of TennCare SSA-supplied data; or (2) violated or failed to follow the terms and conditions of this Agreement.

Appears in 1 contract

Samples: Interagency Agreement

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor Subcontractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor Subcontractor shall have in place administrative, physical, and technical safeguards for data. 3. The Contractor a. Subcontractor shall not duplicate in a separate file or disseminate, without prior written permission from TennCare and Amerigroup, the data governed by this Contract the Agreement for any purpose other than that set forth in this Contract Agreement for the administration of the TennCare program. Should the Contractor Subcontractor propose a redisclosure of said data, the Contractor Subcontractor must specify in writing to TennCare and Amerigroup the data the Contractor Subcontractor proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare and Amerigroup will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. The Contractor b. Subcontractor agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractAgreement. 5. The Contractor c. Subcontractor shall provide maintain a current list of the employees of such Contractor Subcontractor with access to SSA data and provide such lists to TennCareTennCare and Amerigroup upon request and at any time there are changes. 6. The Contractor d. Subcontractor shall restrict access to the data obtained from TennCare and Amerigroup to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractAgreement. The Contractor Subcontractor shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s TennCare and Amerigroup prior written approval. 7. The Contractor e. Subcontractor shall ensure that its employees: i. 1. Properly safeguard PHI/PII SSA data furnished by TennCare and Amerigroup under this Contract Agreement from loss ,loss, theft or inadvertent disclosure; ii2. Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; 3. Understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s Subcontractor employee is at his or her regular duty station; iii4. Ensure that laptops and other electronic devices/ media containing PHI/PII SSA data are encrypted and/or password protected; iv5. Send emails containing PHI/PII SSA data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and v. 6. Limit disclosure of the information and details relating to a PHI/PII SSA data loss only to those with a need to know. vi. Contractor’s employees who access, use, or disclose TennCare SSA- supplied data in a manner or purpose not authorized by this Contract may be subject to civil and criminal sanctions pursuant to applicable federal statutes.

Appears in 1 contract

Samples: Msa Agreement (American Well Corp)

Social Security Administration (SSA) Required Provisions for Data Security. a. Def initions. 1. In order SSA-supplied data” or “data” as used in this section means an individual’s personally identifiable information (e.g., name, social security number, income), supplied by the Social Security Administration to meet certain requirements set forth in the State’s TennCare to determine entitlement or eligibility for f ederally-funded programs pursuant to a Computer Matching and Privacy Protection Act Agreement (CMPPA) with and Inf ormation Exchange Agreement between SSA and the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf State of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelinesTennessee. 2. b. The Contractor Grantee shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Inf ormation Security Management Act of 2002 (44 U.S.C. § §3541, et seq.), and related National Institute of Standards and Technology guidelines, which provide the requirements that the SSA stipulates that the Grantee must follow with regard to use, treatment, and saf eguarding data in the event data is exchanged with a federal information system. In addition, the Contractor Grantee shall have in place administrative, physical, and technical safeguards for data. The Grantee shall also comply with Section 1106(a) of the Act (42 U.S.C. 1306) and the regulations promulgated pursuant to that section (20 C.F.R. Part 401). 3. c. The Contractor Grantee shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to the Grantee pursuant to this Section; d. The Grantee shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Grantee for any purpose other than that set forth in this Grant Contract for the administration of the TennCare program. Should the Contractor Grantee propose a redisclosure of said data, the Contractor Grantee must specify in writing to TennCare the data the Contractor Grantee proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. e. The Contractor Grantee agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this Grant Contract. 5. f. The Contractor Grantee shall provide maintain a current list of the employees of such Contractor grantee with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. g. The Contractor Grantee shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this Grant Contract. The Contractor Grantee shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. h. The Contractor Grantee shall ensure that its employees: i. 1. Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Grant Contract from loss ,theft f rom loss, theft, or inadvertent disclosure; ii2. Receive regular, relevant, and sufficient SSA data-related training, including use, access, and disclosure safeguards and information regarding penalties for misuse of information; 3. Understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s Grantee employee is at his or her regular duty station; iii4. Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password password-protected; iv5. Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. 6. Limit disclosure of the information and details relating to a PHI/PII SSA-supplied data loss only to those with a need to know. vi. Contractor’s i. Grantee employees who access, use, or disclose TennCare SSA- or TennCare SSA-supplied data in a manner or purpose not authorized by this Grant Contract may be subject to civil and criminal sanctions pursuant to applicable federal statutes. j. Loss or Suspected Loss of Data - If an employee of the Grantee becomes aware of suspected or actual loss of SSA-supplied data, the Grantee must notify TennCare immediately upon becoming aware to report the actual or suspected loss. The Grantee must provide TennCare with timely updates as any additional information about the loss of SSA- supplied data becomes available. If the Grantee experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and the Grantee shall bear any costs associated with the notice or any mitigation. k. TennCare may immediately and unilaterally suspend the data flow under this Grant Contract, or terminate this Grant Contract, if TennCare, in its sole discretion, determines that the Grantee has: (1) made an unauthorized use or disclosure of TennCare SSA-supplied data; or

Appears in 1 contract

Samples: Grant Contract

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor Contracting State Agency shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information lnformation Security Management Act of 2002 (44 U.S.C. § §3541, et seq.), and related National Institute lnstitute of Standards and Technology guidelines. In ln addition, the Contractor Contracting State Agency shall have in place administrative, physical, and technical safeguards for data. 3. a. The Contractor Contracting State Agency shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to the Contracting State Agency pursuant to this Section; b. The Contracting State Agency shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Agreement for any purpose other than that set forth in this Contract Agreement for the administration of the TennCare program. Should the Contractor Contracting State Agency propose a redisclosure of said data, the Contractor Contracting State Agency must specify in writing to TennCare the data the Contractor Contracting State Agency proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor Contracting State Agency agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractAgreement. 5. d. The Contractor Contracting State Agency shall provide maintain a current list of the employees of such Contractor contractor with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. e. The Contractor Contracting State Agency shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractAgreement. The Contractor Contracting State Agency shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval.T 7. f. The Contractor Contracting State Agency shall ensure that its employees: i. (1) Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Contract Agreement from loss ,loss, theft or inadvertent disclosure; ii. (2) Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; (3) Understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s Contra employee is at his or her regular duty station; iii. (4) Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password protected; iv. (5) Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. (6) Limit disclosure of the information and details relating to a PHI/PII SSA-supplied data loss only to those with a need to know. vi. Contractor’s The Contracting State Agency employees who access, use, or disclose TennCare SSA- or TennCare SSA-supplied data in a manner or purpose not authorized by this Contract Agreement may be subject to civil and criminal sanctions pursuant to applicable federal statutes. g. Loss or Suspected Loss of Data - lf an employee of the Contracting State Agency becomes aware of suspected or actual loss of SSA-supplied data, the Contracting State Agency must notify TennCare immediately upon becoming aware to report the actual or suspected loss. The Contracting State Agency must provide TennCare with timely updates as any additional information about the loss of SSA-supplied data becomes available. lf the Contracting State Agency experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and the Contracting State Agency shall bear any costs associated with the notice or any mitigation. h. TennCare may immediately and unilaterally suspend the data flow under this Agreement, or terminate this Agreement, if TennCare, in its sole discretion, determines that the Contracting State Agency has: (1) made an unauthorized use or disclosure of TennCare SSA-supplied data; or (2) violated or failed to follow the terms and conditions of this Agreement. i. This Section further carries out Section 1106(a) of the Act (42 U.S.C. 1306), the regulations promulgated pursuant to that section (20 C.F.R. Part 401), the Privacy of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget ("OMB") guidelines, the Federal lnformation Security Management Act of 200 et seq.), and related National h provide the requirements that the SSA stipulates that the Contracting State Agency must follow with regard to use, treatment, and safeguarding data in the event data is exchanged with a federal information system. j. SA- t personally identifiable information (e.g. name, social security number, income), supplied by the Social Security Administration to TennCare to determine entitlement or eligibility for federally-funded programs pursuant to a Computer Matching and Privacy Protection Act Agreement and lnformation Exchange Agreement between SSA and the State of Tennessee. E.11. Nondiscrimination a. The Contracting State Agency agrees that it shall comply with the applicable federal and State civil rights laws and regulations, which may include, but are not limited to, Title Vl of the Civil Rights Act of 1964, Section 504 of the Rehabilitation Act of 1973, the Americans with Disabilities Act of 1990, the Age Discrimination Act of 1975, and 42 U.S.C. § 18116. As part of this compliance no person on the grounds of handicap and/or disability, age, race, color, religion, sex, national origin, or any other classifications protected under federal or state laws shall be excluded from participation in, or be denied benefits of, or be otherwise subjected to discrimination in the performance of the Contracting State obligation under its agreement with TennCare or in the employment practices of the Contracting State Agency. b. The Contracting State Agency agrees that its civil rights compliance staff member will work directly der to implement and coordinate nondiscrimination compliance activities. The Contracting State Agency shall provide to TennCare, within ten (10) days of signing this Agreement, the name and contact information of its civil rights compliance staff member. lf at any time that position is reassigned to another staff member, the n e and contact information shall be reported in writing to TennCare within ten (10) calendar days of assuming these duties

Appears in 1 contract

Samples: Interagency Agreement

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § §3541, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor Parties shall have in place administrative, physical, and technical safeguards for data. 3. The Contractor a. UNIVERSITY shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to UNIVERSITY pursuant to this Section; b. UNIVERSITY shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Agreement for any purpose other than that set forth in this Contract for Agreement f or the administration of the TennCare program. Should the Contractor UNIVERSITY propose a redisclosure of said data, the Contractor it must specify in writing to TennCare the data the Contractor it proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure redisclosur e unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor agrees Parties agree to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractAgreement. 5. The Contractor d. UNIVERSITY shall provide maintain a current list of the its employees of such Contractor with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. The Contractor e. UNIVERSITY shall each restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractAgreement. The Contractor UNIVERSITY shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. The Contractor f. UNIVERSITY shall ensure that its employees: i. (1) Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Contract Agreement from loss ,loss, theft or inadvertent disclosure; ii. (2) Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; (3) Understand and acknowledge that they are it is responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s applicable employee is at his or her regular duty station; iii. (4) Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password protected; iv. (5) Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. (6) Limit disclosure of the information and details relating to a PHI/PII SSA- supplied data loss only to those with a need to know. vi. Contractor’s The employees who access, use, or disclose TennCare or TennCare SSA- supplied data in a manner or purpose not authorized by this Contract Agreement may be subject to civil and criminal sanctions pursuant to applicable federal statutes. g. Loss or Suspected Loss of Data - If an employee of UNIVERSITY becomes aware of suspected or actual loss of SSA-supplied data, it must notify TennCare immediately upon becoming aware to report the actual or suspected loss. UNIVERSITY must provide TennCare with timely updates as any additional information about the loss of SSA-supplied data becomes available. If UNIVERSITY experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and UNIVERSITY, as applicable, shall bear any costs associated with the notice or any mitigation. h. TennCare may immediately and unilaterally suspend the data flow under this Agreement, or terminate this Agreement, if TennCare, in its sole discretion, determines that UNIVERSITY has: (1) made an unauthorized use or disclosure of TennCare SSA- supplied data; or (2) violated or failed to follow the terms and conditions of this Agreement. i. This Section further carries out Section 1106(a) of the Act (42 U.S.C. 1306), the regulations promulgated pursuant to that section (20 C.F.R. Part 401), the Privacy of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget ("OMB") guidelines, the Federal Information Security Management Act of 2002 ("FISMA”) (44 U.S.C. 3541 et seq.), and related National Institute of Standards and Technology (“NIST”) guidelines, which provide the requirements that the SSA stipulates that UNIVERSITY must follow with regard to use, treatment, and safeguarding data in the event data is exchanged with a federal information system.

Appears in 1 contract

Samples: Interagency Agreement

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor shall have in place administrative, physical, and technical safeguards for data. 3. a. The Contractor shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to the Contractor pursuant to this Section; b. The Contractor shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Interagency Agreement for any purpose other than that set forth in this Contract Interagency Agreement for the administration of the TennCare program. Should the Contractor propose a redisclosure of said data, the Contractor must specify in writing to TennCare the data the Contractor proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractInteragency Agreement. 5. d. The Contractor shall provide maintain a current list of the employees of such Contractor with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. e. The Contractor shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractInteragency Agreement. The Contractor shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. f. The Contractor shall ensure that its employees: i. 1. Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Contract Interagency Agreement from loss ,loss, theft or inadvertent disclosure; ii2. Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; 3. Understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s employee is at his or her regular duty station; iii4. Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password protected; iv5. Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. 6. Limit disclosure of the information and details relating to a PHI/PII SSA-supplied data loss only to those with a need to know. vi. Contractor’s Contractor employees who access, use, or disclose TennCare or TennCare SSA- supplied data in a manner or purpose not authorized by this Contract Interagency Agreement may be subject to civil and criminal sanctions pursuant to applicable federal statutes. g. Loss or Suspected Loss of Data - If an employee of the Contractor becomes aware of suspected or actual loss of SSA-supplied data, the Contractor must notify TennCare immediately upon becoming aware to report the actual or suspected loss. The Contractor must provide TennCare with timely updates as any additional information about the loss of SSA-supplied data becomes available. If the Contractor experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and the Contractor shall bear any costs associated with the notice or any mitigation. h. TennCare may immediately and unilaterally suspend the data flow under this Interagency Agreement, or terminate this Interagency Agreement, if TennCare, in its sole discretion, determines that the Contractor has: (1) made an unauthorized use or disclosure of TennCare SSA-supplied data; or (2) violated or failed to follow the terms and conditions of this Interagency Agreement. i. This Section further carries out Section 1106(a) of the Act (42 U.S.C. 1306), the regulations promulgated pursuant to that section (20 C.F.R. Part 401), the Privacy of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget ("OMB") guidelines, the Federal Information Security Management Act of 2002 ("FISMA”) (44 U.S.C. 3541 et seq.), and related National Institute of Standards and Technology (“NIST”) guidelines, which provide the requirements that the SSA stipulates that the Contractor must follow with regard to use, treatment, and safeguarding data in the event data is exchanged with a federal information system.

Appears in 1 contract

Samples: Interagency Agreement

AutoNDA by SimpleDocs

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541X.X.X. §0000, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor shall have in place administrative, physical, and technical safeguards for data. 3. a. The Contractor shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to the Contractor pursuant to this Section; b. The Contractor shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this the Contract for any purpose other than that set forth in this Contract for the administration of the TennCare program. Should the Contractor propose a redisclosure of said data, the Contractor must specify in writing to TennCare the data the Contractor proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this Contract. 5. d. The Contractor shall provide a current list of the employees of such Contractor contractor with access to SSA data and provide such lists to TennCare. 6. e. The Contractor shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this Contract. The Contractor shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s 's prior written approval. 7. f. The Contractor shall ensure that its employees: i. Properly (1) properly safeguard PHIPHl/PII Pll furnished by TennCare under this Contract from loss ,loss, theft or inadvertent disclosure; ii. Understand (2) receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; (3) understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s Contractor employee is at his or her regular duty station; iii. Ensure (4) ensure that laptops and other electronic devices/ media containing PHIPHl/PII Pll are encrypted and/or password protected; iv. (5) Send emails containing PHIPHl/PII Pll only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. Limit (6) limit disclosure of the information and details relating to a PHIPHl/PII Pll loss only to those with a need to know. vi. Contractor’s Contractor employees who access, use, or disclose TennCare TENNCARE or TENNCARE SSA- supplied data in a manner or purpose not authorized by this Contract may be subject to civil and criminal sanctions pursuant to applicable federal statutes.

Appears in 1 contract

Samples: Contract for External Quality Review Services

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541X.X.X. §0000, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor shall have in place administrative, physical, and technical safeguards for data. 3. a. The Contractor shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to the Contractor pursuant to this Section; b. The Contractor shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this the Contract for any purpose other than that set forth in this Contract for the administration of the TennCare program. Should the Contractor propose a redisclosure of said data, the Contractor must specify in writing to TennCare the data the Contractor proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this Contract. 5. d. The Contractor shall provide maintain a current list of the employees of such Contractor contractor with access to SSA data and provide such lists to TennCareTennCare at the start of the contract, and subsequently at any time there are changes or upon request. 6. e. The Contractor shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this Contract. The Contractor shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. f. The Contractor shall provide appropriate training and ensure that its employees: i. Properly (1) properly safeguard PHI/PII furnished by TennCare under this Contract from loss ,loss, theft or inadvertent disclosure; ii. Understand (2) understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s Contractor employee is at his or her regular duty station; iii. Ensure (3) ensure that laptops and other electronic devices/ media containing PHI/PII are encrypted and/or password protected; iv. Send (4) send emails containing PHI/PII only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. Limit (5) limit disclosure of the information and details relating to a PHI/PII loss only to those with a need to know. vi. Contractor’s Contractor employees who access, use, or disclose TennCare SSA- or TennCare SSA-supplied data in a manner or purpose not authorized by this Contract may be subject to civil and criminal sanctions pursuant to applicable federal statutes.

Appears in 1 contract

Samples: Contract for the Operation of a Medicare Advantage Plan

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor Grantee shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor Grantee shall have in place administrative, physical, and technical safeguards for data. 3. a. The Contractor Grantee shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to the Grantee pursuant to this Section; b. The Grantee shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Grant Agreement for any purpose other than that set forth in this Contract Grant Agreement for the administration of the TennCare program. Should the Contractor Grantee propose a redisclosure of said data, the Contractor Grantee must specify in writing to TennCare the data the Contractor Grantee proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor Grantee agrees to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractGrant Agreement. 5. d. The Contractor Grantee shall provide maintain a current list of the employees of such Contractor Grantee with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. e. The Contractor Grantee shall restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractGrant Agreement. The Contractor Grantee shall not further duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. f. The Contractor Grantee shall ensure that its employees: i. (1) Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Contract Grant Agreement from loss ,loss, theft or inadvertent disclosure; ii. (2) Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of information; (3) Understand and acknowledge that they are responsible for safeguarding this information at all times, regardless of whether or not the ContractorGrantee’s employee is at his or her regular duty station; iii. (4) Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password protected; iv. (5) Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. (6) Limit disclosure of the information and details relating to a PHI/PII SSA-supplied data loss only to those with a need to know. vi. Contractor’s Grantee employees who access, use, or disclose TennCare SSA- or TennCare SSA-supplied data in a manner or purpose not authorized by this Contract Grant Agreement may be subject to civil and criminal sanctions pursuant to applicable federal statutes. g. Loss or Suspected Loss of Data - If an employee of the Grantee becomes aware of suspected or actual loss of SSA-supplied data, the Grantee must notify TennCare immediately upon becoming aware to report the actual or suspected loss. The Grantee must provide TennCare with timely updates as any additional information about the loss of SSA-supplied data becomes available. If the Grantee experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and the Grantee shall bear any costs associated with the notice or any mitigation. h. TennCare may immediately and unilaterally suspend the data flow under this Grant Agreement, or terminate this Grant Agreement, if TennCare, in its sole discretion, determines that the Grantee has: (1) made an unauthorized use or disclosure of TennCare SSA-supplied data; or (2) violated or failed to follow the terms and conditions of this Grant Agreement. i. This Section further carries out Section 1106(a) of the Act (42 U.S.C. 1306), the regulations promulgated pursuant to that section (20 C.F.R. Part 401), the Privacy of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget ("OMB") guidelines, the Federal Information Security Management Act of 2002 ("FISMA”) (44 U.S.C. 3541 et seq.), and related National Institute of Standards and Technology (“NIST”) guidelines, which provide the requirements that the SSA stipulates that the Grantee must follow with regard to use, treatment, and safeguarding data in the event data is exchanged with a federal information system.

Appears in 1 contract

Samples: Grant Agreement

Social Security Administration (SSA) Required Provisions for Data Security. 1. In order to meet certain requirements set forth in the State’s Computer Matching and Privacy Protection Act Agreement (CMPPA) with the SSA, the Parties acknowledge that this Section shall be included in all agreements executed by or on behalf of the State. The Parties further agree that FISMA and NIST do not apply in the context of data use and disclosure under this Agreement as the Parties shall neither use nor operate a federal information system on behalf of a federal executive agency. Further, NIST is applicable to federal information systems; therefore, although encouraged to do so, the State, its contractors, agents and providers are not required to abide by the NIST guidelines. 2. The Contractor shall comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of 1974 (5 U.S.C. § 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget guidelines, the Federal Information Security Management Act of 2002 (44 U.S.C. § §3541, et seq.), and related National Institute of Standards and Technology guidelines. In addition, the Contractor Parties shall have in place administrative, physical, and technical safeguards for data. 3. The Contractor a. UT Pharmacy shall specify in its agreements with any agent or subcontractor that will have access to data that such agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to UT Pharmacy pursuant to this Section; b. UT Pharmacy shall not duplicate in a separate file or disseminate, without prior written permission from TennCare TennCare, the data governed by this Contract the Interagency Agreement for any purpose other than that set forth in this Contract Interagency Agreement for the administration of the TennCare program. Should the Contractor UT Pharmacy propose a redisclosure of said data, the Contractor it must specify in writing to TennCare the data the Contractor it proposes to redisclose, to whom, and the reasons that justify the redisclosure. TennCare will not give permission for such redisclosure unless the redisclosure is required by law or essential to the administration of the TennCare program. 4. c. The Contractor agrees Parties agree to abide by all relevant federal laws, restrictions on access, use, and disclosure, and security requirements in this ContractInteragency Agreement. 5. The Contractor d. UT Pharmacy shall provide maintain a current list of the its employees of such Contractor with access to SSA data and provide such lists to TennCareTennCare upon request and at any time there are changes. 6. The Contractor e. UT Pharmacy shall each restrict access to the data obtained from TennCare to only those authorized employees who need such data to perform their official duties in connection with purposes identified in this ContractInteragency Agreement. The Contractor UT Pharmacy shall not further f urther duplicate, disseminate, or disclose such data without obtaining TennCare’s prior written approval. 7. The Contractor f. UT Pharmacy shall ensure that its employees: i. (1) Properly safeguard PHI/PII SSA-supplied data furnished by TennCare under this Contract Interagency Agreement from loss ,loss, theft or inadvertent disclosure; ii. (2) Receive regular, relevant and sufficient SSA data related training, including use, access and disclosure safeguards and information regarding penalties for misuse of inf ormation; (3) Understand and acknowledge that they are it is responsible for safeguarding this information at all times, regardless of whether or not the Contractor’s applicable employee is at his or her regular duty station; iii. (4) Ensure that laptops and other electronic devices/ media containing PHI/PII SSA-supplied data are encrypted and/or password protected; iv. (5) Send emails containing PHI/PII SSA-supplied data only if the information is encrypted or if to and from addresses that are the transmittal is secure; and, v. (6) Limit disclosure of the information and details relating to a PHI/PII SSA-supplied data loss only to those with a need to know. vi. Contractor’s The employees who access, use, or disclose TennCare SSA- or TennCare SSA-supplied data in a manner or purpose not authorized by this Contract Interagency Agreement may be subject to civil and criminal sanctions pursuant to applicable federal statutes. g. Loss or Suspected Loss of Data - If an employee of UT Pharmacy becomes aware of suspected or actual loss of SSA-supplied data, it must notify TennCare immediately upon becoming aware to report the actual or suspected loss. UT Pharmacy must provide TennCare with timely updates as any additional information about the loss of SSA-supplied data becomes available. If UT Pharmacy experiences a loss or breach of said data, TennCare will determine whether or not notice to individuals whose data has been lost or breached shall be provided and UT Pharmacy, as applicable, shall bear any costs associated with the notice or any mitigation. h. TennCare may immediately and unilaterally suspend the data flow under this Interagency Agreement, or terminate this Interagency Agreement, if TennCare, in its sole discretion, determines that UT Pharmacy has: (1) made an unauthorized use or disclosure of TennCare SSA-supplied data; or (2) violated or failed to follow the terms and conditions of this Interagency Agreement. i. This Section further carries out Section 1106(a) of the Act (42 U.S.C. 1306), the regulations promulgated pursuant to that section (20 C.F.R. Part 401), the Privacy of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of 1988, related Office of Management and Budget ("OMB") guidelines, the Federal Information Security Management Act of 2002 ("FISMA”) (44 U.S.C. 3541 et seq.), and related National Institute of Standards and Technology (“NIST”) guidelines, which provide the requirements that the SSA stipulates that UT Pharmacy must follow with regard to use, treatment, and safeguarding data in the event data is exchanged with a f ederal information system. j. Def initions. “SSA-supplied data” or “data” as used in this section means an individual’s personally identifiable information (e.g. name, social security number, income), supplied by the Social Security Administration to TennCare to determine entitlement or eligibility for f ederally-funded programs pursuant to a Computer Matching and Privacy Protection Act Agreement and Information Exchange Agreement between SSA and the State of Tennessee.

Appears in 1 contract

Samples: Interagency Agreement

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!