Common use of Telework and Telecommuting Clause in Contracts

Telework and Telecommuting. ‌ Insurer shall maintain policies and procedures for telework (i.e., user Access from a facility where Data does not reside) and telecommuting (i.e., user Access from home or travel (e.g., hotel) environment). For purposes of this section, “telework” includes “telecommuting”. Telework policies, procedures, and other related documents shall meet the standards required for compliance with all laws and regulations, including HIPAA and the Xxxxx-Xxxxx-Xxxxxx Act. In addition, Insurer’s telework policies and procedures shall at least meet the minimum recommendations and best practices identified in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4, AC-17, Baseline Allocation Moderate, and NIST, U.S. Department of Commerce Special Publication 800-46, Revision 2 or its replacement, including the minimum recommendations and best practices contained in relevant cross- referenced NIST publications. Insurer shall conduct and consider risk assessments when developing, implementing, or changing its telework security policy, particularly for those aspects of the telework security policy for which various approaches may provide acceptable safeguards or for which unauthorized Access to PHI or PII is likely to occur without appropriate safeguards. Insurer shall require multifactor authentication or more stringent practices for any level of remote Access. Upon request, Insurer shall provide FHKC with enough information to assure FHKC that appropriate policies, procedures, and practices are in place. Such release of information is not required to be at the level of detail that may present a notable security risk.

Telework and Telecommuting. ‌ Insurer shall maintain policies and procedures for telework (i.e., user Access access from a facility where Data data does not reside) and telecommuting (i.e., user Access access from home or travel (e.g., hotel) environment). For purposes of this section, “telework” includes “telecommuting”. Telework policies, policies and procedures, and other related documents documents, shall meet the standards required for compliance with all laws and regulations, including HIPAA and the Xxxxx-Xxxxx-Xxxxx- Xxxxxx Act. In addition, Insurer’s telework policies and procedures shall at least meet the minimum recommendations and best practices identified in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4, AC-17, Baseline Allocation Moderate, and NIST), U.S. Department of Commerce Special Publication 800-46, Revision 2 or its replacement, including the minimum recommendations and best practices contained in relevant cross- cross-referenced NIST publications. Insurer shall conduct and consider risk assessments when developing, implementing, implementing or changing its telework security policy, particularly for those aspects of the telework security policy for which various approaches may provide acceptable safeguards or for which unauthorized Access access to PHI or PII is likely to occur without appropriate safeguards. Insurer shall require multifactor authentication or more stringent practices for any level of remote Accessaccess. Upon request, Insurer shall provide FHKC with enough information to assure FHKC that appropriate policies, procedures, procedures and practices are in place, upon request. Such release of information is not required to be at the level of detail that may present a notable security risk.

Telework and Telecommuting. ‌ Insurer Vendor shall maintain policies and procedures for telework (i.e., user User Access from a facility where Data does not reside) and telecommuting (i.e., user User Access from home or travel (e.g., hotel) environment). For purposes of this sectionSection, “telework” includes “telecommuting”. .” Telework policies, procedures, policies and procedures and other related documents shall meet the standards required for compliance with all laws and regulations, including HIPAA and the Xxxxx-Xxxxx-Xxxxx- Xxxxxx Act. In addition, InsurerVendor’s telework policies and procedures shall at least meet the minimum recommendations and best practices identified in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4, AC-17, Baseline Allocation Moderate, and NIST, U.S. Department of Commerce NIST Special Publication 800-46, Revision 2 or its replacement, including the minimum recommendations and best practices contained in relevant cross- cross-referenced NIST publications. Insurer Vendor shall conduct and consider risk assessments when developing, implementing, or changing its telework security policy, particularly for those aspects of the telework security policy for which various approaches may provide acceptable safeguards or for which unauthorized Access to PHI or PII is likely to occur without appropriate safeguards. Insurer Vendor shall require multifactor authentication or more stringent practices for any level of remote Access. Upon request, Insurer Vendor shall provide FHKC with enough information to assure FHKC that appropriate policies, procedures, and practices are in place. Such release of information is not required to be at the level of detail that may present a notable security risk.