Common use of Telework and Telecommuting Clause in Contracts

Telework and Telecommuting. ‌ Insurer shall maintain policies and procedures for telework (i.e., user access from a facility where data does not reside) and telecommuting (i.e., user access from home or travel (e.g., hotel) environment). For purposes of this section, “telework” includes “telecommuting”. Telework policies and procedures, and other related documents, shall meet the standards required for compliance with all laws and regulations, including HIPAA and the Xxxxx-Xxxxx- Xxxxxx Act. In addition, Insurer’s telework policies and procedures shall at least meet the recommendations and best practices identified in the National Institute of Standards and Technology (NIST), U.S. Department of Commerce Special Publication 800-46, Revision 2 or its replacement, including the recommendations and best practices contained in relevant cross-referenced NIST publications. Insurer shall conduct and consider risk assessments when developing, implementing or changing its telework security policy, particularly for those aspects of the telework security policy for which various approaches may provide acceptable safeguards or for which unauthorized access to PHI or PII is likely to occur without appropriate safeguards. Insurer shall require multifactor authentication or more stringent practices for any level of remote access. Insurer shall provide FHKC with enough information to assure FHKC that appropriate policies, procedures and practices are in place, upon request. Such release of information is not required to be at the level of detail that may present a notable security risk.

Telework and Telecommuting. ‌ Insurer Vendor shall maintain policies and procedures for telework (i.e., user access User Access from a facility where data Data does not reside) and telecommuting (i.e., user access User Access from home or travel (e.g., hotel) environment). For purposes of this sectionSection, “telework” includes “telecommuting”. .” Telework policies and procedures, procedures and other related documents, documents shall meet the standards required for compliance with all laws and regulations, including HIPAA and the Xxxxx-Xxxxx- Xxxxxx Act. In addition, InsurerVendor’s telework policies and procedures shall at least meet the recommendations and best practices identified in the National Institute of Standards and Technology (NIST), U.S. Department of Commerce NIST Special Publication 800-46, Revision 2 or its replacement, including the recommendations and best practices contained in relevant cross-referenced NIST publications. Insurer Vendor shall conduct and consider risk assessments when developing, implementing implementing, or changing its telework security policy, particularly for those aspects of the telework security policy for which various approaches may provide acceptable safeguards or for which unauthorized access Access to PHI or PII is likely to occur without appropriate safeguards. Insurer Vendor shall require multifactor authentication or more stringent practices for any level of remote accessAccess. Insurer Upon request, Vendor shall provide FHKC with enough information to assure FHKC that appropriate policies, procedures procedures, and practices are in place, upon request. Such release of information is not required to be at the level of detail that may present a notable security risk.