Security Rule Obligations Sample Clauses

Security Rule Obligations. The following provisions of this section apply to the extent that Business Associate creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity. 17.1 Business Associate shall implement and use administrative, physical, and technical safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312 with respect to the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall identify in writing upon request from Covered Entity all of the safeguards that it uses to protect such Electronic PHI. 17.2 Business Associate shall ensure that any Agent and Subcontractor to whom it provides Electronic PHI agrees in a written agreement to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of the Electronic PHI. Business Associate must enter into this written agreement before any use or disclosure of Electronic PHI by such Agent or Subcontractor. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the use or disclosure of Electronic PHI. Business Associate shall provide a copy of the written agreement to Covered Entity upon request. Business Associate may not make any disclosure of Electronic PHI to any Agent or Subcontractor without the prior written consent of Covered Entity. 17.3 Business Associate shall report in writing to Covered Entity any Security Incident pertaining to such Electronic PHI (whether involving Business Associate or an Agent or Subcontractor). Business Associate shall provide this written report as soon as it becomes aware of any such Security Incident, and in no case later than two (2) business days after it becomes aware of the incident. Business Associate shall provide Covered Entity with the information necessary for Covered Entity to investigate any such Security Incident. 17.4 Business Associate shall comply with any reasonable policies and procedures Covered Entity implements to obtain compliance under the Security Rule.
Sample 1Sample 2Sample 3See All (244)
Security Rule Obligations. Business Associate acknowledges that 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316 apply to Business Associate in the same manner that such sections apply to covered entities, and are incorporated into this Agreement by reference. The additional requirements of the HITECH Act that relate to security and that apply to covered entities also apply to Business Associate and are incorporated into this Agreement by reference. Business Associate agrees to implement the technical safeguards provided in guidance issued annually by the Secretary of the U.S. Department of Health and Human Services (“HHS”) for carrying out the obligations under the Code of Federal Regulation sections cited in this Section and the security standards in 45 C.F.R. Part 164 Subpart C.
Sample 1Sample 2
Security Rule Obligations. The following provisions of this section apply to the extent that Business Associate creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity. 17.1 Business Associate shall implement and use administrative, physical, and technical safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312 with respect to the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. 17.2 Business Associate shall ensure that any Agent and Subcontractor to whom it provides Electronic PHI agrees in a written agreement to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of the Electronic PHI. Business Associate must enter into this written agreement before any use or disclosure of Electronic PHI by such Agent or Subcontractor. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the use or disclosure of Electronic PHI. Business Associate shall provide a copy of the written agreement to Covered Entity upon request. Business Associate may not make any disclosure of Electronic PHI to any Agent or Subcontractor without the prior written consent of Covered Entity. 17.3 Business Associate shall report in writing to Covered Entity any Security Incident pertaining to such Electronic PHI (whether involving Business Associate or an Agent or Subcontractor). Business Associate shall provide this written report as soon as it becomes aware of any such Security Incident, and in no case later than two (2) business days after it becomes aware of the incident. Business Associate shall provide Covered Entity with the information necessary for Covered Entity to investigate any such Security Incident.
Sample 1
Security Rule Obligations. In addition to complying with Covered Entity’s policies and procedures as provided in Section 2.3.14, Business Associate will comply with all aspects of the Security Rule and the HITECH Act, including (i) implementing Safeguards (including written policies and procedures) that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule and the HITECH Act and (ii) developing and implementing all required policies and procedures.
Sample 1
Security Rule Obligations. The following provisions of this Section apply to the extent that Onpoint creates, receives, maintains or transmits Electronic PHI on behalf of Covered Entity. 17.1 Onpoint shall implement and use administrative, physical, and technical safeguards in compliance with 45 CFR sections 164.308, 164.310, and 164.312 with respect to the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Upon request from Covered Entity, Onpoint shall provide Covered Entity an overview of its information security program which shall include available documentation regarding its security policies and procedures. 17.2 Onpoint shall ensure that any Agent and Subcontractor to whom it provides Electronic PHI agrees in a written agreement to implement and use administrative, physical, and technical safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of the Electronic PHI. Onpoint must enter into this written agreement before any use or disclosure of Electronic PHI by such Agent or Subcontractor. The written agreement must identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the use or disclosure of Electronic PHI. Onpoint shall provide a copy of the written agreement to Covered Entity upon Covered Entity’s request. Onpoint, in its sole discretion, may redact from such written agreement any confidential or proprietary information. Onpoint may not make any disclosure of Electronic PHI to any Agent or Subcontractor without the prior written consent of Covered Entity, which consent shall not be unreasonably withheld, conditioned or delayed. Notwithstanding the above, with respect to any Agent or Subcontractor engaged by Onpoint prior to the Effective Date, Onpoint’s contract with the Agent or Subcontractor is not required to identify Covered Entity as a direct and intended third party beneficiary with the right to enforce any breach of the agreement concerning the use or disclosure of Electronic PHI. However, if Onpoint renews or enters into a new contract with the Agent or Subcontractor after the Effective Date, it must identify Covered Entity as a third party beneficiary as required above, and must provide a copy of the written agreement upon Covered Entity’s request. With respect to any Agent or Subcontractor engaged by Onpoint prior to the Effective Date, as identified by Onpoint prior to the Effective Date, Cov...
Sample 1

Related to Security Rule Obligations

  • Contractor Obligations After receipt of the Notice of Termination and except as otherwise directed by the State, the Contractor shall immediately proceed to: a. To the extent specified in the Notice of Termination, stop work under the Contract on the date specified. b. Place no further orders or subcontracts for materials, services, and/or facilities except as may be necessary for completion of such portion(s) of the work under the Contract as is (are) not terminated. c. Terminate and cancel any orders or subcontracts for related to the services, except as may be necessary for completion of such portion(s) of the work under the Contract as is (are) not terminated. d. Transfer to the State all completed or partially completed plans, drawings, information, and other property which, if the Contract had been completed, would be required to be furnished to the State. e. Take other action as may be necessary or as directed by the State for the protection and preservation of the property related to the contract which is in the possession of the contractor and in which the State has or may acquire any interest. f. Make available to the State all cost and other records relevant to a determination of an equitable settlement.