My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Res 2018-113/approving a contract between the City and the Texas Department of State Health Services, Vital Statistics Unit, for the provision of on-line vital statistic computer services for the City
San-Marcos
>
City Clerk
>
03 Resolutions
>
2010's
>
2018
>
Res 2018-113/approving a contract between the City and the Texas Department of State Health Services, Vital Statistics Unit, for the provision of on-line vital statistic computer services for the City
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/15/2018 3:23:20 PM
Creation date
6/28/2018 4:13:05 PM
Metadata
Fields
Template:
City Clerk
City Clerk - Document
Resolutions
City Clerk - Type
Contract
Number
2018-113
Date
6/19/2018
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
18
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
System Agency Contract No.HHSREV 100001023 <br />data transfers and the handling and disposal of Confidential Information. 45 CFR 164.308, 164.530(c); 1 <br />TAC 202 <br />(M) Except as otherwise limited by this DUA, the Base Contract, or law applicable to the <br />Confidential Information, Contractor may use or disclose PHI for the proper management and administration <br />of Contractor or to carry out Contractor's legal responsibilities if, 45 CFR 164.504(e)(il)(1)(A) <br />(1) Disclosure is Required by Law, provided that Contractor complies with Section 3.01(D); <br />(2) Contractor obtains reasonable assurances from the Person to whom the information is <br />disclosed that the Person will: <br />(a) Maintain the confidentiality of the Confidential Information in accordance with this DUA; <br />(b) Use or further disclose the information only as Required by Law or for the Authorized <br />Purpose for which it was disclosed to the Person; and <br />(c) Notify Contractor in accordance with Section 4.01 of any Event or Breach of Confidential <br />Information of which the Person discovers or should have discovered with the exercise of <br />reasonable diligence. 45 CFR 164.504(e)(4)(ii)(B) <br />(N) Except as otherwise limited by this DUA, Contractor will, if requested by System <br />Agency, use PHI to provide data aggregation services to System Agency, as that term is defined in the <br />HIPAA, 45 C.F.R. §164.501 and permitted by HIPAA. 45 CFR 164.504(e)(2)(i)(B) <br />(0) Contractor will, on the tennination or expiration of this DUA or the Base Contract, at its <br />expense, return to System Agency or Destrov, at System Agency's election, and to the extent reasonably <br />feasible and permissible by law, all Confidential Information received from System Agency or created or <br />maintained by Contractor or any of Contractor's agents or Subcontractors on System Agency's behalf if <br />that data contains Confidential Information. Contractor will certify in writing to System Agency that all <br />the Confidential Information that has been created, received, maintained, used by or disclosed to <br />Contractor, has been Destroyed or returned to System Agency, and that Contractor and its agents and <br />Subcontractors have retained no copies thereof. Notwithstanding the foregoing, Contractor acknowledges <br />and agrees that it may not Destro v any Confidential Information if federal or state Iaw, or System Agency <br />record retention policy or a litigation hold notice prohibits such Destruction. If such return or Destruction <br />is not reasonably feasible, or is impermissible by law, Contractor will immediately notify System Agency <br />of the reasons such return or Destruction is not feasible, and agree to extend indefinitely the protections of <br />this DUA to the Confidential Information and limit its fitrther uses and disclosures to the purposes that <br />make the return of the Confidential Information not feasible for as long as Contractor maintains such <br />Confidential Information. 45 CFR 164.504(e)(2)(ii)(J) <br />(P) Contractor will create, maintain, use, disclose, transmit or Destro v Confidential <br />Information in a secure fashion that protects against any reasonably anticipated threats or hazards to the <br />security or integrity of such information or unauthorized uses. 45 CFR 164.306, 164.530(c) <br />(Q) If Contractor accesses, transmits, stores, or maintains Confidential Information, <br />Contractor will complete and return to System Agency at infosecurity@hhsc.state.tx.us the System <br />Agency information security and privacy initial inquiry (SPI) at Attachment 2 . The SPI identifies basic <br />privacy and security controls with which Contractor must comply to protect System Agency Confidential <br />Information. Contractor will comply with periodic security controls compliance assessment and <br />monitoring by System Agency as required by state and federal law, based on the type of Confidential <br />Information Contractor creates, receives, maintains, uses, discloses or has access to and the Authorized <br />Purpose and level of risk. Contractor's security controls will be based on the National Institute of <br />Standards and Technology (NIST) Special Publication 800-53. Contractor will update its security <br />controls assessment whenever there are significant changes in security controls for System Agency <br />System Agency Data Use Agreement V.8.3 HIPAA Omnibus Compliant April 1, 2015 <br />Page 4 of 11 <br />
The URL can be used to link to this page
Your browser does not support the video tag.