My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
SH22-011 - WA STATE HCA MOUD IN JAILS PSA - Amendment 1 - partially executed
>
Meetings
>
2022
>
07. July
>
2022-07-19 10:00 AM - Commissioners' Agenda
>
SH22-011 - WA STATE HCA MOUD IN JAILS PSA - Amendment 1 - partially executed
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/14/2022 1:24:17 PM
Creation date
7/14/2022 1:22:58 PM
Metadata
Fields
Template:
Meeting
Date
7/19/2022
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Alpha Order
h
Item
Request to Approve a Resolution Authorizing an Amendment to the Professional Services Agreement Between Kittitas County and Washington State Healthcare Authority
Order
8
Placement
Consent Agenda
Row ID
91496
Type
Resolution
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
25
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Contractor must include all of the Data security terms, conditions and requirements set forth in this Contract in <br />any such Subcontract. In no event will the existence of the Subcontract operate to release or reduce the <br />liability of the Contractor to HCA for any breach in the performance of the Contractor's responsibilities. <br />9. Audit <br />9.1. At HCA's request or in accordance with OCIO 141. 10, Contractor shall obtain audits covering Data <br />Security and Permissible Use. Contractor may cover both the Permissible Use and the Data <br />Security Requirements under the same audit, or under separate audits. The term, "independent <br />third -party" as referenced in this section means an outside auditor that is an independent auditing <br />firm. <br />9.2. Data Security audits must demonstrate compliance with Data Security standards adopted by the <br />Washington State Office of the Chief Information Officer (OCIO), and as set forth in Attachment 1, <br />Data Security Requirements. At a minimum, audit(s) must determine whether Data Security <br />policies, procedures, and controls are in place to ensure compliance with all Data Security <br />Requirements set forth herein and as required by state and federal law. <br />9.3. Permissible Use Audits must demonstrate compliance with Permissible Use standards as set forth <br />in this Contract and each Attachment A. Audit(s) must determine whether Permissible Use policies, <br />procedures, and controls are in place to ensure compliance with all Permissible Use requirements <br />in this Contract. <br />9.4. HCA may monitor, investigate, and audit the use of Personal Information received by Contractor <br />through this Contract. The monitoring and investigating may include the act of introducing data <br />containing unique but false information (commonly referred to as "salting" or "seeding") that can be <br />used later to identify inappropriate use or disclosure of Data. <br />9.5. During the term of this Contract and for six (6) years following termination or expiration of this <br />Contract, HCA will have the right at reasonable times and upon no less than five (5) business days <br />prior written notice to access the Contractor's records and place of business for the purpose of <br />auditing, and evaluating the Contractor's compliance with this Contract and applicable laws and <br />regulations. <br />10. Data Breach Notification and Obligations <br />10.1. The Breach or potential compromise of Data shared under this Contract must be reported to the <br />HCA Privacy Officer at PrivacyOfficer(a-),hca.wa.4ov within one (1) business day of discovery. <br />10.2. If the Breach or potential compromise of Data includes PHI, and the Contractor does not have full <br />details, it will report what information it has and provide full details within 15 business days of <br />discovery. To the extent possible, these reports must include the following: <br />a. The identification of each individual whose PHI has been or may have been improperly <br />accessed, acquired, used, or disclosed; <br />b. The nature of the unauthorized Use or disclosure, including a brief description of what <br />happened, the date of the event(s), and the date of discovery; <br />c. A description of the types of PHI involved; <br />Washington State <br />Health Care Authority Page 12 HCA Contract No. K5885-1 <br />
The URL can be used to link to this page
Your browser does not support the video tag.