Orange County NC Website
f. "Informatics Center" means that software, portal, platform, or other electronic medium fizrnished by NCCCN on <br />behalf of entities that include but aze not limited to Medicaid as a means to permit electronic access to health information about <br />individuals that include but are not limited to, Beneficiaries in connection with the Medicaid health care quality initiative programs <br />described herein. <br />g. "PHI" means electronic "protected health information" (as that phrase is defined in 45 C.F.R. § 160.103 of the <br />HIPAA regulations, or any subsequent amendments thereto) about Beneficiaries. <br />h. "PIP' or "personally identifiable information" means electronic information that identifies or may be used to identify <br />an individual, including without limitation first name or first initial and last name in combination with address, driver's license <br />number, credit card number or Social Security number. <br />i. "Proprietary Information" means ail information marked as "proprietary," "confidential" or with other similar <br />designation and all information that by the nature or the circumstances surrounding its disclosure should reasonably be regarded as <br />confidential or proprietary, but excluding Data. <br />j. "Security Incident" means a successful unauthorized access, use, disclosure, modification, or destruction of Data, or <br />interference with the operations of Provider's System, of which Provider has knowledge or should, with the exercise of reasonable <br />diligence (i.e., no less than as required by applicable laws and regulations), have knowledge, excluding (i) pings on Provider's System <br />firewall; (ii) port scans; (iii) attempts to log on to Provider's System or enter a database with an invalid password or user name; (iv) <br />denial-of-service attacks that do not result in a server being taken offline; or (v) malwaze (e.g. worms or viruses), that do not result in <br />unauthorized access, use, disclosure, modification, or destruction of Data. <br />k. "State" means any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any <br />territory or possession subject to the legislative authority of the United States. <br />I. "System" means softwaze, portal, platform, or other electronic medium controlled or utilized by Provider, through <br />which or by which Provider exchanges information under this Agreement. For purposes of this definition, it shall not matter whether <br />Provider controls or utilizes the software, portal, platform or other medium through ownership, lease, license, or otherwise. <br />2. Scone of this Agreement. Network and NCCCN have previously executed a Network System Access Agreement obligating <br />the parties to protect the confidentiality and security of Data in accordance with applicable State and federal law, including without <br />limitation, the federal Health Insurance Portability and Accountability Act of 1996 and its implementing regulations on privacy and <br />security found at 45 C.F.R. Parts 160 and lb4 ("HIPAA")=and the Health Information Technology for Economic and Clinical Health <br />(HITECH) Act, Pub. L. No. 111-5, Title XIII (2009), Section 1902(a)(7) of the Social Security Act which provides for safeguards <br />which restrict the use or disclosure of information concerning Medicaid or CHIP beneficiaries to purposes directly connected to the <br />administration of the Medicaid or the CHIP programs, and regulations found at 42 C.F.R. § 431.302, which specify the purposes <br />directly connected to the administration of the Medicaid or the CHIP programs, and the mental health information confidentiality <br />provisions found in the North Carolina Mental Health, Developmental Disabilities, and Substance Abuse Act of 1985, as codified in <br />Article 3 of Chapter 122C of the North Carolina General Statutes, as applicable to the parties and as the same may be amended from <br />time to time, the terms of which agreement require that Provider agree to the terms and conditions hereunder prior to providing Data <br />to or accessing Data from the Informatics Center. <br />Use of and Access to Data. <br />a. Permitted Uses and Disclosures. Subject to the terms and conditions of this Agreement, Provider may use Data <br />obtained from the Informatics Center (by or on its behalf] solely for those purposes outlined in the Scope of Work incorporated into <br />the agreement between the Network and Medicaid to participate in a Community Care of North Carolina (CCNC) Program, a form of <br />which is attached hereto as Exhibit 1 ("SOW"), or as authorized in that certain authorization memorandum issued by Medicaid, a form <br />of which is attached hereto as Exhibit 2 ("Authorization Memorandum"), and disclose or permit access to such Data solely to <br />Authorized Users solely for the purposes outlined in the SOW or Authorization Memorandum, or as otherwise expressly authorized in <br />writing by Medicaid. Data disclosed by Provider into the Informatics Center (whether by or on behalf of Provider) may be used for <br />those purposes outlined in that certain Memorandum of Agreement executed between Medicaid and NCCCN as of December 23, <br />2008, as amended from time to time ("Memorandum of Agreement"), the Authorization Memorandum, or as otherwise expressly <br />authorized in writing by Medicaid. <br />b. Authorized Users. Provider shall identify, and provide upon reasonable request the names of, those persons (or <br />entities, if names of individual persons are not reasonably practicable to provide at the time of such request) that are its Authorized <br />Users for purposes of this Agreement. Provider shall use reasonable care in selecting such individuals and shall place appropriate <br />privacy and security resMctions on its Authorized Users. Provider shall apply appropriate sanctions against Authorized Users that fail <br />to comply with the requirements of this Agreement, and immediately terminate an Authorized User's access to Data when they no <br />2 <br />