f. "Informatics Center" means that software, portal, platform, or other electronic medium fizrnished by NCCCN on
<br />behalf of entities that include but aze not limited to Medicaid as a means to permit electronic access to health information about
<br />individuals that include but are not limited to, Beneficiaries in connection with the Medicaid health care quality initiative programs
<br />described herein.
<br />g. "PHI" means electronic "protected health information" (as that phrase is defined in 45 C.F.R. § 160.103 of the
<br />HIPAA regulations, or any subsequent amendments thereto) about Beneficiaries.
<br />h. "PIP' or "personally identifiable information" means electronic information that identifies or may be used to identify
<br />an individual, including without limitation first name or first initial and last name in combination with address, driver's license
<br />number, credit card number or Social Security number.
<br />i. "Proprietary Information" means ail information marked as "proprietary," "confidential" or with other similar
<br />designation and all information that by the nature or the circumstances surrounding its disclosure should reasonably be regarded as
<br />confidential or proprietary, but excluding Data.
<br />j. "Security Incident" means a successful unauthorized access, use, disclosure, modification, or destruction of Data, or
<br />interference with the operations of Provider's System, of which Provider has knowledge or should, with the exercise of reasonable
<br />diligence (i.e., no less than as required by applicable laws and regulations), have knowledge, excluding (i) pings on Provider's System
<br />firewall; (ii) port scans; (iii) attempts to log on to Provider's System or enter a database with an invalid password or user name; (iv)
<br />denial-of-service attacks that do not result in a server being taken offline; or (v) malwaze (e.g. worms or viruses), that do not result in
<br />unauthorized access, use, disclosure, modification, or destruction of Data.
<br />k. "State" means any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any
<br />territory or possession subject to the legislative authority of the United States.
<br />I. "System" means softwaze, portal, platform, or other electronic medium controlled or utilized by Provider, through
<br />which or by which Provider exchanges information under this Agreement. For purposes of this definition, it shall not matter whether
<br />Provider controls or utilizes the software, portal, platform or other medium through ownership, lease, license, or otherwise.
<br />2. Scone of this Agreement. Network and NCCCN have previously executed a Network System Access Agreement obligating
<br />the parties to protect the confidentiality and security of Data in accordance with applicable State and federal law, including without
<br />limitation, the federal Health Insurance Portability and Accountability Act of 1996 and its implementing regulations on privacy and
<br />security found at 45 C.F.R. Parts 160 and lb4 ("HIPAA")=and the Health Information Technology for Economic and Clinical Health
<br />(HITECH) Act, Pub. L. No. 111-5, Title XIII (2009), Section 1902(a)(7) of the Social Security Act which provides for safeguards
<br />which restrict the use or disclosure of information concerning Medicaid or CHIP beneficiaries to purposes directly connected to the
<br />administration of the Medicaid or the CHIP programs, and regulations found at 42 C.F.R. § 431.302, which specify the purposes
<br />directly connected to the administration of the Medicaid or the CHIP programs, and the mental health information confidentiality
<br />provisions found in the North Carolina Mental Health, Developmental Disabilities, and Substance Abuse Act of 1985, as codified in
<br />Article 3 of Chapter 122C of the North Carolina General Statutes, as applicable to the parties and as the same may be amended from
<br />time to time, the terms of which agreement require that Provider agree to the terms and conditions hereunder prior to providing Data
<br />to or accessing Data from the Informatics Center.
<br />Use of and Access to Data.
<br />a. Permitted Uses and Disclosures. Subject to the terms and conditions of this Agreement, Provider may use Data
<br />obtained from the Informatics Center (by or on its behalf] solely for those purposes outlined in the Scope of Work incorporated into
<br />the agreement between the Network and Medicaid to participate in a Community Care of North Carolina (CCNC) Program, a form of
<br />which is attached hereto as Exhibit 1 ("SOW"), or as authorized in that certain authorization memorandum issued by Medicaid, a form
<br />of which is attached hereto as Exhibit 2 ("Authorization Memorandum"), and disclose or permit access to such Data solely to
<br />Authorized Users solely for the purposes outlined in the SOW or Authorization Memorandum, or as otherwise expressly authorized in
<br />writing by Medicaid. Data disclosed by Provider into the Informatics Center (whether by or on behalf of Provider) may be used for
<br />those purposes outlined in that certain Memorandum of Agreement executed between Medicaid and NCCCN as of December 23,
<br />2008, as amended from time to time ("Memorandum of Agreement"), the Authorization Memorandum, or as otherwise expressly
<br />authorized in writing by Medicaid.
<br />b. Authorized Users. Provider shall identify, and provide upon reasonable request the names of, those persons (or
<br />entities, if names of individual persons are not reasonably practicable to provide at the time of such request) that are its Authorized
<br />Users for purposes of this Agreement. Provider shall use reasonable care in selecting such individuals and shall place appropriate
<br />privacy and security resMctions on its Authorized Users. Provider shall apply appropriate sanctions against Authorized Users that fail
<br />to comply with the requirements of this Agreement, and immediately terminate an Authorized User's access to Data when they no
<br />2
<br />
|