Orange County NC Website
Browse       Search
Network and for any other individuals'use of the HIE Network by use of any security credential <br /> received or obtained, directly or indirectly, lawfully or unlawfully, from the Participant or its <br /> Authorized Users. <br /> (c) Participant will use and maintain reasonable and appropriate <br /> administrative, technical and physical safeguards to protect the confidentiality, integrity, and <br /> availability of Patient Information and to prevent the acquisition, access, Disclosure or use of <br /> Patient Information through the HIE Network other than for Permitted Purposes or as required by <br /> Applicable Law. To that end,Participant agrees to: <br /> (i) Establish role-based access standards reasonably designed to <br /> enable each Authorized User to access such Patient Information through the HIE <br /> Network as is necessary for the performance of his or her authorized activities. These <br /> standards shall ensure that Authorized Users access Disclose or use only the Minimum <br /> Necessary amount of Patient Information reasonably required to carry out the authorized <br /> purpose. <br /> (ii) Establish policies and procedures that provide for appropriate: (i) <br /> identification and authentication of its Authorized Users; (ii) security audit controls and <br /> documentation to guard against unauthorized access to Patient Information; and (iii) <br /> protection against any type of virus or malicious software designed to disrupt the <br /> operation of,destroy or damage its or NC HIE's System or the HIE Network. <br /> (d) Participant shall have in place written User Access Policies that govern its <br /> Authorized Users' ability to access, Disclose and use Patient Information through the HIE <br /> Network using such Participant's System. Such Policies shall be consistent with this Agreement. <br /> Participant agrees to provide to NC HIE,upon reasonable request,copies or detailed summaries <br /> of its User Access Policies. <br /> (e) Participant is responsible for establishing a means to inform its Authorized <br /> Users of notices, changes, information and restrictions applicable to the use and Disclosure of <br /> Patient Information through the HIE Network under this Agreement. Participant shall require <br /> that all of its Authorized Users comply with the applicable requirements of this Agreement and <br /> Applicable Law and shall promptly take appropriate action in the event that Participant knows, <br /> or reasonably should have known, of a violation of the Agreement by an Authorized User. <br /> Participant will be responsible for any breach of this Agreement by an Authorized User. <br /> Participant agrees that notices provided to Participant will be effective as to Authorized Users <br /> and the Participant will secure Authorized Users agreement to the foregoing. <br /> (f) Participants shall provide periodic reports to NC HIE upon request about <br /> the security measures implemented for using the HIE Network, including any material security <br /> incidents that have arisen since any prior report. A "material security incident" is one that <br /> results in unauthorized acquisition, access, use, disclosure, modification, destruction of Patient <br /> Information, or interference with NC HIE's or Participant's System operations. Security <br /> incidents that are not material include,but are not limited to,pings on a firewall,attempts to log <br /> onto a system with an invalid security credential, malware, and denial-of-service attacks that do <br /> not result in a server being taken off-line. <br /> (g) NC HIE,in its discretion,may deny access to Patient Information through <br /> the HIE Network to any Participant or Authorized User it reasonably believes has acquired, <br /> 7 <br />