Orange County NC Website
Browse       Search
Exhibit B - 5 <br /> <br />EMR System or Records include, but are not limited to, the following: (1) removing data in an <br />unauthorized manner for the purposes of reselling the information; (2) placement on the site of <br />any untrue, malicious, fraudulent, harassing, offensive or defamatory material, or any material <br />that is irrelevant to a legitimate use of the site; (3) introduction of viruses, worms or other <br />programming routines that are intended to disrupt or interfere with the intended operation of the <br />site; (4) insertion of links to other sites of whatever character; (5) promotion of any unlawful <br />activity or purpose, including any activity that could give rise to criminal or civil liability; (6) <br />unauthorized alteration of any data or information supplied by another user of the site; or (7) any <br />activity that infringes on the copyright, patent, trademark or other rights of any person or entity. <br />Individuals who engage in a prohibited use of the site will be liable to UNCHCS for damages <br />incurred by UNCHCS as a result. <br /> <br />8. Each Party shall comply with Applicable Laws, and is solely responsible for <br />developing and providing its HIPAA notice of privacy practices to its patients and complying <br />with its terms. If warranted, in the sole judgment of each Party, to provide adequate notice to <br />patients regarding the Party’s data practices, such Party may include notice of this shared access <br />arrangement in its notice of privacy practices. The Parties agree to cooperate on the <br />development of such language. <br /> <br />9. Each Party acknowledges and agrees that as a data owner authorizing access to its <br />Records, such Party is subject to certain data security and security breach notification <br />requirements under applicable law. In addition to its responsibilities under this Addendum <br />described above, each Party agrees to implement any data security measures that are required by <br />Applicable Laws with respect to patient information. In the event of an incident or occurrence <br />resulting in the compromise, unauthorized access, manipulation or disclosure of patient <br />information, the affected Party will promptly notify the other Party of such incident, and shall <br />cooperate with an Authorizing Party’s efforts to implement any required security remediation <br />and to notify affected individuals, as the Parties mutually agree, in order to help the Authorizing <br />Party comply with its notification or remediation obligations under Applicable Law or agency <br />guidance. Each Party’s cooperation in notification and remediation activities under this Section 9 <br />shall be at such Party’s sole expense; provided however that the actual costs of delivering such <br />notification, and any related services that an Authorizing Party chooses to provide to patients in <br />conjunction with such notification, will be at such Party’s sole expense <br /> <br />10. Each Party WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO THE <br />RECORDS OR ANY COMPUTER SYSTEM, ANY LOSS OF DATA, OR ANY IMPROPER <br />USE OR DISCLOSURE OF INFORMATION ON THE RECORDS CAUSED BY THE <br />PARTY, ITS AUTHORIZED USERS, OR ITS MEDICAL PROVIDERS, OR ANY PERSON <br />USING A USER ID OR A UNIQUE IDENTIFIER OF THE PARTY’S AUTHORIZED USERS <br />OR MEDICAL PROVIDERS. <br /> <br />27