#Why is this Important
#Reference
#Criticality
#Sample RFP Language
#Sample Contract Clauses
Why is this Important:
Institutions of higher education might have other obligations regarding use of data under federal, state, or local laws, regulations, or contractual obligations. Generally speaking, an institution may not be able to alleviate such obligations by contracting with a third party to perform functions that use regulated data. Clauses that include instructions to contracting third parties regarding regulatory requirements help to protect the institution in the event of an unauthorized disclosure or breach. Third party contracts between HIPAA covered components of an institution and a third party must include a Business Associate Agreement when a contract affects protected health information.
Reference:
Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. No. 104-191, § 264 (1996), codified at 42 U.S.C. § 1320d; Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. § 160 (2002), 45 C.F.R. § 164 subpts. A, E (2002).
Appendix 1 ISO/IEC 27002:2005, Reference 6.2.3(r); (s)
Criticality: Category 1, Category 2, and Category 4.
Sample RFP Language:
Sample Contract Clauses:
Federal, state, or local law, regulation, or contractual obligation
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).