Laserfiche WebLink
"Security Rule" means the Security Standards and Implementation <br />Specifications at 45 C.F.R. Parts 160 and 164, Subparts A and C. <br />"Standards for Electronic Transactions Rule" means the final regulations <br />issued by Health and Human Services concerning standard transactions and code sets <br />under the Administrative Simplification provisions of HIPAA, 45 C.F.R. Parts 160 and <br />162. <br />All terms used, but not otherwise defined, in this Agreement shall have the same <br />meaning as those terms in the HIPAA Rules. <br />ARTICLE 2. OBLIGATIONS AND ACTIVITIES OF LOCKTON <br />2.1 Lockton agrees to not Use or further Disclose PHI other than as permitted or <br />required by this Agreement or as Required By Law. <br />2.2 Lockton agrees to use appropriate safeguards to prevent the Use or Disclosure of <br />the PHI other than as provided for by this Agreement. <br />2.3 Lockton agrees to implement administrative, physical, and technical safeguards <br />and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI. <br />2.4 Lockton agrees to notify the Plan of any Security Incident or Use or Disclosure of <br />PHI not permitted by this Agreement of which Lockton is aware, including any Breach of <br />Unsecured PHI as required by 45 C.F.R. 164.410. Such notice shall be provided within three (3) <br />business days and shall include, to the extent possible, information that is required to be included <br />in notification to the individual under 45 C.F.R. 164.404. <br />2.4.1 Lockton and Plan agree that unsuccessful attempts at unauthorized access or <br />system interference occur frequently and that there is no significant benefit for data <br />security from requiring the documentation and reporting of such unsuccessful intrusion <br />attempts. In addition, both parties agree that the cost of documenting and reporting such <br />unsuccessful attempts as they occur would outweigh any potential benefit gained from <br />reporting them. Consequently, both Lockton and Plan agree that this Agreement shall <br />constitute the documentation, notice and written report of such unsuccessful attempts at <br />unauthorized access or system interference as required above and by 45 C.F.R. Part 164, <br />Subpart C and that no further notice or report of such attempts with be required. By way <br />of example (and not limitation in any way), the Parties consider the following to be <br />illustrative (but not exhaustive) of unsuccessful Security Incidents when they do not <br />result in unauthorized access, use, disclosure, modification, or destruction of e -PHI or <br />interference with an information system: <br />1. Pings on a Party's firewall, <br />2. Port scans, <br />Lockton Business Associate Agreement_rcv42015 <br />