Laserfiche WebLink
definitions of PII. PHI is defined as any information that is related to an individual's health record <br />as defined by the Health Insurance Portability and Accountability Act (HIPAA). <br />e. PHI/PII Processing - The parties shall comply, and warrant that they have complied, with <br />implementing all applicable data protection and privacy laws and regulations in any relevant <br />jurisdiction (together, the "Data Protection Laws"); and where, in connection with this Agreement, <br />the Software is processing information related to PHI/PII on behalf of the CLIENT, MERIDIAN <br />shall: <br />i. Process the PHI/PII only on the written instructions of CLIENT; <br />ii. Make all reasonable efforts to implement appropriate technical and organizational measures <br />to protect those PHI/PII against accidental or unlawful destruction or accidental loss, alteration, <br />unauthorized disclosure or access, in particular where the processing involves the <br />transmission of data over a network, and against all other unlawful forms of processing; <br />iii, Return or destroy all such personal data promptly upon the termination of this Agreement, or <br />at any time during the term of this Agreement upon written instructions from CLIENT; <br />iv. Not disclose PHI/PII to any person except as required or permitted by this Agreement or with <br />CLIENT's written consent; <br />V. Provide full cooperation and assistance to CLIENT in implementing any procedures required <br />in order to comply with data privacy laws to which CLIENT is subject, as advised by CLIENT <br />from time to time; <br />vi. Not process PHI/PII except to the extent reasonably necessary to the performance of this <br />Agreement; <br />vii. Notify CLIENT immediately in the event of any breach of the security of such personal data, <br />and cooperate with CLIENT in any post- breach investigation or remediation efforts; and <br />viii. Notify CLIENT promptly in the event that MERIDIAN is required by law, court order, warrant, <br />subpoena, or other legal or judicial process to disclose any PHI/PII to any person other than <br />CLIENT. <br />The CLIENT shall make all reasonable efforts to ensure that those Personal Data are accurate and <br />up to date at all times, to the extent that it is within CLIENT's ability to do so. <br />The Parties hereto agree, that the above warranties relating to PHI and PII are Meridian's sole <br />responsibilities related to the processing and control of CLIENT PHI and PII. <br />7. European Union Clients <br />In the event that CLIENT will access PII originating from a country in the European Economic Area <br />("EEK) or from a country outside the EEA, MERIDIAN shall, if requested by CLIENT, will complywith <br />the applicable Privacy Law Legislation in coordination with the European Commission, relating to <br />requirements of the European Union's Directive on Data Protection. CLIENT warrants that it has the <br />consent of its employees, independent contractors or any other individual whose PII is being <br />processed and/or transmitted within the Services and MERIDIAN shall have no liability should CLIENT <br />not have received such consent. CLIENT will indemnify, defend and hold MERIDIAN harmless should <br />