Software as a Service Agreements
|
|
- Kathryn Quinn
- 6 years ago
- Views:
Transcription
1 A Better Partnership Software as a Service Agreements Janet Knaus, Nate Steed and Ken Coleman 2013 Warner Norcross & Judd LLP. All rights reserved. WNJ.com
2 2013 Warner Norcross & Judd LLP. All rights reserved. Page 2
3 Distinct Delivery Models 1. Infrastructure as a Service (IaaS) 2. Platform as a Service (PaaS) 3. Software as a Service (SaaS) 2013 Warner Norcross & Judd LLP. All rights reserved. Page 3
4 Software as a Service (SaaS) Business application delivered over the Internet in which users interact with the application through a web browser. Vendor provides the business application in a complete, ready-to-run state, with the application residing on computing infrastructure that is either owned or managed by the SaaS vendor or outsourced to a third-party vendor in a hosted or IaaS model Warner Norcross & Judd LLP. All rights reserved. Page 4
5 Key Considerations 1. Data Type of data (e.g., PHI, PII, PCI, highly sensitive corporate) Geographic location of the owners of the data and the data itself 2. Nature of the business application(s) (e.g., mission critical) 2013 Warner Norcross & Judd LLP. All rights reserved. Page 5
6 Pre-Contracting Due Diligence Mechanisms include questionnaires, requests for proposals, interviews, reference checks and review of any public filings. One of the goals is to identify gaps in your requirements and the ability of the provider to meet those requirements Warner Norcross & Judd LLP. All rights reserved. Page 6
7 Pre-Contracting Due Diligence The process should elicit information about the provider regarding: its history of compliance its insurance coverage and claims history the financial condition of the provider its security infrastructure, including the policies and procedures it has in place to ensure the administrative, technical, and physical security of the data it handles the location of the data its use of subcontractors its existing service levels and capacity to increase those levels its disaster recovery and business continuity processes 2013 Warner Norcross & Judd LLP. All rights reserved. Page 7
8 Contract Structure Click-through agreements Referenced terms posted on website. Concerns: Unilateral amendments No notices of changes 2013 Warner Norcross & Judd LLP. All rights reserved. Page 8
9 Key Contract Issues 1. Data processing and storage 2. Security 3. Service level agreements (SLAs) 2013 Warner Norcross & Judd LLP. All rights reserved. Page 9
10 Data Processing and Storage 1. Data conversion 2. Ownership 3. Use of data by the provider 4. Location 5. ediscovery 6. Data transition 2013 Warner Norcross & Judd LLP. All rights reserved. Page 10
11 Data Conversion Determine whether: Your data from legacy systems can be directly imported into the provider's software; data conversion is needed; and if needed, data conversion will be done at the provider's or your cost. When checking the provider's references, ask about other customers' data migration experiences. Consider a test run to determine the ease or difficulty of the provider's mapping scheme Warner Norcross & Judd LLP. All rights reserved. Page 11
12 Ownership of Data The contract should clearly affirm your ownership of data that will reside on the provider's system. Depending on the nature of your data and how it is processed, you might need to negotiate language to affirm your ownership of the results of any processing of its data that occurs on the provider's system Warner Norcross & Judd LLP. All rights reserved. Page 12
13 Provider's Use of Customer Information Require that the provider to maintain the confidentiality of your information and expressly prohibit the provider from using for any other purpose except in its performance of the agreement. Specify which, if any, uses of your data are permitted (e.g., aggregated, de-identified data to provide customers within an industry with data trending and analysis) Warner Norcross & Judd LLP. All rights reserved. Page 13
14 Location of Data List all locations and service providers that store, process, transmit or access your data. Require prior consent before the data can be moved outside of specific pre-defined countries Warner Norcross & Judd LLP. All rights reserved. Page 14
15 E-Discovery Central Question: Do you have sufficient contractual rights from the provider to meet obligations to which you yourself are subject? 2013 Warner Norcross & Judd LLP. All rights reserved. Page 15
16 ediscovery You should try to include the following types of clauses in order to mitigate your e-discovery risks: Ownership of data. Right to export data and method of doing so. Storage and export of data (including corresponding metadata) in specified form. Accessibility of data on-demand and by counsel and e- discovery vendors as designated by the business. Establishment of time periods the provider will keep data before deleting it pursuant to the business s and/or provider s retention schedules Warner Norcross & Judd LLP. All rights reserved. Page 16
17 ediscovery Suspension of auto-delete settings and retention schedules when litigation is reasonably anticipated. Limitation (or at least identification) of physical locations where data may be stored. Implementation of specified security measures to protect against unauthorized third-party access. Notification of any data breaches. Notification of any requests for data by third-parties in advance of any production so that the business can oppose or take action to limit the disclosure of data Warner Norcross & Judd LLP. All rights reserved. Page 17
18 Data Transition Include the right to access data during the term and upon termination or expiration of the agreement: Include the timeframe within which the provider needs to provide access and/or return data. Identify the appropriate data format. Data provided in a proprietary or otherwise inaccessible format will be of little or no use Warner Norcross & Judd LLP. All rights reserved. Page 18
19 Data Transition Require the provider to destroy all remaining customer information on the provider's servers at termination Warner Norcross & Judd LLP. All rights reserved. Page 19
20 Security 1. Policies 2. Audits and certifications 3. Breaches 2013 Warner Norcross & Judd LLP. All rights reserved. Page 20
21 Security Policies Have a data security professional review the provider's security policies. If acceptable, incorporate the provider's hardware, software and data security policies in the agreement. Verify the provider's data security capabilities through a third party's physical visit or an industryapproved audit process Warner Norcross & Judd LLP. All rights reserved. Page 21
22 Security Audits and Certifications There is no common standard for cloud computing certifications Most commonly used SSAE 16 SOC 2 (replaced SAS70) Other currently used cloud computing certifications include: 1. Systrust issued by the AICPA 2. ISO issued by the International Standards Organization 3. Certification under the Federal Information Security Management Act (FISMA) Warner Norcross & Judd LLP. All rights reserved. Page 22
23 Security Breaches Require that if a breach of security or confidentiality occurs necessitating notice to your employees, customers or others under applicable privacy law: you have sole control over the timing, content and method of the notice; and the provider is prohibited from notifying affected customers unless the customer explicitly directs the provider in writing to do so. Require the provider to reimburse you for your out-of-pocket costs and expenses (including remediation costs). Exclude these costs from the disclaimers of certain damages Warner Norcross & Judd LLP. All rights reserved. Page 23
24 Service Leval Agreements (SLAs) Types: 1. Uptime 2. Performance and response time 3. Problem resolution time 4. Infrastructure/security 2013 Warner Norcross & Judd LLP. All rights reserved. Page 24
25 Uptime SLA Requires that the software be available for access and use for a certain percentage of time during specified hours, as measured over an agreed time period. Define the term "unavailability" to include both severe performance degradation and inoperability of any software feature Warner Norcross & Judd LLP. All rights reserved. Page 25
26 Uptime SLA Require prior notice of scheduled downtimes and require that they occur during specified time periods so they align with the times your institution has critical access. Require the provider to proactively detect downtime by constant monitoring of its servers Warner Norcross & Judd LLP. All rights reserved. Page 26
27 Problem Resolution SLA Include a service level escalation matrix designating levels of severity for performance issues, and specifying timetables for the provider to correct or provide an acceptable workaround for those issues. Response time measurements should require the provider to correct (not merely to respond to) a problem within a specified period Warner Norcross & Judd LLP. All rights reserved. Page 27
28 SLA for SLA Failures Typically in the form of a credit. Require that a root cause analysis be performed after any service level failure to determine its cause and prevent future failures. Include the right to terminate for cause for repeated failures Warner Norcross & Judd LLP. All rights reserved. Page 28
29 Disaster Recovery and Business Continuity Compare the provider's data back-up practices and policies, including the frequency of its partial and periodic full backups, to the your back-up requirements. Require the provider to demonstrate and promise that it will provide business continuity by making the software available even during a disaster, power outage or similarly significant event Warner Norcross & Judd LLP. All rights reserved. Page 29
30 Force Majeure With the exception of general and widespread internet or telecommunications failures, exclude disruptions of the provider's telecommunication or internet services from the definition of a force majeure event. Make clear that force majeure events do not relieve the provider of its disaster recovery and business continuity obligations Warner Norcross & Judd LLP. All rights reserved. Page 30
31 Force Majeure Paige, While I realize that the carve out for payment as an exception to force majeure has become common, I see no reason why it should be so. The Russian meteorite from earlier this year caused me to rethink many things, including that specific provision. It seems to me that if our accounts payable department was quite literally struck by a similar calamity, GEIP could understand that our payment may be delayed. Mary is tough, but I m not sure how quickly she could recover from a meteorite, sinkhole, or other similar events. Thanks, Nate 2013 Warner Norcross & Judd LLP. All rights reserved. Page 31
32 A Better Partnership Bring Your Own Device 2013 Warner Norcross & Judd LLP. All rights reserved. WNJ.com
33 Why The Trend? 93% of the world s information is created and stored electronically 247+ billion s are sent each day 70% of the world s population now has a mobile phone 70 million phones are lost every year Every six months SMS traffic volumes increase by at least 37% Apple sold 5 million iphone 5 in three days 2013 Warner Norcross & Judd LLP. All rights reserved. Page 33
34 The Problem Employee dictates a voice memo on iphone containing sensitive sales information. She takes her iphone home and syncs it with home computer to download latest songs. Her son later syncs his ipod to computer, including the playlist Recently Added. Her son is now walking around with sensitive company information on his ipod Warner Norcross & Judd LLP. All rights reserved. Page 34
35 The Problem Employee uses his ipad at the office. He is passed over for a promotion, leaves without incident and then relocates across the country. Your company is then involved in litigation and required to produce documents, some of which are saved in the ipad s GoodReader app Warner Norcross & Judd LLP. All rights reserved. Page 35
36 The Problem 2013 Warner Norcross & Judd LLP. All rights reserved. Page 36
37 Security Company owned device vs. employee owned Applicability of policies to employee devices Company compliance with its own security program Regulatory requirements Protection of trade secrets Incident response 2013 Warner Norcross & Judd LLP. All rights reserved. Page 37
38 Privacy Employees personal communications Employee data Policies and procedures Other employee activities 2013 Warner Norcross & Judd LLP. All rights reserved. Page 38
39 Accessibility Accessibility Audit rights Litigation holds E-Discovery Destruction of confidential information Prohibit bricked or jailbroken devices Overtime pay 2013 Warner Norcross & Judd LLP. All rights reserved. Page 39
40 A Better Partnership Software Audits 2013 Warner Norcross & Judd LLP. All rights reserved. WNJ.com
41 Steady Increase in Audits 2011 Gartner study Of 228 responders, 65% indicated they had been audited by at least one vendor within last 12 months 2013 Warner Norcross & Judd LLP. All rights reserved. Page 41
42 Top Auditing Vendors Adobe Attachmate Autodesk IBM Info Informatica Microsoft Oracle SAP Symantec VMware Source: 2011 Gartner survey 2013 Warner Norcross & Judd LLP. All rights reserved. Page 42
43 No. 1 Auditing Vendor 2013 Warner Norcross & Judd LLP. All rights reserved. Page 43
44 The Audit Notice I am writing to advise you that your enterprise has been selected for a software license review Warner Norcross & Judd LLP. All rights reserved. Page 44
45 The Audit Notice 2013 Warner Norcross & Judd LLP. All rights reserved. Page 45
46 IBM - Primary areas of risk Acquisitions practice is to migrate acquired products to Passport Advantage within months of acquisition 2013 Warner Norcross & Judd LLP. All rights reserved. Page 46
47 Risk - Acquisitions Change in licensing models and process through "blue washing" Blue washing is the term IBM uses when they release updated code and change the licensing metrics for products acquired from other vendors 2013 Warner Norcross & Judd LLP. All rights reserved. Page 47
48 IBM - Primary areas of risk International Passport Advantage Agreement (IPAA) effective July 18, 2011 Major changes: All or nothing subscription and support Full capacity/sub-capacity reporting requirements 2013 Warner Norcross & Judd LLP. All rights reserved. Page 48
49 IPPA Prior Version Changes to the Agreement Terms. IBM may change the terms of this Agreement by giving the Customer Originating Company three months written notice by letter or . Such change applies as of the date IBM specifies in the notice. You agree that you have consented to any such change if you do not notify IBM in writing, prior to the effective date specified in IBM s written notice, that you disagree with the change. IBM may add or withdraw Eligible Products or change an Eligible Product s SVP or point value at any time. Otherwise, for a change to be valid, both the Customer Originating Company and the IBM Originating Company must sign it. Additional or different terms in any order or written communication from you are void Warner Norcross & Judd LLP. All rights reserved. Page 49
50 IBM Primary areas of risk 2-3 year recurring audit cycles Mainframe System z programs added to audit process in Warner Norcross & Judd LLP. All rights reserved. Page 50
51 Microsoft 30,000 audits on small to midsize companies (500-2,000 computers) in Warner Norcross & Judd LLP. All rights reserved. Page 51
52 Microsoft 2 Types of Audits 2 Types of audits: 1. Software Asset Management (SAM) voluntary audit 2. Legal Contract and Compliance Audit (LCC Audit) Serious infractions; and Those who Refuse to participate in the SAM audit 2013 Warner Norcross & Judd LLP. All rights reserved. Page 52
53 Oracle - Primary areas of risk 1. Change in licensing metrics in ordering documents 2. Oracle only recognizes hard-partitioning as method of isolating use of Processor and Named User Plus licenses for the Oracle Database and other Infrastructure licenses 2013 Warner Norcross & Judd LLP. All rights reserved. Page 53
54 Attachmate 2013 Warner Norcross & Judd LLP. All rights reserved. Page 54
55 Attachmate 2013 Warner Norcross & Judd LLP. All rights reserved. Page 55
56 Questions 2013 Warner Norcross & Judd LLP. All rights reserved. Page 56
Statement of Guidance: Outsourcing Regulated Entities
Statement of Guidance: Outsourcing Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1 This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on the establishment of
More informationASX CLEAR (FUTURES) OPERATING RULES Guidance Note 9
OFFSHORING AND OUTSOURCING The purpose of this Guidance Note The main points it covers To provide guidance to participants on some of the issues they need to address when offshoring or outsourcing their
More informationASX CLEAR OPERATING RULES Guidance Note 9
OFFSHORING AND OUTSOURCING The purpose of this Guidance Note The main points it covers To provide guidance to participants on some of the issues they need to address when offshoring or outsourcing their
More informationCity of Coquitlam. Request for Expressions of Interest RFEI No Workforce Scheduling Software
Request for Expressions of Interest RFEI No. 18-01-19 Workforce Scheduling Software Issue Date: March 8, 2018 TABLE OF CONTENTS Page DEFINITIONS... 3 1. REQUEST FOR EXPRESSIONS OF INTEREST... 4 1.1 Request...
More informationThird Party Trust Manage your outsourcing arrangements
Third Party Trust Manage your outsourcing arrangements Who's keeping your promises October 2014 Issue 1 Contents Page MAS Outsourcing Guidelines and Notice 4 Implications of Notice 6 MAS Outsourcing Guidelines
More informationDATA PROTECTION POLICY (in force since 21 May 2018)
DATA PROTECTION POLICY (in force since 21 May 2018) This Data Protection Policy is issued by IDM Südtirol - Alto Adige, with registered office in Piazza della Parrocchia n. 11 39100, Bolzano (hereinafter
More informationOutsourcing Guidelines. for Financial Institutions DRAFT (FOR CONSULTATION)
Outsourcing Guidelines for Financial Institutions DRAFT (FOR CONSULTATION) October 2015 Table of Contents 1. INTRODUCTION... 3 2. DEFINITIONS... 3 3. PURPOSE, APPLICATION AND SCOPE... 4 4. TRANSITION PERIOD...
More informationVacancy Announcement
Vacancy Announcement ***When applying for this position, refer to "POSITION # 5345" on your application package.*** POSITION: Cybersecurity Senior Specialist (#5345) DEPARTMENT: Cybersecurity / Systems
More informationABM Industries Incorporated
ABM Industries Incorporated Report on ABM Industries Incorporated s Assertion about the Suitability of Design and Operating Effectiveness of its Controls Relevant to Security for its Primary IT Infrastructure
More information1. Lead Times. 2. Duration and Effective Date
1. Lead Times From receipt of a new signed service agreement, the times taken to implement the Hosting Services will be 2 weeks. 2. Duration and Effective Date 2.1 The Effective Date of this Schedule is
More informationREVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File
The Alexandra Hospital, Ingersoll PRIVACY POLICY SUBJECT-TITLE Privacy Policy REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust DATE Oct 11, 2005 Nov 8, 2005 POLICY CODE DATE OF ORIGIN
More informationGDPR DATA PROCESSING ADDENDUM. (Revision March 2018)
GDPR DATA PROCESSING ADDENDUM (Revision March 2018) From 25 May 2018 the GDPR obliges a Controller to have a written agreement containing prescribed provisions with any Processor that it uses. This General
More informationBusiness Risk Planning
Business Risk Planning SENTINEL EVENTS EHNAC Background The Electronic Healthcare Network Accreditation Commission (EHNAC) is a federally recognized, standards development organization and tax-exempt,
More informationSecurity and Risk considerations for outsourced IT Services EA InfoSec Conference,14/08/2013, version 1.0
Security and Risk considerations for outsourced IT Services EA InfoSec Conference,14/08/2013, version 1.0 Overview What is IT Outsourcing Why companies outsource IT Security and risk considerations Ensuring
More informationREQUEST FOR PROPOSALS RFP No IBM Software Subscription and Support Renewal
REQUEST FOR PROPOSALS RFP No. 14-09-03 IBM Software Subscription and Support Renewal Proposals will be received on or before 2:00 p.m. (local time) Wednesday, January 14, 2015 (Closing date and time) Obtaining
More informationEsri Global Disaster Resilience App Challenge 2014
Esri Global Disaster Resilience App Challenge 2014 Official Rules 1. Sponsor: Environmental Systems Research Institute, Inc. (Esri), 380 New York Street, Redlands, California 92373 USA (hereinafter referred
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: 2013 Wisconsin Dental Association (800) 243-4675 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationOntario School District 8C
Ontario School District 8C Request for Proposals: Content Management System 195 SW 3 rd Ave Ontario, Oregon 97914 Tel: 541-889-5374 Fax: 541-889-8553 tstephan@ontario.k12.or.us Bidding Window Opens: April
More informationARIZONA JOB TRAINING PROGRAM PROGRAM RULES & GUIDELINES (RULES) 1
ARIZONA JOB TRAINING PROGRAM PROGRAM RULES & GUIDELINES (RULES) 1 Section 1. Overview The Arizona Job Training Program (Program), established pursuant to A.R.S. 41-1541 through 1544 and administered by
More informationREQUEST FOR PROPOSALS RFP No IBM Software Subscription and Support Renewal
REQUEST FOR PROPOSALS RFP No. 15-09-11 IBM Software Subscription and Support Renewal Proposals will be received on or before 2:00 p.m. (local time) Wednesday, November 18, 2015 (Closing date and time)
More informationMemorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL
Memorial Hermann Information Exchange MHiE POLICIES & PROCEDURES MANUAL TABLE OF CONTENTS 1. Definitions 3 2. Hardware/Software Supported Platform Requirements 4 3. Anti-virus Software Requirement 4 4.
More informationNegotiating Nurse Practitioner Employment Agreements. General Considerations. General Considerations
Negotiating Nurse Practitioner Employment Agreements The Nurse Practitioner Association New York State 32 nd Annual Conference Niagara Falls October 1, 2016 Glenn P. Prives, Esq. McElroy, Deutsch, Mulvaney
More information2018 Terms and Conditions for Support of Grant Awards Revised 7 th June 2018
ENVIRONMENTAL PROTECTION AGENCY An Ghníomhaireacht um Chaomhnú Comhshaoil EPA Research Programme 2014 2020 2018 Terms and Conditions for Support of Grant Awards Revised 7 th June 2018 The EPA Research
More informationIT Managed Services Provider
RFP 2018 2 February 2, 2018 IT Managed Services Provider City of Duncan, Finance Department Attention: Talitha Soldera, Director of Finance City of Duncan, 200 Craig Street, Duncan, BC, V9L 1W3 Submission
More informationEsri Data Viz App Challenge 2015
Esri Data Viz App Challenge 2015 Official Rules and Terms of Agreement 1. Sponsor: Environmental Systems Research Institute, Inc. (Esri), 380 New York Street, Redlands, California 92373 USA ( Sponsor ).
More informationFOUR TIPS: THE INVISIBLE IMPACT OF CREDENTIALING
FOUR TIPS: THE INVISIBLE IMPACT OF CREDENTIALING The Invisible Impact of Credentialing Four Tips: The past 8 to 10 years have been transformative in the business of providing healthcare. The 2009 American
More informationWESTINGHOUSE INNOVATION ACCELERATOR WeLink SPRINT REGULATION
WESTINGHOUSE INNOVATION ACCELERATOR WeLink SPRINT REGULATION On October 27, 2016, Westinghouse Electric Belgium SA (the "Company"), launched the WeLink Innovation Accelerator (the "Project"), in order
More informationREQUEST FOR PROPOSALS
REQUEST FOR PROPOSALS Request for Proposal for Prosecutors Office Case Management Software ISSUED BY: Jefferson County Prosecuting Attorney P.O. Box 729 120 S. George Street Charles Town, WV 25414 Date
More informationCommonwealth of Pennsylvania
Commonwealth of Pennsylvania Date: November 7, 2013 Subject: PLCB Regulatory Affairs System Solicitation Number: 20121101 Proposal Due 1:00 p.m. on December 11, 2013 Date/Time: Addendum Number: 2 To All
More informationWest Virginia Trading Partner Account Patient Roster User Guide. Date of Publication: 01/19/2016 Document Version: 1.0
West Virginia Trading Partner Account Date of Publication: 01/19/2016 Document Version: 1.0 Privacy and Security Rules WV MMIS Trading Partner Account The Health Insurance Portability and Accountability
More informationINFORMATION TECHNOLOGY ASSESSMENT & PLANNING CONSULTANT REQUEST FOR PROPOSALS (RFP)
INFORMATION TECHNOLOGY ASSESSMENT & PLANNING CONSULTANT REQUEST FOR PROPOSALS (RFP) Los Angeles County Children and Families First Proposition 10 Commission (aka First 5 LA) RELEASE DATE: AUGUST 24, 2017
More information2018 IATA GAPS Startup Innovation Awards Terms & Conditions
2018 IATA GAPS Startup Innovation Awards Terms & Conditions VOID WHERE PROHIBITED. NO PURCHASE NECESSARY TO ENTER OR WIN. GENERAL INFORMATION 1. Information on how to enter the 2018 IATA Global Airport
More informationEsri and URISA Story Map Challenge
Esri and URISA Story Map Challenge Official Rules and Terms of Agreement 1. Sponsor: Environmental Systems Research Institute Inc (Esri)., 380 New York Street, Redlands, California 92373 USA (hereinafter
More informationTelemedicine Privacy and Security: Safeguarding Protected Health Information and Minimizing Risks of Disclosure
Presenting a live 90-minute webinar with interactive Q&A Telemedicine Privacy and Security: Safeguarding Protected Health Information and Minimizing Risks of Disclosure THURSDAY, AUGUST 13, 2015 1pm Eastern
More informationNew England Telehealth Consortium
New England Telehealth Consortium Healthcare Connect Fund St. Mary s Regional Medical Center WAN Services Request for Proposal 1. Statement of Purpose 1.1 Established by the Federal Communications Commission
More informationWEDC REQUEST FOR PROPOSALS:
WEDC REQUEST FOR PROPOSALS: FINANCIAL ACCOUNTING SOFTWARE ISSUED: March 16, 2018 All questions regarding this RFP and vendors Intention to Submit a Proposal must be submitted in writing to natalya.krutova@wedc.org
More informationPRIVACY MANAGEMENT FRAMEWORK
PRIVACY MANAGEMENT FRAMEWORK Section Contact Office of the AVC Operations, International and University Registrar Risk Management Last Review July 2014 Next Review July 2017 Approval SLT14/7/176 Effective
More informationChapter 9 Legal Aspects of Health Information Management
Chapter 9 Legal Aspects of Health Information Management EXERCISE 9-1 Legal and Regulatory Terms 1. T 2. F 3. F 4. F 5. F EXERCISE 9-2 Maintaining the Patient Record in the Normal Course of Business 1.
More informationPrivacy Code for Consumer, Customer, Supplier and Business Partner Data
Privacy Code for Consumer, Customer, Supplier and Business Partner Data Introduction JACOBS DOUWE EGBERTS is committed to the protection of personal data of its Consumer, Customers, Suppliers and Business
More informationOhio Opioid Technology Challenge Idea Phase
OFFICIAL RULES Ohio Opioid Technology Challenge Idea Phase 1. LEGAL TERMS: By submitting an Entry (as defined herein) to the Ohio Opioid Technology Challenge Idea Phase (the "Competition"), you are agreeing
More informationWaitsfield, VT Attn: Reward Volunteers. All note card entries must be received by April 14, 2017.
RULES The Reward Volunteers ("RV") Campaign (meaning Program and also more specifically also refers to a specific time period that Reward Volunteers runs, with a specific list of prizes and start and end
More informationCONTINUOUS IMPROVEMENT INITIATIVE GUIDELINES OCTOBER 2017
CONTINUOUS IMPROVEMENT INITIATIVE GUIDELINES 2017 2018 OCTOBER 2017 What is the purpose of the Continuous Improvement Initiative? Continuous Improvement Initiative Guidelines Launched in February 2007,
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT AIRESPRING CORE IP DEDICATED INTERNET ACCESS This Service Level Agreement ( SLA ) is effective as of the first day of the second month after initial installation of AireSpring Core
More informationApplications accepted through 9/15/2016 by 5:00 PM Eastern Time
Fuel NY - Permanent Generator Initiative Program Opportunity Notice (PON) 3256 $ 12,000,000 available Applications accepted through 9/15/2016 by 5:00 PM Eastern Time INITIATIVE SUMMARY The New York State
More informationLEXINGTON-FAYETTE URBAN COUNTY AIRPORT BOARD REQUEST FOR PROPOSALS. to provide INVESTMENT MANAGEMENT SERVICES. for BLUE GRASS AIRPORT
LEXINGTON-FAYETTE URBAN COUNTY AIRPORT BOARD REQUEST FOR PROPOSALS to provide INVESTMENT MANAGEMENT SERVICES for BLUE GRASS AIRPORT DATED: March 5, 2017 TABLE OF CONTENTS 1. NOTICE AND REQUEST FOR PROPOSALS...
More informationportugalventures.pt
Rules and Regulations Version 3.0 Release date: September 2017 Portugal Capital Ventures, S.A. 1 Article 1 Purpose 1.1 Ventures is a venture capital investment fund created under the scope of the Azorean
More informationNOTICE OF ADOPTION RULE NO
NOTICE OF ADOPTION RULE NO. 18 03 1. Rule. Job Training Program: Program Rules and Guidelines (the Rule) 2. Date of Posting Notice of Rule Making. April 6, 2018 3. Public Comment Period. April 6, 2018
More information2018 IATA Ground Handling Conference Innovator Competition (IGHC Innovator 2018) Terms & Conditions
2018 IATA Ground Handling Conference Innovator Competition (IGHC Innovator 2018) Terms & Conditions VOID WHERE PROHIBITED. NO PURCHASE NECESSARY TO ENTER OR WIN. GENERAL INFORMATION 1. Information on how
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT AIRESPRING MPLS This Service Level Agreement ( SLA ) is effective as of the first day of the second month after initial installation of AireSpring MPLS (the Service). This SLA sets
More informationNOA Glossary of Sourcing Terms
NOA Glossary of Sourcing Terms 1 NOA 2015 Copyright Statement and Disclaimer This document has been prepared as a reference for sourcing professionals. It cannot be reproduced in part or whole in any form
More informationConsolato d Italia. Cape Town
Consolato d Italia Cape Town SPECIFICATIONS SELECTION PROCEDURE FOR AN EXTERNAL SERVICE PROVIDER TO SUPPORT THE ITALIAN CONSULAR/DIPLOMATIC MISSION IN THE PROCESSING OF VISA APPLICATION DEFINITIONS For
More informationPMA Business Continuity Plan
1 PMA Business Continuity Plan Emergency notification contacts Name Address Home Mobile phone Ian Jones ian@delegatecentral.com ian@practicemanagersuk.org ian.ljones@tiscali.co.uk 01606 44945 07880 788985
More informationRESEARCH POLICY MANUAL
POLICY MANUAL RESEARCH Number 588 Subject: Research Data Covered Employees: USU Employees and Students Date of Origin: May 5, 2017 588.1 INTRODUCTION Research data are an essential component of any research
More informationTOWN OF CLINTON Technology Department
TOWN OF CLINTON Technology Department Request for Proposals for Document Scanning and Electronic Document Management System RFP: TOC-DSDM-2017-05 ADDENDUM: A Proposal Submission Deadline: August 21, 2017
More informationWEST VIRGINIA HIGHER EDUCATION POLICY COMMISSION REQUEST FOR PROPOSALS VERIFICATION AND DOCUMENT MANAGEMENT SERVICES RFP #19007.
WEST VIRGINIA HIGHER EDUCATION POLICY COMMISSION REQUEST FOR PROPOSALS VERIFICATION AND DOCUMENT MANAGEMENT SERVICES RFP #19007 Table of Contents Section 1 Section 2 Section 3 Section 4 Section 5 Section
More informationMandatory Reporting and Breach Notification Changes to PHIPA and what you need to know
Mandatory Reporting and Breach Notification Changes to PHIPA and what you need to know 1 Sarah Yun Associate Overview of amendment to O. Reg. 329/04 and What you need to know Brian Beamish Information
More informationSTATE OF RHODE ISLAND OFFICE OF THE GENERAL TREASURER
STATE OF RHODE ISLAND OFFICE OF THE GENERAL TREASURER REQUEST FOR PROPOSALS TO PROVIDE An Automated Reconciliation Software Solution The Office of the General Treasurer 50 Service Avenue Warwick, RI 02886
More informationBanking Regulation and Policy Department Bangladesh Bank Head Office Dhaka
Banking Regulation and Policy Department Bangladesh Bank Head Office Dhaka BRPD Circular No- Date:---------- Managing Director/Chief Executive All bank-companies operating in Bangladesh Dear Sir, Guidelines
More informationREQUEST FOR INFORMATION STAFF AUGMENTATION/IT CONSULTING RFI NO.: DOEA 14/15-001
REQUEST FOR INFORMATION STAFF AUGMENTATION/IT CONSULTING RFI NO.: DOEA 14/15-001 I. INTRODUCTION The Florida Department of Elder Affairs (DOEA) hereby issues this Request for Information (RFI) to all interested
More informationNeoOne VPN Service Specific Terms and Conditions
1. APPLICABILITY This Service Schedule for the purchase of NeoOne VPN and Global NeoVPN Services is subject to the signing of an agreement or Addendum between the customer and FirstNet, and is also subject
More informationRequest for Proposal George West Independent School District ERate
Request for Proposal ERate 2015-2016 Local Phone Service, Long Distance Phone Service, Digital Transmission Service, Internet Access Due: February 25, 2015, 2:00 PM Superintendent: Ty Sparks ERate 2015
More informationCompliance Program And Code of Conduct. United Regional Health Care System
Compliance Program And Code of Conduct United Regional Health Care System TABLE OF CONTENTS Page MESSAGE FROM OUR PRESIDENT... 1 COMPLIANCE PROGRAM... 2 Program Structure...2 Management s Responsibilities
More informationINDEPENDENT AUDIT OF FINANCIAL STATEMENTS REQUEST FOR PROPOSAL FOR PROFESSIONAL SERVICES
INDEPENDENT AUDIT OF FINANCIAL STATEMENTS REQUEST FOR PROPOSAL FOR PROFESSIONAL SERVICES INTRODUCTION The Fort Worth Employees Retirement Fund ( FWERF ) seeks the services of an external, independent auditor
More informationWhite Paper on the use of social media messaging services by medical professionals practising under UK law. December 2017
White Paper on the use of social media messaging services by medical professionals practising under UK law December 2017 CONTENTS 1. WHITE PAPER ON THE USE OF SOCIAL MEDIA MESSAGING SERVICES BY MEDICAL
More informationDEPARTMENT OF DEFENSE (DFAR) GOVERNMENT CONTRACT PROVISIONS
PAGE 1 OF 6 INCORPORATION OF FAR CLAUSES The following terms and conditions apply for purchase orders, subcontracts, or other applicable agreements issued in support of a US Government Department of Defense
More informationLIBRARY COOPERATIVE GRANT AGREEMENT BETWEEN THE STATE OF FLORIDA, DEPARTMENT OF STATE AND [Governing Body] for and on behalf of [grantee]
PROJECT NUMBER _[project number]_ LIBRARY COOPERATIVE GRANT AGREEMENT BETWEEN THE STATE OF FLORIDA, DEPARTMENT OF STATE AND [Governing Body] for and on behalf of [grantee] This Agreement is by and between
More informationPOLICIES, RULES AND PROCEDURES
POLICIES, RULES AND PROCEDURES of the Propane Education and Research Council, Inc. Suite 1075 1140 Connecticut Avenue, NW Washington, DC 20036 As Amended Through February 3, 2011 Table Of Contents SECTION
More informationCommunity Dispute Resolution Programs Grant Agreement
Community Dispute Resolution Programs 2013-2015 Grant Agreement I. PARTIES 1. State Board of Higher Education acting by and through the University of Oregon on behalf of the University of Oregon School
More informationNew England Telehealth Consortium
New England Telehealth Consortium Healthcare Connect Fund Dedicated Internet Service Request for Proposal RFP 101 February 2016 1. Statement of Purpose 1.1 The ( NETC ) is a regional healthcare consortium
More informationOffice of the Australian Information Commissioner
Policy and Procedure Name Privacy Policy and Procedure Version 1.0 Approved By Chief Executive Officer Date Approved 19/10/2016 Review Date 30/06/2017 Opportune Professional Development in accordance with
More informationTHIS AGREEMENT made effective this day of, 20. BETWEEN: NOVA SCOTIA HEALTH AUTHORITY ("NSHA") AND X. (Hereinafter referred to as the Agency )
THIS AGREEMENT made effective this day of, 20. BETWEEN: NOVA SCOTIA HEALTH AUTHORITY ("NSHA") AND X (Hereinafter referred to as the Agency ) It is agreed by the parties that NSHA will participate in the
More informationREQUEST FOR PROPOSAL RFP Name of Project/Project Title. Background Information. Issue Date: 01/12/2017 Proposal Due Date: 2/16/2017
REQUEST FOR PROPOSAL RFP 17-009 Issue Date: 01/12/2017 Proposal Due Date: 2/16/2017 Issued by: Southeast Alaska Regional Health Consortium 3100 Channel Drive, Suite 300 Juneau, Alaska 99801 Email Proposals
More informationRecommendations on outsourcing to cloud service providers (EBA/REC/2017/03)
Recommendations on outsourcing to cloud service providers (EBA/REC/2017/03) These Recommendations of the European Banking Authority (EBA) are addressed to competent authorities as defined in point (i)
More informationGAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information
GAO United States General Accounting Office Report to the Committee on Armed Services, U.S. Senate March 2004 INDUSTRIAL SECURITY DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection
More informationReport of the Auditor General to the Nova Scotia House of Assembly. December Independence Integrity Impact
Report of the Auditor General to the Nova Scotia House of Assembly December 2014 Independence Integrity Impact November 19, 2014 Honourable Kevin Murphy Speaker House of Assembly Province of Nova Scotia
More informationREQUEST FOR QUALIFICATIONS G ELLUCIAN (Datatel) COLLEAGUE CONVERSION TO MS SQL AND RELATED UPGRADES PROJECT
SAN JOSE/EVERGREEN COMMUNITY COLLEGE DISTRICT 4750 San Felipe Road, San Jose, CA 95135 REQUEST FOR QUALIFICATIONS G2010.0069 ELLUCIAN (Datatel) COLLEAGUE CONVERSION TO MS SQL AND RELATED UPGRADES PROJECT
More informationRECOMMENDATIONS ON CLOUD OUTSOURCING EBA/REC/2017/03 28/03/2018. Recommendations. on outsourcing to cloud service providers
EBA/REC/2017/03 28/03/2018 Recommendations on outsourcing to cloud service providers 1. Compliance and reporting obligations Status of these recommendations 1. This document contains recommendations issued
More informationGeorgia Lottery Corporation ("GLC") PROPOSAL. PROPOSAL SIGNATURE AND CERTIFICATION (Authorized representative must sign and return with proposal)
NOTE: PLEASE ENSURE THAT ALL REQUIRED SIGNATURE BLOCKS ARE COMPLETED. FAILURE TO SIGN THIS FORM AND INCLUDE IT WITH YOUR PROPOSAL WILL CAUSE REJECTION OF YOUR PROPOSAL. Georgia Lottery Corporation ("GLC")
More informationRequest for Information (RFI) For Network Monitoring & Management (NMC/OMC) Services
Request for Information (RFI) For Network Monitoring & Management (NMC/OMC) Services 1 Background In February 2012, Congress enacted The Middle Class Tax Relief and Job Creation Act of 2012, containing
More informationSTATE OF MINNESOTA DAKOTA COUNTY REQUEST FOR PROPOSALS FOR A LAND ACQUISTION MANAGEMENT SYSTEM AND PROFESSIONAL SERVICES.
STATE OF MINNESOTA DAKOTA COUNTY REQUEST FOR PROPOSALS FOR A LAND ACQUISTION MANAGEMENT SYSTEM AND PROFESSIONAL SERVICES. Proposal Due Date: November 3rd, 2017 at 4 p.m. CDT Proposals to be Returned to:
More informationTEMPLATE Competition Rules B2professional audience Microsoft NV 14/08/2014
1. DEFINITIONS COMPETITION RULES B2B PROFESSIONAL AUDIENCE 1. Competition : the competition named [So You Think You Can Demo] 2. Competition Period : period during which the participation in the competition
More informationReporting and Investigating Privacy Breaches and Complaints Approval: Original Signed by R. Cloutier. Date: September 2017
REGIONAL Applicable to all WRHA governed sites and facilities (including hospitals and personal care homes), and all funded hospitals and personal care homes. All other funded entities are excluded unless
More informationI. PURPOSE DEFINITIONS. Page 1 of 5
Policy Title: Computer, E-mail and Mobile Computing Device Use Accreditation Reference: Effective Date: October 15, 2014 Review Date: Supercedes: Policy Number: 4.31 Pages: 1.5.9 Attachments: October 15,
More informationNAMSS: 31 st Annual Conference Marriott Marquis, New York, New York. Final Rule MS.1.20: Back To the Past. October 3, 2007
NAMSS: 31 st Annual Conference Marriott Marquis, New York, New York Final Rule MS.1.20: Back To the Past October 3, 2007 Michael R. Callahan Katten Muchin Rosenman LLP 525 W. Monroe Chicago, Illinois 312.902.5634
More informationStudy Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
More informationDeal or No Deal: Managing Vendor Relations & HMIS Contracting
Deal or No Deal: Managing Vendor Relations & HMIS Contracting Michelle Hayes, Cloudburst Consulting Group Jeff Ward, El Paso Coalition for the Homeless September 17, 2007 Learning Objectives 1. To understand
More informationANALOG DESIGN CONTEST RULES FOR UNIVERSITY OF TEXAS AT DALLAS
ANALOG DESIGN CONTEST RULES FOR UNIVERSITY OF TEXAS AT DALLAS For purposes of these Rules, TI shall mean Texas Instruments Incorporated and its subsidiaries. TI is also referred to herein as Sponsor. 1.
More informationRegulatory Compliance. Operations and Systems Outsourcing: Compliance Considerations for Broker-Dealers.
Regulatory Compliance. Operations and Systems Outsourcing: Compliance Considerations for Broker-Dealers. Regulatory Compliance: Operations & Systems Outsourcing Introduction Due to the efficiencies and
More informationMAS RELEASES REVISED GUIDELINES ON OUTSOURCING RISK MANAGEMENT
AUGUST 2016 1 MAS RELEASES REVISED GUIDELINES ON OUTSOURCING RISK MANAGEMENT On 27 July 2016, the Monetary Authority of Singapore ( MAS ) issued its new Guidelines on Outsourcing Risk Management ( Revised
More informationVacancy Announcement
Vacancy Announcement POSITION: Senior Systems Engineer DEPARTMENT: Technology Development Services / Enterprise Operations / Data Center Operations REQUIREMENTS: See attached Position Description SALARY
More informationAutomated License Plate Readers (ALPRs)
Automated License Plate Readers (ALPRs) PURPOSE AND SCOPE The purpose of this policy is to provide guidance for the capture, storage and use of digital data obtained through the use of Automated License
More informationSanilac County Community Mental Health Authority
Sanilac County Community Mental Health Authority 227 E. Sanilac Ave, Sandusky Michigan 48471 (810) 648-0330 Fax: (810) 648-0319 Request for Proposal Phone System and IP Phones Due Date: Wednesday, July
More informationWarmWise Audits & Rebates Contest Drawing PA-7 OFFICIAL RULES
WarmWise Audits & Rebates Contest Drawing PA-7 OFFICIAL RULES Please read these Official Rules (these Official Rules ) of Columbia Gas of Pennsylvania, Inc. s WarmWise Audits & Rebates Program PA-7 (the
More informationDun & Bradstreet Partner Code of Conduct
Dun & Bradstreet Partner Code of Conduct Dun & Bradstreet Global Compliance Hotline (U.S. and Canada) 800.261.8552 (Outside U.S. and Canada) Country Access Number, then 800.261.8552 https://dnb.alertline.com
More informationCommercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental)
SECTION 1 - INTRODUCTION 1.1 Background and Authority Commercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental) The 2014 Quadrennial Defense Review (QDR)
More informationLOS ANGELES COUNTY SHERIFF S DEPARTMENT REQUEST FOR INFORMATION RFI NUMBER 652 SH ONLINE TRAFFIC REPORTS (OLTR)
LOS ANGELES COUNTY SHERIFF S DEPARTMENT REQUEST FOR INFORMATION RFI NUMBER 652 SH ONLINE TRAFFIC REPORTS (OLTR) May 2018 Prepared By These guidelines are intended to provide general information only and
More informationFarm Data Code of Practice Version 1.1. For organisations involved in collecting, storing, and sharing primary production data in New Zealand
Farm Data Code of Practice Version 1.1 For organisations involved in collecting, storing, and sharing primary production data in New Zealand MARCH 2016 1 Farm Data Code of Practice The Farm Data Code of
More informationPrecedence Privacy Policy
Precedence Privacy Policy This Policy describes how Precedence Health Care Pty Ltd (Precedence), and any company which it owns or controls, manages personal information for which it is responsible, specifically
More informationNORWICH UNIVERSITY TELECOMMUTING POLICY Reviewed and approved on April 30, 2012 OBJECTIVE
NORWICH UNIVERSITY TELECOMMUTING POLICY Reviewed and approved on April 30, 2012 OBJECTIVE This policy is to establish procedures, eligibility requirements, criteria, and responsibilities for approving
More informationPolicy on Telecommuting
Page 1 of 9 PURPOSE: California State University Channel Islands supports telecommuting when the campus determines that telecommuting is in its best interest. Such instances for telecommuting
More information