Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

Similar documents
NON-DISCLOSURE AGREEMENT

SUPPLIER DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

OTrack Data Processing Terms

Telekom Austria Group Standard Data Processing Agreement

Data Processing Agreement

DATA PROCESSING AGREEMENT

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

Appendix 1 Data Processing Agreement

Trócaire General Terms and Conditions for Procurement

Data Processing Agreement

UNIVERSITY OF ULSTER THIRD PARTY PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

FUJITSU Cloud Service K5: Data Protection Addendum

EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

PACKET ONE S ARD ANNEXURE I PACKET ONE S ARD ANNEXURE I NON-DISCLOSURE AGREEMENT. THIS NON-DISCLOSURE AGREEMENT ( Agreement ) is made on of 2009

Purchasing Terms and Conditions

PERSONAL DATA PROCESSING AGREEMENT

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

Attachment 1. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Annex 1: Standard Contractual Clauses (processors)

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

GENERAL TERMS AND CONDITIONS FOR THE SUPPLY OF GOODS AND SERVICES

BUSINESS ASSOCIATE AGREEMENT

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Terms and Conditions GDPR Ready Data

INDEPENDENT CONTRACTOR AGREEMENT

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

Model Data Processing Agreement (GDPR)

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

Data Processing Addendum

Customer Data Annual Privacy Agreement

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Data Processing Addendum

VistaJet Purchase Order General Terms and Conditions

SSLI \6.0 v1.0

E-Channels Customer Master Agreement - HSBCnet (Business) Customer Details. Full Customer (Company) Name: Address: Emirate: Postal Code / PO Box:

BUSINESS ASSOCIATE AGREEMENT

Data Protection Bill [HL]

COMMON TERMS AND CONDITIONS FOR CASH MANAGEMENT PRODUCTS & SERVICES

Exhibit MC - Standard Contractual Clauses (processors)

MUTUAL NON-DISCLOSURE AGREEMENT

TERMS AND CONDITIONS FOR BANTU PRODUCTS AND SERVICES

AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING

RETS DATA ACCESS AGREEMENT

FORM OF CLASS LICENSE FOR VALUE ADDED SERVICES INTENDED TO BE GRANTED BY THE TELECOMMUNICATIONS REGULATORY AUTHORITY

Data Protection Bill [HL]

1. This is the Country Addendum (Vietnam) to the UOB Business Internet Banking Service Agreement (the Agreement ).

CAPACITY MARKET FRAMEWORK AGREEMENT

THE PERSONAL DATA (PROTECTION) BILL, 2013

BUSINESS ASSOCIATE AGREEMENT WITH COVERED ENTITY

The Scottish Further and Higher Education Funding Council. Standard Terms and Conditions of Contract for professional services.

16 March Purpose & Introduction

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

SaaS Software Escrow Agreement [Agreement Number EL ]

CONSULTANCY SERVICES AGREEMENT

SOUTHERN CALIFORNIA EDISON COMPANY ENERGY SERVICE PROVIDER SERVICE AGREEMENT

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Client Order Routing Agreement Standard Terms and Conditions

1. THE SYSTEM AND INFORMATION ACCESS

NON-DISCLOSURE AGREEMENT ( BILATERAL ) Executed as of the day of.

Serco Limited Purchase Order Terms and Conditions (the "PO Terms")

THIS DELEGATED REPORTING SERVICE AGREEMENT (the Agreement )

Terms and Conditions Belfius via SWIFT

INDEPENDENT CONTRACTOR TERMS OF AGREEMENT Return to the Division of Human Resources when complete. Name: Individual: Business: (mark one)

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

Data Protection Policy. Malta Gaming Authority

Data processing agreement

SAMPLE FORMS - CONTRACTS DATA REQUEST AND RELEASE PROCESS NON-DISCLOSURE AGREEMENT, Form (See Attached Form)

INFORMATION AGREEMENT

General Terms for Use Of The BBC Logo By Licensee Of Independent Producers

Website Development Agreement

END-USER LICENSE AGREEMENT

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States


NOTICE: THIS IS A LEGALLY BINDING CONTRACT

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

KAISER FOUNDATION HOSPITALS ON BEHALF OF KAISER FOUNDATION HEALTH PLAN OF THE MID-ATLANTIC STATES, INC.

Data Processing Addendum

DFN-AAI Service Provider Agreement

MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (Department of Information Technology) NOTIFICATION New Delhi, the 11th April, 2011

GRANT AGREEMENT ( Agreement ) Effective as at the last date of signing.

I300 SOFTWARE LICENSE AGREEMENT 1. DEFINITIONS

ARTICLE 29 DATA PROTECTION WORKING PARTY

CoreLogic Matrix Terms of Use & Privacy Policy

SUPER AUDIO CD INFORMATION AGREEMENT. This Agreement is entered into this day of, 2014 ( the Effective Date ) by and between

Port Glasgow St Andrew s Data Protection Policy

TARGA NGL PIPELINE COMPANY LLC NOTICE OF OPEN SEASON

SERVICE PROVIDER SECURITY AGREEMENT. Clemson University ( Clemson ) and. Vendor Name Here. ( Service Provider )

General Terms of Use and Privacy Policy for the EBU/Eurovision websites

SPONSORSHIP AGREEMENT

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

Transcription:

Between <<Health Service Provider>> And The National Message Broker Service known as Healthlink

THIS AGREEMENT is dated and made between: (1) <<Health Service Provider>>, which has its principle administrative offices at <<address of Health Service Provider>> and (2) The National Message Broker Service ( Healthlink ), an electronic communications service that is operated and funded by the Health Service Executive. This Agreement covers the following Service(s) provided by Healthlink to the Health Service Provider: The secure transference of clinical patient information (such as laboratory and radiology results) via the Internet. RECITALS A. In connection with the provision of the Service(s) which Healthlink is supplying to the Health Service Provider, this Agreement shall apply to all Data, disclosed by the Health Service Provider to Healthlink for Processing, accessed by Healthlink on the authority of the Health Service Provider for Processing and otherwise received by Healthlink for Processing on Health Service Providers behalf. B. The Health Service Provider is the Data Controller in respect of all Personal Data that Healthlink Processes on its behalf in connection with the provision of the Service(s) C. Healthlink is a Data Processor in respect of all Personal Data it Processes on behalf of the Health Service Provider in connection with the provision of the Service(s) D. It is intended that this Agreement will govern the terms and conditions applying to Healthlink s use of the Data and other related matters. NOW IT IS HEREBY AGREED by and between the Health Service Provider and Healthlink hereto as follows: 1 Definitions: In this Agreement, unless the context otherwise requires: Data shall mean any information of what ever nature that, by whatever means, is provided to Healthlink by the Health Service Provider, is accessed by Healthlink on the authority of the Health Service Provider or is otherwise received by Healthlink on the Health Service Provider behalf, for the purposes of the Processing specified in the Data Protection Acts and the GDPR (When effective), and shall include, without limitation, any Personal Data; 2

Data Controller or Controller has the meaning given to that term in Section 1(1) of the Data Protection Acts and (when effective) in Article 4 of the GDPR; Data Processor or Processor has the meaning given to that term in Section 1(1) of the Data Protection Acts and (when effective) in Article 4 of the GDPR; Data Protection Acts means the Data Protection Acts 1988 and 2003 (as amended) and the European Communities (Electronic Communications, Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336/2011) and every statutory modification, re-enactment, replacement and/or amendment thereof for the time being in force (or, where the context so admits or requires, any one or more of such Acts) and all orders and regulations/statutory instruments made thereunder; Data Subject has the meaning given to this term in Section 1(1) of the Data Protection Acts; Delete for the purposes of this agreement means removing all data which is electronically held in such a way that it can never be retrieved from the device on which it is held; Personal Data has the meaning given to that term in Section 1(1) of the Data Protection Acts and in Article 4 of the GDPR (when effective); Freedom of Information Act means the Freedom of Information Act 2014 and any amendments to or replacements thereof, including by means of directly effective EU Regulation; GDPR means the EU General Data Protection Regulation, Regulation (EU) 2016/679, the effective date of which is 25th May 2018; Processing and Process has the meaning given to those terms in Section 1(1) of the Data Protection Acts and (when effective) in Article 4 of the GDPR; Service(s) shall mean the provision of the identified service(s) to be provided by Healthlink to the Health Service Provider. 2 Obligations of Healthlink (the Data Processor ): Healthlink agrees that it shall: 2.1 Process the Data at all times in accordance with the Data Protection Acts, the GDPR (when effective) and any guidance issued by the Data Protection Commissioner; 2.2 Manage and Process any Data which they acquire from the Health Service Provider in accordance with the documented instructions of the Health Service Provider and the obligations of the Data Protection Acts and the GDPR in so far as these obligations apply to a Data Processor; 2.3 Not use the Data directly or indirectly for any purpose other than in connection 3

with the provision of the Service(s) to the Health Service Provider; 2.4 Not disclose Data to any of Healthlink's staff, agents, subsidiaries or subcontractors unless and only to the extent that such persons need to know such Data for the purposes of providing services in connection with the Service(s), and provided that such persons have been made aware of the restrictions in this Agreement on the disclosure of the Data; 2.5 Maintain secret and confidential all Data furnished to it or otherwise acquired by its staff, agents, subsidiaries or sub-contractors save and to the extent that such Data has been made available to the public by the Health Service Provider or by any third party lawfully in possession thereof and entitled to make such disclosure without restriction; 2.6 Not disclose the Data whether directly or indirectly to any third party without the express prior written consent of the Health Service Provider, or except as may be required by Law; 2.7 Implement appropriate human, organisational and technological controls in accordance with Section 2(c) of the Data Protection Acts and Article 32 of the GDPR, to keep the Data secure and to protect against accidental loss, destruction, damage, alteration, or disclosure of the Data. 2.8 Take the necessary precautions for the prevention of unauthorised access to, unauthorised disclosure of or other unauthorised processing of the Data and in particular: 2.8.1 Have all necessary access controls in place to include authentication and authorisation for access to Data to ensure its security and confidentiality; and 2.8.2 Have all necessary systems in place to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; and 2.8.3 Have the ability to restore the availability and access to the Data in a timely manner in the event of a physical or technical incident; and 2.8.4 Have a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing of the Data; 2.9 Ensure all mobile computer devices which are used to access or store the Data are encrypted in accordance Healthlink Encryption Policy; 2.10 Ensure the security of the Data in transit; 2.11 Assist the Health Service Provider to fulfil its obligations to respond to requests from Data Subjects exercising their rights under Section 2D of the 4

Data Protection Acts and Chapter III of the GDPR, (including the rights of access to, rectification of and erasure of their Personal Data), and comply with any request from the Health Service Provider to amend, transfer or Delete such Personal Data; 2.12 In the event that Healthlink receives a request for any information contained in the Data pursuant to the Freedom of Information Act, not to respond to the person making such request, but to inform the Health Service Provider as soon as possible, and Healthlink further agrees to assist the Health Service Provider with all such requests for information which may be received from any person within a reasonable timescale; 2.13 Not Process or transfer the Data outside of Ireland except with the express prior written consent of the Health Service Provider; 2.14 Inform the Health Service Provider as soon as is practical, but no later than 72 hours after they become aware of any breaches in Healthlink security which could potentially give rise to the loss, theft or unauthorised release or disclosure of the Data or any part thereof; 2.15 If so requested by the Health Service Provider, permit the Health Service Provider or its representatives (subject to reasonable and appropriate confidentiality undertakings) to inspect and audit Healthlink s data processing facilities. 3 Obligations of the Health Service Provider (the Data Controller ): In consideration of the obligations undertaken by Healthlink in clause 2 of this Agreement, the Health Service Provider, agrees that it shall: 3.1 Ensure it complies at all times with the Data Protection Acts and the GDPR (when effective) and, in particular, the Health Service Provider shall ensure that any disclosure of Personal Data by it to Healthlink is made with the Data Subjects consent or is otherwise lawful; 3.2 Remain responsible for the quality and accuracy of the Data, Personal or otherwise that it makes available to Healthlink; and 3.3 Ensure, where it is necessary to send Data from the Health Service Provider to Healthlink for Processing, the Health Service Provider takes all the necessary precautions, to ensure the security of the Data before and during transit. 4 Healthlink s I.T. Resources The Health Service Provider acknowledges that Healthlink may store and process the Data on Healthlink s I.T. resources that are used for other purposes and which are not dedicated solely to the storage and Processing of the Health Service Providers Data. 5 Disclosure Required by Law 5

In the event that Healthlink is legally required to disclose any of the Data to a third party, Healthlink undertakes to notify the Health Service Provider of such requirement prior to any disclosure and, unless prohibited by law, to supply the Health Service Provider with copies of all communications between Healthlink and any third party to which such disclosure is made. 6 Termination On termination of the Agreement, Healthlink at the written request of the Health Service Provider, shall return to the Health Service Provider, all Data which has been disclosed by the Health Service Provider to Healthlink and copies thereof, or Delete all Data and certify to the Health Service Provider that it has done so, unless legislation imposed upon Healthlink prevents it from returning or destroying all or part of the Data. 7 Survival of Obligations The non-disclosure obligations of this Agreement will survive and continue and will bind Healthlink's legal representatives, successors and assigns indefinitely, notwithstanding that the Service(s) may not be actually implemented by the parties. 8 Variation 9 Notice This Agreement may not be released, discharged, supplemented, amended, varied or modified in any manner except by an instrument in writing signed by a duly authorised officer or representative of each of the parties hereto. Any notice or other communication given or made under this Agreement shall be in writing and may be delivered to the relevant party or sent by pre-paid registered post airmail or fax to the address of that party specified in this Agreement or to that party's fax number thereat or such other address or number as may be notified hereunder by that party from time to time for this purpose and will be effective notwithstanding any change of address or fax number not so notified. Unless the contrary is proved, each such notice or communication will be deemed to have been given or made and delivered, if by post 48 hours after posting, if by delivery when left at the relevant address or, if by fax upon transmission, subject to the correct code or fax number being received on the transmission report. 10 Governing Law This Agreement will be governed by and construed in accordance with the laws of Ireland, and the parties submit to the exclusive jurisdiction of the Irish courts for all purposes connected with this Agreement, including the enforcement of any award or judgement made under or in connection with it. 6

IN WITNESS where of this Agreement has been entered into the day and year first herein written. SIGNED on behalf of Health Service Provider In the presence of...... SIGNED on behalf of Healthlink In the presence of...... Date:... Date:... 7

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback