Agent’s Obligations. With regard to its use and/or disclosure of PHI, as of the respective Compliance Date of each referenced obligation, Agent agrees to: (a) comply with the HIPAA Security Rule requirements in accordance with 42 U.S.C. § 17931; (b)without unreasonable delay, and in any event on or before 48 hours after its Discovery by Agent, notify UnitedHealthcare of any incident that involves an unauthorized acquisition, access, use, or disclosure of PHI, even if Agent believes the incident will not rise to the level of a Breach, including in the notification, to the extent possible, and supplement the notification on an ongoing basis with: (i) the identification of all individuals whose Unsecured PHI was or is believed to have been involved, (ii) all other information reasonably requested by UnitedHealthcare to enable UnitedHealthcare to perform and document a risk assessment in accordance with 45 C.F.R. Part 164 subpart D with respect to the incident to determine whether a Breach of Unsecured PHI occurred, and (iii) all other information reasonably necessary to provide notice to individuals, HHS and/or the media, all in accordance with the data breach notification requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 & 164 subparts A, D, & E as of their respective Compliance Dates. Notwithstanding the foregoing, in UnitedHealthcare’s sole discretion and in accordance with its directions, Agent shall conduct, or pay the costs of conducting, an investigation of any incident required to be reported under this Section 2(b) and shall provide and/or pay the costs of providing, the required notices as set forth in this Section 2(b); (c) request, use and/or disclose only the minimum amount of PHI necessary to accomplish the permitted
Appears in 5 contracts
Samples: Agent/Agency Agreement, Agent/Agency Agreement, Agent/Agency Agreement
Agent’s Obligations. With regard to its use and/or disclosure of PHI, as of the respective Compliance Date of each referenced obligation, Agent agrees to: (a) comply with the HIPAA Security Rule requirements in accordance with 42 U.S.C. § 17931; (b)without unreasonable delay, and in any event on or before 48 hours after its Discovery by Agent, notify UnitedHealthcare of any incident that involves an unauthorized acquisition, access, use, or disclosure of PHI, even if Agent believes the incident will not rise to the level of a Breach, including in the notification, to the extent possible, and supplement the notification on an ongoing basis with: (i) the identification of all individuals whose Unsecured PHI was or is believed to have been involved, (ii) all other information reasonably requested by UnitedHealthcare to enable UnitedHealthcare to perform and document a risk assessment in accordance with 45 C.F.R. Part 164 subpart D with respect to the incident to determine whether a Breach of Unsecured PHI occurred, and (iii) all other information reasonably necessary to provide notice to individuals, HHS and/or the media, all in accordance with the data breach notification requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 & 164 subparts A, D, & E as of their respective Compliance Dates. Notwithstanding the foregoing, in UnitedHealthcare’s sole discretion and in accordance with its directions, Agent shall conduct, or pay the costs of conducting, an investigation of any incident required to be reported under this Section 2(b) and shall provide and/or pay the costs of providing, the required notices as set forth in this Section 2(b); (c) request, use and/or disclose only the minimum amount of PHI necessary to accomplish the permittedpermitted purpose of the request, use or disclosure; provided, that Agent shall comply with 42 U.S.C. § 17935(b); and (d) comply in all respects with all its other obligations in accordance with ARRA, including without limitation, 42 U.S.C. §§ 17934(b),17935(c), (d) & (e), and 17936(a) & (b).
Appears in 3 contracts
Samples: Agent/Agency Agreement, Agent/Agency Agreement, Agent/Agency Agreement
Agent’s Obligations. With regard to its use and/or disclosure of PHI, as of the respective Compliance Date of each referenced obligation, Agent agrees to: (a) comply with the HIPAA Security Rule requirements in accordance with 42 U.S.C. § 17931; (b)without b) without unreasonable delay, and in any event on or before 48 hours after its Discovery by Agent, notify UnitedHealthcare CCIC of any incident that involves an unauthorized acquisition, access, use, or disclosure of PHI, even if Agent believes the incident will not rise to the level of a Breach, including in the notification, to the extent possible, and supplement the notification on an ongoing basis with: (i) the identification of all individuals whose Unsecured PHI was or is believed to have been involved, ; (ii) all other information reasonably requested by UnitedHealthcare CCIC to enable UnitedHealthcare CCIC to perform and document a risk assessment in accordance with 45 C.F.R. Part 164 subpart D with respect to the incident to determine whether a Breach of Unsecured PHI occurred, ; and (iii) all other information reasonably necessary to provide notice to individuals, HHS and/or the media, all in accordance with the data breach notification requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 & 164 subparts A, D, & E as of their respective Compliance Dates. Notwithstanding the foregoing, in UnitedHealthcareCCIC’s sole discretion and in accordance with its directions, Agent shall conduct, or pay the costs of conducting, an investigation of any incident required to be reported under this Section 2(b) and shall provide provide, and/or pay the costs of providing, the required notices as set forth in this Section 2(b); (c) request, use and/or disclose only the minimum amount of PHI necessary to accomplish the permittedpermitted purpose of the request, use or disclosure; provided, that Agent shall comply with 42 U.S.C. § 17935(b); and (d) comply in all respects with all its other obligations in accordance with ARRA, including without limitation, 42 U.S.C. §§ 17934(b), 17935(c), (d) & (e), and 17936(a) & (b).
Appears in 1 contract
Samples: Agent/Agency Agreement
Agent’s Obligations. With regard to its use and/or disclosure of PHI, as of the respective Compliance Date of each referenced obligation, Agent agrees to: (a) comply with the HIPAA Security Rule requirements in accordance with 42 U.S.C. § 17931; (b)without unreasonable delay, and in any event on or before 48 hours after its Discovery by Agent, notify UnitedHealthcare of any incident that involves an unauthorized acquisition, access, use, or disclosure of PHI, even if Agent believes the incident will not rise to the level of a Breach, including in the notification, to the extent possible, and supplement the notification on an ongoing basis with: (i) the identification of all individuals whose Unsecured PHI was or is believed to have been involved, (ii) all other information reasonably requested by UnitedHealthcare to enable UnitedHealthcare to perform and document a risk assessment in accordance with 45 C.F.R. Part 164 subpart D with respect to the incident to determine whether a Breach of Unsecured PHI occurred, and (iii) all other information reasonably necessary to provide notice to individuals, HHS and/or the media, all in accordance with the data breach notification requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 & 164 subparts A, D, & E as of their respective Compliance Dates. Notwithstanding the foregoing, in UnitedHealthcare’s sole discretion and in accordance with its directions, Agent shall conduct, or pay the costs of conducting, an investigation of any incident required to be reported under this Section 2(b) and shall provide and/or pay the costs of providing, the required notices as set forth in this Section 2(b); (c) request, use and/or disclose only the minimum amount of PHI necessary to accomplish the permittedin
Appears in 1 contract
Samples: Agent/Agency Agreement
Agent’s Obligations. With regard to its use and/or disclosure of PHI, as of the respective Compliance Date of each referenced obligation, Agent agrees to: (a) comply with the HIPAA Security Rule requirements in accordance with 42 U.S.C. § 17931; (b)without unreasonable delay, and in any event on or before 48 hours after its Discovery by Agent, notify UnitedHealthcare of any incident that involves an unauthorized acquisition, access, use, or disclosure of PHI, even if Agent believes the incident will not rise to the level of a Breach, including in the notification, to the extent possible, and supplement the notification on an ongoing basis with: (i) the identification of all individuals whose Unsecured PHI was or is believed to have been involved, (ii) all other information reasonably requested by UnitedHealthcare to enable UnitedHealthcare to perform and document a risk assessment in accordance with 45 C.F.R. Part 164 subpart D with respect to the incident to determine whether a Breach of Unsecured PHI occurred, and (iii) all other information reasonably necessary to provide notice to individuals, HHS and/or the media, all in accordance with the data breach notification requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 & 164 subparts A, D, & E as of their respective Compliance Dates. Notwithstanding the foregoing, in UnitedHealthcare’s sole discretion and in accordance with its directions, Agent shall conduct, or pay the costs of conducting, an investigation of any incident required to be reported under this Section 2(b) and shall provide and/or pay the costs of providing, the required notices as set forth in this Section 2(b); (c) request, use and/or disclose only the minimum amount of PHI necessary to accomplish the permittedpermitted Version ID: AGR_STD_AGT_06082010 Page 3 of 13
Appears in 1 contract
Samples: Agent Agreement