Audits, Inspection and Enforcement. CE may, after providing reasonable notice to the BA, conduct an inspection of the facilities, systems, books, logs and records of BA that relate to BA’s use of CE’s PHI, including inspecting logs showing the creation, modification, viewing, and deleting of PHI at BA’s level. Failure by CE to inspect does not waive any rights of the CE or relieve BA of its responsibility to comply with this BAA. CE's failure to detect or failure to require remediation does not constitute acceptance of any practice or waive any rights of CE to enforce this BAA. Notwithstanding BA’s obligation to report under paragraph 3.c of this BAA, BA shall provide a monthly report to CE detailing the unauthorized, or reasonable belief of unauthorized, acquisition, access, use, or disclosure of CE’s PHI, including any unauthorized creation, modification, or destruction of PHI and unauthorized login attempts. BA shall include privileged and nonprivileged accounts in its audit and report, indicating the unique individual using the privileged account. BA shall also indicate whether CE’s PHI subject to unauthorized activity was encrypted or destroyed at the time of the unauthorized activity. BA shall provide a yearly report to CE that lists the names of all individuals with technical or physical access to CE’s PHI and the scope of that access.
Appears in 21 contracts
Samples: Hipaa Business Associate Agreement, Professional Services, Professional Services
Audits, Inspection and Enforcement. CE may, after providing reasonable 10 days’ notice to the BA, conduct an inspection of the facilities, systems, books, logs logs, and records of BA that relate to BA’s use of CE’s PHI, including inspecting logs showing the creation, modification, viewing, and deleting of PHI at BA’s level. Failure by CE to inspect does not waive any rights of the CE or relieve BA of its responsibility to comply with this BAA. CE's failure to detect or failure to require remediation does not constitute acceptance of any practice or waive any rights of CE to enforce this BAA. Notwithstanding BA’s obligation to report under paragraph 3.c of this BAA, BA shall provide a monthly report to CE detailing the unauthorized, or reasonable belief of unauthorized, acquisition, access, use, or disclosure of CE’s PHI, including any unauthorized creation, modification, or destruction of PHI and unauthorized login attempts. BA shall include privileged and nonprivileged accounts in its audit and report, indicating the unique individual using the privileged account. BA shall also indicate whether CE’s PHI subject to unauthorized activity was encrypted or destroyed at the time of the unauthorized activity. BA shall provide a yearly report to CE that lists the names of all individuals with technical or physical access to CE’s PHI and the scope of that access.
Appears in 6 contracts
Samples: Hipaa Business Associate Agreement, Standard Contract for Goods and Non Professional Services, Business Associate Agreement
Audits, Inspection and Enforcement. CE may, after providing reasonable 10 days’ notice to the BA, conduct an inspection of the facilities, systems, books, logs logs, and records of BA that relate to BA’s use of CE’s PHI, including inspecting logs showing the creation, modification, viewing, and deleting of PHI at BA’s level. Failure by CE to inspect does not waive any rights of the CE or relieve BA of its responsibility to comply with this BAA. CE's failure to detect or failure to require remediation does not constitute acceptance of any practice or waive any rights of CE to enforce this BAA. Notwithstanding BA’s obligation to report under paragraph 3.c 4.c of this BAA, BA shall provide a monthly report to CE detailing the unauthorized, or reasonable belief of unauthorized, acquisition, access, use, or disclosure of CE’s PHI, including any unauthorized creation, modification, or destruction of PHI and unauthorized login attempts. BA shall include privileged and nonprivileged accounts in its audit and report, indicating the unique individual using the privileged account. BA shall also indicate whether CE’s PHI subject to unauthorized activity was encrypted or destroyed at the time of the unauthorized activity. BA shall provide a yearly report to CE that lists the names of all individuals with technical or physical access to CE’s PHI and the scope of that access.
Appears in 5 contracts
Samples: Hipaa Business Associate Agreement, Hipaa Business Associate Agreement, Hipaa Business Associate Agreement
Audits, Inspection and Enforcement. CE may, after providing reasonable notice to the BA, conduct an inspection of the facilities, systems, books, logs and records of BA that relate to BA’s use of CE’s PHI, including inspecting logs showing the creation, modification, viewing, and deleting of PHI at BA’s level. Failure by CE to inspect does not waive any rights of the CE or relieve BA of its responsibility to comply with this BAA. CE's failure to detect or failure to require remediation does not constitute acceptance of any practice or waive any rights of CE to enforce this BAA. Notwithstanding BA’s obligation to report under paragraph 3.c of this BAA, BA shall provide a monthly report to CE detailing the unauthorized, or reasonable belief of unauthorized, acquisition, access, use, or disclosure of CE’s PHI, including any unauthorized creation, modification, or destruction of PHI and unauthorized login attempts. BA shall include privileged and nonprivileged accounts in its audit and report, indicating the unique individual using the privileged account. BA shall also indicate whether CE’s PHI subject to unauthorized activity was encrypted or destroyed at the time of the unauthorized activity. BA shall provide a yearly monthly report to CE that lists the names of all individuals with technical or physical access to CE’s PHI and the scope of that access.
Appears in 4 contracts
Samples: Professional Services, Professional Services, Professional Services
Audits, Inspection and Enforcement. CE may, after providing reasonable notice to the BA, conduct an inspection of the facilities, systems, books, logs and records of BA that relate to BA’s use of CE’s PHI, including inspecting logs showing the creation, modification, viewing, and deleting of PHI at BA’s level. Failure by CE to inspect does not waive any rights of the CE or relieve BA of its responsibility to comply with this BAA. CE's ’s failure to detect or failure to require remediation does not constitute acceptance of any practice or waive any rights of CE to enforce this BAA. Notwithstanding BA’s obligation to report under paragraph 3.c of this BAA, BA shall provide a monthly report to CE detailing the unauthorized, or reasonable belief of unauthorized, acquisition, access, use, or disclosure of CE’s PHI, including any unauthorized creation, modification, or destruction of PHI and unauthorized login attempts. BA shall include privileged and nonprivileged accounts in its audit and report, indicating the unique individual using the privileged account. BA shall also indicate whether CE’s PHI subject to unauthorized activity was encrypted or destroyed at the time of the unauthorized activity. BA shall provide a yearly report to CE that lists the names of all individuals with technical or physical access to CE’s PHI and the scope of that access.
Appears in 2 contracts
Samples: Tribal Title Iv E Maintenance Program Agreement, Tribal Title Iv E Maintenance Program Agreement