Common use of Breach and Security Incident Responsibilities Clause in Contracts

Breach and Security Incident Responsibilities. 24 A. Notification to COUNTY of Breach or Security Incident: The CONTRACTOR shall notify 25 COUNTY immediately by telephone call plus email or fax upon the discovery of a breach (as defined in 26 this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident 27 (as defined in this Exhibit), unless a law enforcement agency determines that the notification will 28 impede a criminal investigation, in which case the notification required by this section shall be made to 29 COUNTY immediately after the law enforcement agency determines that such notification will not 30 compromise the investigation. Notification shall be provided to the ADMINSITRATOR, 31 ADMINISTRATOR Privacy Officer, and ADMINISTRATOR Information Security Officer, using the 32 contact information listed in Section X.F., below. If the breach or security incident is discovered after 33 business hours or on a weekend or holiday and involves COUNTY PCI in electronic or computerized 34 form, notification to COUNTY shall be provided by calling ADMINISTRATOR Information Security 35 Office at the telephone numbers listed in Section X.F., below. For purposes of this Section, breaches 36 and security incidents shall be treated as discovered by CONTRACTOR as of the first day on which 37 such breach or security incident is known to the CONTRACTOR, or, by exercising reasonable diligence 1 would have been known to the CONTRACTOR. CONTRACTOR shall be deemed to have knowledge 2 of a breach if such breach is known, or by exercising reasonable diligence would have been known, to 3 any person, other than the person committing the breach, who is an employee or agent of the 4 CONTRACTOR. CONTRACTOR shall take:

Breach and Security Incident Responsibilities. 24 A. Notification to COUNTY of Breach or Security Incident: The CONTRACTOR shall notify 25 COUNTY immediately by telephone call plus email or fax upon the discovery of a breach (as defined in 26 this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident 27 (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede 28 impede a criminal investigation, in which case the notification required by this section shall be made to COUNTY 29 COUNTY immediately after the law enforcement agency determines that such notification will not 30 compromise the 30 investigation. Notification shall be provided to the ADMINSITRATOR, 31 ADMINISTRATOR Privacy 31 Officer, and ADMINISTRATOR Information Security Officer, using the 32 contact information listed in 32 Section X.F., below. If the breach or security incident is discovered after 33 business hours or on a weekend 33 or holiday and involves COUNTY PCI in electronic or computerized 34 form, notification to COUNTY shall 34 be provided by calling ADMINISTRATOR Information Security 35 Office at the telephone numbers listed 35 in Section X.F., below. For purposes of this Section, breaches 36 and security incidents shall be treated as 36 discovered by CONTRACTOR as of the first day on which 37 such breach or security incident is known to 37 the CONTRACTOR, or, by exercising reasonable diligence 1 would have been known to the 1 CONTRACTOR. CONTRACTOR shall be deemed to have knowledge 2 of a breach if such breach is 2 known, or by exercising reasonable diligence would have been known, to 3 any person, other than the person 3 committing the breach, who is an employee or agent of the 4 CONTRACTOR. CONTRACTOR shall take:

Breach and Security Incident Responsibilities. 24 19 A. Notification to COUNTY of Breach or Security Incident: The CONTRACTOR shall notify 25 20 COUNTY immediately by telephone call plus email or fax upon the discovery of a breach (as defined in 26 21 this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident 27 22 (as defined in this Exhibit), unless a law enforcement agency determines that the notification will 28 23 impede a criminal investigation, in which case the notification required by this section shall be made to 29 24 COUNTY immediately after the law enforcement agency determines that such notification will not 30 25 compromise the investigation. Notification shall be provided to the ADMINSITRATOR, 31 26 ADMINISTRATOR Privacy Officer, and ADMINISTRATOR Information Security Officer, using the 32 27 contact information listed in Section X.F., below. If the breach or security incident is discovered after 33 28 business hours or on a weekend or holiday and involves COUNTY PCI in electronic or computerized 34 29 form, notification to COUNTY shall be provided by calling ADMINISTRATOR Information Security 35 30 Office at the telephone numbers listed in Section X.F., below. For purposes of this Section, breaches 36 31 and security incidents shall be treated as discovered by CONTRACTOR as of the first day on which 37 32 such breach or security incident is known to the CONTRACTOR, or, by exercising reasonable diligence 1 33 would have been known to the CONTRACTOR. CONTRACTOR shall be deemed to have knowledge 2 34 of a breach if such breach is known, or by exercising reasonable diligence would have been known, to 3 35 any person, other than the person committing the breach, who is an employee or agent of the 4 36 CONTRACTOR. CONTRACTOR shall take:: 37 // 4 of 9 EXHIBIT D ADVANCED MEDICAL MANAGEMENT, INC. MA 042-24010971

Breach and Security Incident Responsibilities. 24 A. Notification to COUNTY of Breach or Security Incident: The CONTRACTOR shall notify 25 COUNTY immediately by telephone call plus email or fax upon the discovery of a breach (as defined in 26 this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident 27 (as defined in this Exhibit), unless a law enforcement agency determines that the notification will 28 impede a criminal investigation, in which case the notification required by this section shall be made to 29 COUNTY immediately after the law enforcement agency determines that such notification will not 30 compromise the investigation. Notification shall be provided to the ADMINSITRATORADMINISTRATOR, 31 ADMINISTRATOR Privacy Officer, and ADMINISTRATOR Information Security Officer, using the 32 contact information listed in Section X.F., below. If the breach or security incident is discovered after 33 business hours or on a weekend or holiday and involves COUNTY PCI in electronic or computerized 34 form, notification to COUNTY shall be provided by calling ADMINISTRATOR Information Security 35 Office at the telephone numbers listed in Section X.F., below. For purposes of this Section, breaches 36 and security incidents shall be treated as discovered by CONTRACTOR as of the first day on which 37 such breach or security incident is known to the CONTRACTOR, or, by exercising reasonable diligence 1 would have been known to the CONTRACTOR. CONTRACTOR shall be deemed to have knowledge 2 of a breach if such breach is known, or by exercising reasonable diligence would have been known, to 3 any person, other than the person committing the breach, who is an employee or agent of the 4 CONTRACTOR. CONTRACTOR shall take:

Breach and Security Incident Responsibilities. 24 26 A. Notification to COUNTY of Breach or Security Incident: The CONTRACTOR shall notify 25 27 COUNTY immediately by telephone call plus email or fax upon the discovery of a breach (as defined in 26 28 this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident 27 29 (as defined in this Exhibit), unless a law enforcement agency determines that the notification will 28 impede 30 a criminal investigation, in which case the notification required by this section shall be made to 29 COUNTY 31 immediately after the law enforcement agency determines that such notification will not 30 compromise the 32 investigation. Notification shall be provided to the ADMINSITRATOR, 31 ADMINISTRATOR Privacy 33 Officer, and ADMINISTRATOR Information Security Officer, using the 32 contact information listed in 34 Section X.F., below. If the breach or security incident is discovered after 33 business hours or on a weekend 35 or holiday and involves COUNTY PCI in electronic or computerized 34 form, notification to COUNTY shall 36 be provided by calling ADMINISTRATOR Information Security 35 Office at the telephone numbers listed 37 in Section X.F., below. For purposes of this Section, breaches 36 and security incidents shall be treated as 1 discovered by CONTRACTOR as of the first day on which 37 such breach or security incident is known to 2 the CONTRACTOR, or, by exercising reasonable diligence 1 would have been known to the 3 CONTRACTOR. CONTRACTOR shall be deemed to have knowledge 2 of a breach if such breach is 4 known, or by exercising reasonable diligence would have been known, to 3 any person, other than the person 5 committing the breach, who is an employee or agent of the 4 CONTRACTOR. CONTRACTOR shall take:

Breach and Security Incident Responsibilities. 24 30 A. Notification to COUNTY of Breach or Security Incident: The CONTRACTOR shall notify 25 31 COUNTY immediately by telephone call plus email or fax upon the discovery of a breach (as defined in 26 32 this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident 27 33 (as defined in this Exhibit), unless a law enforcement agency determines that the notification will 28 34 impede a criminal investigation, in which case the notification required by this section shall be made to 29 35 COUNTY immediately after the law enforcement agency determines that such notification will not 30 36 compromise the investigation. Notification shall be provided to the ADMINSITRATOR, 31 37 ADMINISTRATOR Privacy Officer, and ADMINISTRATOR Information Security Officer, using the 32 1 contact information listed in Section X.F., below. If the breach or security incident is discovered after 33 2 business hours or on a weekend or holiday and involves COUNTY PCI in electronic or computerized 34 3 form, notification to COUNTY shall be provided by calling ADMINISTRATOR Information Security 35 4 Office at the telephone numbers listed in Section X.F., below. For purposes of this Section, breaches 36 5 and security incidents shall be treated as discovered by CONTRACTOR as of the first day on which 37 6 such breach or security incident is known to the CONTRACTOR, or, by exercising reasonable diligence 1 7 would have been known to the CONTRACTOR. CONTRACTOR shall be deemed to have knowledge 2 8 of a breach if such breach is known, or by exercising reasonable diligence would have been known, to 3 9 any person, other than the person committing the breach, who is an employee or agent of the 4 10 CONTRACTOR. CONTRACTOR shall take: