BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 14 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services, Full Service Partnership/Wraparound Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 21 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 22 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 23 enforcement official pursuant to 45 CFR § 164.412.
20 24 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 25 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 26 to CONTRACTOR.
23 27 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 28 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 29 other agent of CONTRACTOR, as determined by federal common law of agency.
26 30 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 31 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 32 within twenty four (24) 24 hours of the oral notification.
29 33 3. CONTRACTOR’s notification shall include, to the extent possible:
30 34 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 35 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 36 b. Any other information that COUNTY is required to include in the notification to 33 37 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 2 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting 9 from the Breach;
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 15 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 16 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 17 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 18 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 19 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of 20 PHI did not constitute a Breach.
18 21 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 22 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 23 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 24 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 25 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 26 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 27 COUNTY pursuant to Subparagraph F.2. E.2 above.
25 28 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 29 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 30 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 31 for further information, or follow-up information after report to COUNTY, when such request is made by 32 COUNTY.
33 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other 34 costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in 35 addressing the Breach and consequences thereof, including costs of investigation, notification, 36 remediation, documentation or other costs associated with addressing the Breach.
Appears in 11 contracts
Samples: Contract for Provision of Recovery Residence Services, Contract for Provision of Recovery Residence Services, Contract for Provision of Recovery Residence Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 22 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 10 contracts
Samples: Agreement for Provision of Homeless Bridge Housing Services, Agreement for Provision of Homeless Bridge Housing Services, Agreement for Provision of Homeless Bridge Housing Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 22 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 8 contracts
Samples: Agreement for Provision of Homeless Bridge Housing Services, Agreement for Provision of Homeless Bridge Housing Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. .
a. CONTRACTOR’s ’S notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTOR’s ’S notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 (1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 (2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 (3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 (4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 (5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 8 contracts
Samples: Subordinate Contract for Unarmed Security Guard Services, Proposition 47 Evaluation Services Contract, Public Health Laboratory Web Portal Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a law 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been known 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 24 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 25 other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written notification 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar or 35 business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 45 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 12 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 13 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 14 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required 15 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 16 of PHI did not constitute a Breach.
18 17 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 18 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 19 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 20 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 21 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 22 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 23 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 24 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 7 contracts
Samples: Recovery Residence Services, Agreement for Provision of Recovery Residence Services, Agreement for Provision of Recovery Residence Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have been known, to any person who is an 25 employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an eE-mail Mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 6 contracts
Samples: Contract for Provision of Medical Staffing Services, Contract for Provision of Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar 6 or business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 24 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 6 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 5 contracts
Samples: Outreach and Engagement Services Agreement, Agreement for Provision of Services, Agreement for Provision of School Based Behavioral Health Intervention and Support Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a law 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been known 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 24 or by exercising reasonable diligence would have been known, to any person who is an employee, 25 officer, 25 or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written notification 28 notification within twenty twenty-four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day period 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an eE-mail Mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 45 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 12 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 13 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 14 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required 15 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 16 of PHI did not constitute a Breach.
18 17 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 18 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 19 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 20 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 21 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 22 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 23 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 24 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 5 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty twenty-four (24) hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-–free telephone number, an e-–mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b.(1)–(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow–up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 5 contracts
Samples: Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services Agreement, Contract for Provision of Services, Agreement for Provision of Perinatal Drug Medi Cal Substance Use Disorder Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 14 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 15 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 16 law enforcement official pursuant to 45 CFR § 164.412.
20 17 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 18 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 19 known to CONTRACTOR.
23 20 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 21 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 22 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 23 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 24 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 25 notification within twenty four (24) hours of the oral notification.
29 26 3. CONTRACTOR’s notification shall include, to the extent possible:
30 27 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 28 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 29 b. Any other information that COUNTY is required to include in the notification to 33 30 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 31 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 32 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 33 1) A brief description of what happened, including the date of the Breach and the date 37 34 of the discovery of the Breach, if known;
1 35 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 36 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 37 disability code, or other types of information were involved);
4 1 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 3 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 4 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5 5) Contact procedures for Individuals to ask questions or learn additional information, 9 6 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 7 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 8 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 9 COUNTY.
13 10 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 11 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 12 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 13 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 14 disclosure of PHI did not constitute a Breach.
18 15 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 16 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 17 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 18 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 19 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 20 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 21 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 22 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 5 contracts
Samples: Contract for Provision of Behavioral Health Services, Contract for Provision of Behavioral Health Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 5 contracts
Samples: Contract for Provision of Drug Medi Cal Narcotic Replacement Therapy Treatment Services, Contract for Provision of Substance Use Disorder Peer Mentoring Services, Contract for Provision of Drug Medi Cal Narcotic Replacement Therapy Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 30 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 31 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) 24 hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 7 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 25 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 26 of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 37 // 1 requests for further information, or follow-up information after report to COUNTY, when such request 2 is made by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Hospital Services, Hospital Services Agreement, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar or business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Recovery Residence Services, Agreement for Provision of Recovery Residence Services, Agreement for Provision of Recovery Residence Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 30 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 31 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) 24 hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 7 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 25 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 26 of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 37 // 1 requests for further information, or follow-up information after report to COUNTY, when such request 2 is made by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Services, Hiv Care Services Agreement, Hospital Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Services, Contract for Provision of Drug Medi Cal Narcotic Replacement Therapy Treatment Services, Agreement for Provision of Behavioral Health Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIProtected Health Information, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official official, pursuant to 45 CFR § 164.412.
20 a. 2. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such the Breach is known to CONTRACTOR orthe CONTRACTOR, or by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. 3. CONTRACTOR shall be deemed to have knowledge of a Breach, Breach if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of the CONTRACTOR, as determined by federal common law of agency.
26 24. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officerwithout unreasonable delay, and in no case later than five (5) business days after a Breach.
5. CONTRACTOR’s ’S notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification. Thereafter, CONTRACTOR shall provide written notification containing the contents stated below, within five (5) business days. CONTRACTOR shall be required to provide any other information relevant to the Breach in writing, as soon as discovered, or as soon as the information is available.
29 36. CONTRACTOR’s ’S notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI unsecured protected health information has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;,
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under it must provide pursuant to 45 CFR §164.404 (c) ), at the time CONTRACTOR is required to notify COUNTY COUNTY, or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI Protected Health Information that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 47. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, 164.404 if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 58. In the event that CONTRACTOR is responsible for for, or suffers a Breach of Unsecured PHI Protected Health Information, in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification Notification regulations, or, or in the alternative, that the acquisition, access, use, use or 17 disclosure of PHI did not constitute a BreachBreach as defined in 45 CFR § 164.402.
18 69. CONTRACTOR shall maintain documentation of all required notifications required pursuant to this Agreement in the event of a Breach an impermissible use or 19 disclosure of Unsecured Protected Health Information, or its risk assessment under 45 CFR § 164.402 of the application of an exception to demonstrate that a Breach did the notification was not occurrequired.
20 710. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, Breach to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 the HITECH Act, as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s reporting the initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. abovethe COUNTY.
25 811. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of fifteen (15) calendar days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
12. CONTRACTOR shall bear all expense or other costs associated with the Breach, and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Employee Benefits Consulting and Actuarial Services, Employee Benefits Consulting and Actuarial Services Agreement, Employee Benefits Consulting and Actuarial Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § §164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Drug Medi Cal Narcotic Replacement Therapy Treatment Services, Agreement for Provision of Drug Medi Cal Adolescent Residential Recovery Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 24 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 4 contracts
Samples: Agreement for Provision of Behavioral Health Calworks Services, Agreement for Provision of Behavioral Health Calworks Services, Agreement for Provision of Hiv Housing Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar 6 or business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 24 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 4 contracts
Samples: Agreement for Provision of Recovery Residence Services, Agreement for Provision of Co Occurring Residential Treatment Services, Substance Use Disorder Outpatient Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR Contractor shall notify 18 COUNTY County of such BreachBreach no later than 5 business days of discovery, however both parties Parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal common law of agency.
26 2. CONTRACTOR Contractor shall provide the notification of the Breach immediately to the COUNTY 27 County Privacy Officer. CONTRACTOROfficer at: Xxxx Xxxxxxx, County Privacy Officer 000 X. 0xx Xxxxxx Xxxxx Xxx, XX 00000 (714) 834-3154 xxxxxxxx@xxxxx.xxx xxxxxxxxxxxxxx@xxxxx.xxx Or Xxxxx Xx, Deputy County Privacy Officer 000 X. 0xx Xxxxxx Xxxxx Xxx, XX 00000 (714) 834-4082 xxxx@xxxxx.xxx XXXXX@xxxxx.xxx
a. Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTORContractor’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 (1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 (2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 (3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 (4) A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 (5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 5. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY County pursuant to Subparagraph F.2. E.2 above.
25 8. CONTRACTOR Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
9. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Administration of a Prescription Drug Card and Mail Order Program Contract, Administration of a Prescription Drug Card and Mail Order Program, Administration of a Prescription Drug Card and Mail Order Program Contract
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Contract for Hiv Care Services, Contract for Hiv Care Services, Contract for Hiv Care Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) hours of the oral notification.. 37 //
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 7 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 25 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 26 disclosure of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 37 // 1 requests for further information, or follow-up information after report to COUNTY, when such request 2 is made by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Community Support and Recovery Center Services, Agreement for Provision of Integrated Community Services, Agreement for Provision of Integrated Community Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 x 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 22 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Agreement for Provision of Homeless Bridge Housing Services, Agreement for Provision of Administrative Services, Agreement for Provision of Collaborative Courts Full Service Partnership/Wraparound Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty twenty-four (24) hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-–free telephone number, an e-–mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b.(1)–(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow–up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Substance Use Disorder Treatment Services Agreement, Contract for Provision of Services, Agreement for Provision of Perinatal Drug Medi Cal Substance Use Disorder Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 4 contracts
Samples: Contract for Provision of Adult Mental Health Psychiatric Skilled Nursing Facility Services, Contract for Provision of Services, Contract for Provision of Adult Mental Health Psychiatric Skilled Nursing Facility Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal common law of agency.
26 2. CONTRACTOR Contractor shall provide the notification of the Breach immediately without unreasonable delay and, in any event, within ten business days after discovery, to the COUNTY 27 County Privacy Officer. CONTRACTOROfficer at:
a. Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.. Xxxxx Xx, County Privacy Officer, CHPC,CHC,CHP OCIT – Enterprise Privacy and Cybersecurity 0000 X. Xx. Xxxxxxx Xxxxx Santa Ana, CA 00000 (000) 000-0000 Xxxxx.Xx@xxxx.xxxxx.xxx or xxxxxxxxxxxxxx@xxxxx.xxx Xxxxxx Xxxxxxx, Chief Information Security Officer OCIT – Enterprise Privacy & Cybersecurity 0000 X. Xx. Xxxxxxx Xxxxx Santa Ana, CA 00000 (000) 000-0000 Xxxxxx.Xxxxxxx@xxxx.xxxxx.xxx
29 3. CONTRACTORContractor’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 (1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 (2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 (3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 (4) A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 (5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, and any governmental entities requiring notification at the sole discretion of the 12 COUNTYCounty. Such notification will contain the elements required in 45 CFR § 164.410 or applicable state law. Contractor agrees that the County will be given reasonable advance opportunity to review the proposed notice or other related communications to any individual or third party regarding the breach; the County may propose revised or additional content to the materials which will be given reasonable consideration by Contractor (or its agent).
13 5. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 provided as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY County pursuant to Subparagraph F.2. E.2 above.
25 8. CONTRACTOR Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
9. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Claims Administration Agreement, Claims Administration Agreement, Claims Administration Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty twenty-four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 20 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 32 requests for further information, or follow-up information after report to COUNTY, when such request 33 is made by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Agreement for Provision of Services, Agreement for Provision of on Site Psychiatry and Telepsychiatry Services, Agreement for Provision of on Site Psychiatry and Telepsychiatry Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Contract for Behavioral Health Outpatient Services, Contract for Provision of Services, Agreement for Provision of Behavioral Health Outpatient Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 24 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Agreement for Provision of Behavioral Health Calworks Services, Agreement for Provision of Behavioral Health Calworks Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 21 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 22 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 23 enforcement official pursuant to 45 CFR § 164.412.
20 24 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 25 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 26 to CONTRACTOR.
23 27 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 28 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 29 other agent of CONTRACTOR, as determined by federal common law of agency.
26 30 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 31 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 32 within twenty twenty-four (24) hours of the oral notification.
29 33 3. CONTRACTOR’s notification shall include, to the extent possible:
30 34 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 35 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 36 b. Any other information that COUNTY is required to include in the notification to 33 37 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 2 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-–free telephone number, an e-–mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 15 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 16 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 17 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 18 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required 19 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 20 of PHI did not constitute a Breach.
18 21 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 22 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 23 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 24 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b.(1)–(5) above, if not yet provided, to permit 22 25 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 26 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 27 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 28 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 29 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 30 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 31 for further information, or follow–up information after report to COUNTY, when such request is made 32 by COUNTY.
33 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other 34 costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in 35 addressing the Breach and consequences thereof, including costs of investigation, notification, 36 remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Agreement for Provision of Adult Residential Drug Medi Cal Withdrawal Management Services, Agreement for Provision of Adult Residential Drug Medi Cal Withdrawal Management Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 14 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 15 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 16 law enforcement official pursuant to 45 CFR § 164.412.
20 17 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 18 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 19 known to CONTRACTOR.
23 20 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 21 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 22 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 23 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 24 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 25 notification within twenty four (24) hours of the oral notification.
29 26 3. CONTRACTOR’s notification shall include, to the extent possible:
30 27 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 28 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 29 b. Any other information that COUNTY is required to include in the notification to 33 30 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 31 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 32 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 33 1) A brief description of what happened, including the date of the Breach and the date 37 34 of the discovery of the Breach, if known;
1 35 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 36 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 37 disability code, or other types of information were involved);
4 1 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 3 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 4 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5 5) Contact procedures for Individuals to ask questions or learn additional information, 9 6 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 7 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 8 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 9 COUNTY.
13 10 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 11 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 12 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 13 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 14 disclosure of PHI did not constitute a Breach.
18 15 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 16 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 17 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 18 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 19 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 20 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 21 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 22 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Contract for Provision of Behavioral Health Services, Contract for Provision of Behavioral Health Services, Agreement for Provision of Behavioral Health Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR orCONTRACTOR, or by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, Breach if the Breach is 24 known, or by exercising reasonable diligence diligence, would have been known, to any person who is an 25 employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an eE-mail Mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Agreement for Provision of Collaborative Court Full Service Partnership Services, Agreement for Provision of Enhanced Recovery Full Service Partnership Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 24 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Agreement for Provision of Administrative Services, Agreement for Provision of Services, Agreement for Provision of Transitional Age Youth Full Service Partnership/Wraparound Services
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 22 enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 25 to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 27 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 28 other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 31 within twenty four (24) 24 hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 2 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 15 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 16 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 17 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 18 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 19 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of 20 PHI did not constitute a Breach.
18 21 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 22 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 23 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 24 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 25 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 26 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 27 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 28 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 29 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after // 30 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 31 requests for further information, or follow-up information after report to COUNTY, when such request is 32 made by COUNTY.
33 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other 34 costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in 35 addressing the Breach and consequences thereof, including costs of investigation, notification, 36 remediation, documentation or other costs associated with addressing the Breach. 37 //
Appears in 3 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Agreement for Provision of Behavioral Health Outpatient Services, Agreement for Provision of Behavioral Health Outpatient Services, Agreement for Provision of Behavioral Health Outpatient Services
BREACH DISCOVERY AND NOTIFICATION. 17 24 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 25 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 26 law enforcement official pursuant to 45 CFR § 164.412.
20 27 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 28 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 29 known to CONTRACTOR.
23 30 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 31 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 32 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 33 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 34 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 35 notification within twenty four (24) 24 hours of the oral notification.
29 36 3. CONTRACTOR’s notification shall include, to the extent possible:: 37 //
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 6 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 19 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 24 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 25 of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Contract for Provision of Homeless Bridge Housing Services, Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about theof
Appears in 3 contracts
Samples: Contract for Transitional Age Youth Crisis Residential Services, Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 22 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 23 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 24 law enforcement official pursuant to 45 CFR § 164.412.
20 25 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 26 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 27 known to CONTRACTOR.
23 28 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 29 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 30 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 31 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 32 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 33 notification within twenty four (24) 24 hours of the oral notification.
29 34 3. CONTRACTOR’s notification shall include, to the extent possible:
30 35 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 36 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;; 37
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 22 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 23 of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Medical Transportation Services, Contract for Provision of Medical Transportation Services, Contract for Provision of Medical Transportation Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 24 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 3 contracts
Samples: Agreement No. Ma 042 18010156 for Children’s Crisis Residential Services, Agreement for Provision of Children's Full Service Partnership/Wraparound Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 30 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 31 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 7 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 25 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 26 disclosure of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 37 // 1 requests for further information, or follow-up information after report to COUNTY, when such request 2 is made by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Contract for Children and Transitional Age Youth Full Service Partnership/Wraparound Services for Co Occurring Disorders, Agreement for Provision of Behavioral Health Services, Agreement for Provision of Behavioral Health Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Agreement for Provision of Services, Behavioral Health Outpatient Services Agreement, Behavioral Health Outpatient Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 21 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 22 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 23 enforcement official pursuant to 45 CFR § 164.412.
20 24 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 25 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 26 to CONTRACTOR.
23 27 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 28 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 29 other agent of CONTRACTOR, as determined by federal common law of agency.
26 30 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 31 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 32 within twenty four (24) 24 hours of the oral notification.
29 33 3. CONTRACTOR’s notification shall include, to the extent possible:
30 34 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 35 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;; 36 //
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 4 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the45
Appears in 3 contracts
Samples: Contract for Provision of Medical Transportation Services, Contract for Provision of Medical Transportation Services, Contract for Provision of Medical Transportation Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. a. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. 1) A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR 2) Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal or state common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR3) Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTORb. Notices shall be sent to the following address: Xxxx Xxxxx, LMFT Behavioral Health Administrator 0000 Xxxxxxx Xxxxxx San Luis Obispo, CA 93401-4535
c. Contractor’s notification shall include, to the extent possible:
30 a. 1) The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. 2) Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) i. A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) ii. A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) iii. Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) iv. A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) v. Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web web site, or postal address.
10 4. COUNTY d. County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 5. e. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR f. Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR g. Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen ten (1510) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. aboveCounty.
25 8. CONTRACTOR h. Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
i. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
j. Contractor shall train and use reasonable measures to ensure compliance with the requirements of this Exhibit by employees who assist in the performance of functions or activities on behalf of County under this Contract and use or disclose protected information; and discipline employees who intentionally violate any provisions.
Appears in 3 contracts
Samples: Contract for Behavioral Health Services, Contract for Behavioral Health Services, Contract for Behavioral Health Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 3 contracts
Samples: Housing Navigator Services Agreement, Agreement No. Ma 042 19010188 for School Based Gang Prevention Services, Outreach and Engagement Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIProtected Health Information, CONTRACTOR CFCOC shall notify 18 COUNTY of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 law enforcement official official, pursuant to 45 CFR § 164.412.
20 a. 2. A Breach shall be treated as discovered by CONTRACTOR CFCOC as of the first day on which 21 such the Breach is known to CONTRACTOR orthe CFCOC, or by exercising reasonable diligence, would have been 22 known to CONTRACTORCFCOC.
23 b. CONTRACTOR 3. CFCOC shall be deemed to have knowledge of a Breach, Breach if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORthe CFCOC, as determined by federal common law of agencyin accordance with 45 CFR 164.410.
26 24. CONTRACTOR CFCOC shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officerwithout unreasonable delay, and in no case later than five (5) business days after a Breach.
5. CONTRACTORCFCOC’s notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification. Thereafter, CFCOC shall provide written notification containing the contents stated below, within five (5) business days. CFCOC shall be required to provide any other information relevant to the Breach in writing, as soon as discovered, or as soon as the information is available.
29 36. CONTRACTORCFCOC’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI unsecured protected health information has been, or is reasonably 31 believed by CONTRACTOR CFCOC to have been, accessed, acquired, used, or disclosed during the Breach;,
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under it must provide pursuant to 45 CFR §164.404 (c) ), at the time CONTRACTOR CFCOC is required to notify COUNTY COUNTY, or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI Protected Health Information that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR CFCOC is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 47. COUNTY may require CONTRACTOR CFCOC to provide notice to the Individual as required in 11 45 CFR § 164.404, 164.404 if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 58. In the event that CONTRACTOR CFCOC is responsible for for, or suffers a Breach of Unsecured PHI Protected Health Information, in violation 14 of the HIPAA Privacy Rule, CONTRACTOR CFCOC shall have the burden of demonstrating that 15 CONTRACTOR CFCOC made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification Notification regulations, or, or in the alternative, that the acquisition, access, use, use or 17 disclosure of PHI did not constitute a BreachBreach as defined in 45 CFR § 164.402.
18 69. CONTRACTOR CFCOC shall maintain documentation of all required notifications required pursuant to this MOU in the event of a Breach an impermissible use or 19 disclosure of Unsecured Protected Health Information, or its risk assessment under 45 CFR § 164.402 of the application of an exception to demonstrate that a Breach did the notification was not occurrequired.
20 710. CONTRACTOR CFCOC shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, Breach to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 the HITECH Act, as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s reporting the initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. abovethe COUNTY.
25 811. CONTRACTOR CFCOC shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of fifteen (15) calendar days after the last report to COUNTY. CFCOC shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
12. CFCOC shall bear all expense or other costs associated with the Breach, and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Memorandum of Understanding, Memorandum of Understanding
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Outpatient Services, Agreement for Provision of Adolescent Residential Recovery Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 4 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 22 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 23 of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 34 for further information, or follow-up information after report to COUNTY, when such request is made 35 by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Hiv Care Services Agreement, Hiv Care Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal common law of agency.
26 2. CONTRACTOR Contractor shall provide the notification of the Breach immediately to the COUNTY 27 County Privacy Officer. CONTRACTOROfficer at Xxxx Xxxxxxx, County Privacy Officer 000 X. 0xx Xxxxxx Xxxxx Xxx, XX 00000 (000) 000-0000 xxxxxxxx@xxxxx.xxx Or Xxxxx Xx, Deputy County Privacy Officer 000 X. 0xx Xxxxxx Xxxxx Xxx, XX 00000 (000) 000-0000 xxxx@xxxxx.xxx
a. Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTORContractor’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 (1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 (2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 (3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 (4) A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future BreachesXxxxxxxx; and
8 (5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 5. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY County pursuant to Subparagraph F.2. E.2 above.
25 8. CONTRACTOR Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
9. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Administrative Services Agreement, Administrative Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty twenty-four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 2 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 20 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 32 for further information, or follow-up information after report to COUNTY, when such request is made 33 by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Services, Agreement for Provision of Adult Mental Health Intensive Residential Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § §164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Drug Medi Cal Narcotic Replacement Therapy Treatment Services, Agreement for Provision of Drug Medi Cal Narcotic Replacement Therapy Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 24 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 25 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 26 law enforcement official pursuant to 45 CFR § 164.412.
20 27 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 28 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 29 known to CONTRACTOR.
23 30 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 31 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 32 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 33 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 34 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 35 notification within twenty four (24) 24 hours of the oral notification.
29 36 3. CONTRACTOR’s notification shall include, to the extent possible:: 37 //
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 6 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 19 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 20 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 21 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 22 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 23 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 24 of PHI did not constitute a Breach.
18 25 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 26 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 27 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 28 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 29 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 30 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 31 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 32 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar 4 or business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Short Term Housing Services, Agreement for Provision of Short Term Housing Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Contract Amendment for Provision of Temporary Isolation Shelter Services, Contract for Provision of Sobering Center Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 24 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 25 of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Contract for Provision of Services, Agreement for Provision of Early Childhood Mental Health Consultation Services
BREACH DISCOVERY AND NOTIFICATION. 17 22 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 23 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 24 law enforcement official pursuant to 45 CFR § 164.412.
20 25 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 26 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 27 known to CONTRACTOR.
23 28 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 29 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 30 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 31 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 32 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 33 notification within twenty four (24) 24 hours of the oral notification.
29 34 3. CONTRACTOR’s notification shall include, to the extent possible:
30 35 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 36 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;; 37 //
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 22 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 23 of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Services, Agreement for Provision of Targeted Case Management Services
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 20 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 32 requests for further information, or follow-up information after report to COUNTY, when such request 33 is made by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of on Site Engagement in Collaborative Courts Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 22 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 23 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 24 law enforcement official pursuant to 45 CFR § 164.412.
20 25 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on 26 which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have 27 been 22 known to CONTRACTOR.
23 28 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 29 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 30 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 31 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 32 Privacy OfficerOfficer at 000-000-0000.
33 3. CONTRACTOR’s ’S notification may be oral, but shall be followed by written 28 notification 34 within twenty four (24) 24 hours of the oral notification.
29 335 4. CONTRACTOR’s ’S notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach 8 (such 2 as whether full name, social security number, date of birth, home address, account number, 9 diagnosis, 3 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 416 5. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 519 6. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required 22 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 624 7. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 726 8. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 831 9. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 10. CONTRACTOR shall bear all expense or other costs associated with the Breach and shall 37 reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences 1 thereof, including costs of investigation, notification, remediation, documentation or other costs 2 associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Physician Services, Agreement for Provision of Physician Services
BREACH DISCOVERY AND NOTIFICATION. 17 15 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 16 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 17 enforcement official pursuant to 45 CFR § 164.412.
20 18 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 19 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 20 to CONTRACTOR.
23 21 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 22 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 23 other agent of CONTRACTOR, as determined by federal common law of agency.
26 24 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 25 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 26 within twenty four (24) 24 hours of the oral notification.
29 27 3. CONTRACTOR’s notification shall include, to the extent possible:
30 28 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 29 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 30 b. Any other information that COUNTY is required to include in the notification to 33 31 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 32 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar or 33 business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 34 1) A brief description of what happened, including the date of the Breach and the date 37 35 of the discovery of the Breach, if known;
1 36 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 37 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 1 disability code, or other types of information were involved);
4 2 3) Any steps Individuals should take to protect themselves from potential harm 5 3 resulting from the Breach;
6 4 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 5 mitigate harm to Individuals, and to protect against any future Breaches; and
8 6 5) Contact procedures for Individuals to ask questions or learn additional information, 9 7 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 8 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 9 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 10 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 11 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 12 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required 13 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 14 of PHI did not constitute a Breach.
18 15 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 16 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 17 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 18 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 19 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 20 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 21 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 22 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Recovery Residence Services, Agreement for Provision of Recovery Residence Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIProtected Health Information, CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official official, pursuant to 45 CFR § 164.412.
20 a. 2. A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such the Breach is known to CONTRACTOR orthe Contractor, or by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR 3. Contractor shall be deemed to have knowledge of a Breach, Breach if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORthe Contractor, as determined by federal common law of agency.
26 24. CONTRACTOR Contractor shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officerwithout unreasonable delay, and in no case later than five (5) business days after a Breach.
5. CONTRACTORContractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification. Thereafter, Contractor shall provide written notification containing the contents stated below, within five (5) business days. Contractor shall be required to provide any other information relevant to the Breach in writing, as soon as discovered, or as soon as the information is available.
29 36. CONTRACTORContractor’s notification shall include, to the extent possible:
30 a. a) The identification of each Individual whose Unsecured PHI unsecured protected health information has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;,
32 b. b) Any other information that COUNTY County is required to include in the notification to 33 Individual under it must provide pursuant to 45 CFR §164.404 (c) ), at the time CONTRACTOR Contractor is required to notify COUNTY County, or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) i. A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) ii. A description of the types of Unsecured PHI Protected Health Information that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) iii. Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) iv. A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) v. Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 47. COUNTY County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, 164.404 if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 58. In the event that CONTRACTOR Contractor is responsible for for, or suffers a Breach of Unsecured PHI Protected Health Information, in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY consistent with this Subparagraph F and County as 16 required by the Breach notification Notification regulations, or, or in the alternative, that the acquisition, access, use, use or 17 disclosure of PHI did not constitute a BreachBreach as defined in 45 CFR § 164.402.
18 69. CONTRACTOR Contractor shall maintain documentation of all required notifications required pursuant to this Agreement in the event of a Breach an impermissible use or 19 disclosure of Unsecured Protected Health Information, or its risk assessment under 45 CFR § 164.402 of the application of an exception to demonstrate that a Breach did the notification was not occurrequired.
20 710. CONTRACTOR Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, Breach to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 the HITECH Act, as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s reporting the initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. abovethe County.
25 811. CONTRACTOR Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of fifteen (15) calendar days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
12. Contractor shall bear all expense or other costs associated with the Breach, and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Rental Agreement, Rental Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 x 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Services, Agreement for Provision of Recovery Maintenance Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 4 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 22 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 23 of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 34 for further information, or follow-up information after report to COUNTY, when such request is made 35 by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Services, Hiv Care Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 22 enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 25 to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 27 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 28 other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 31 within twenty twenty-four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 1 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 2 1) A brief description of what happened, including the date of the Breach and the date 37 3 of the discovery of the Breach, if known;
1 4 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 5 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 6 disability code, or other types of information were involved);
4 7 3) Any steps Individuals should take to protect themselves from potential harm 5 8 resulting from the Breach;
6 9 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 10 mitigate harm to Individuals, and to protect against any future Breaches; and
8 11 5) Contact procedures for Individuals to ask questions or learn additional information, 9 12 which shall include a toll-–free telephone number, an e-–mail address, Web site, or postal address.
10 13 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 14 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 15 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 16 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 17 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required 18 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 19 of PHI did not constitute a Breach.
18 20 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 21 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 22 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 23 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b.(1)–(5) above, if not yet provided, to permit 22 24 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 25 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 26 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 27 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services, Agreement for Provision of Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty four (24) 24 hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 20 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 32 requests for further information, or follow-up information after report to COUNTY, when such request 33 is made by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Adult Supported Employment Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 x 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Adult Non Drug Medi Cal Detoxification Services, Agreement for Provision of School Readiness Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 30 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 31 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) 24 hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 7 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 25 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 26 of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 37 // 1 for further information, or follow-up information after report to COUNTY, when such request is made 2 by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Hiv Care Services, Agreement for Provision of Hiv Prevention Services
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, oral but shall be followed by written 28 31 notification within twenty twenty-four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 20 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 32 requests for further information, or follow-up information after report to COUNTY, when such request 33 is made by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Inpatient Behavioral Health Services, Agreement for Provision of Inpatient Behavioral Health Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 25 enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 28 to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 30 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 31 other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 33 Privacy Officer. .
34 a. CONTRACTOR’s ’S notification may be oral, but shall be followed by written 28 notification 35 within twenty four (24) 24 hours of the oral notification.
29 36 3. CONTRACTOR’s ’S notification shall include, to the extent possible:: 37 //
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 6 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 19 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 20 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 21 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 22 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 23 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of 24 PHI did not constitute a Breach.
18 25 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 26 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 27 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 28 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 29 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 30 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 31 COUNTY pursuant to Subparagraph F.2. E.2 above.
25 32 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for the Provision of Services, Agreement for the Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty twenty-four (24) hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to IndividualsIndividua ls, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-–free telephone number, an e-–mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b.(1)–(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow–up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services, Agreement for Provision of Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar 6 or business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 24 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Mental Health Residential Rehabilitation and Enhanced Residential Rehabilitation Services, Agreement for Provision of Mental Health Residential Rehabilitation and Enhanced Residential Rehabilitation Services
BREACH DISCOVERY AND NOTIFICATION. 17 16 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 17 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 18 law enforcement official pursuant to 45 CFR § 164.412.
20 19 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 20 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 21 known to CONTRACTOR.
23 22 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 23 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 24 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 25 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 26 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 27 notification within twenty twenty-four (24) hours of the oral notification.
29 28 3. CONTRACTOR’s notification shall include, to the extent possible:
30 29 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 30 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 31 b. Any other information that COUNTY is required to include in the notification to 33 32 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 33 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 34 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services, Agreement for Provision of Adult Residential Drug Medi Cal Substance Use Disorder Treatment Services
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty twenty-four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 11 of 14 EXHIBIT B 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Medi Cal Mental Health Managed Care Psychiatric Inpatient Hospital Services, Contract for Provision of Medi Cal Mental Health Managed Care Psychiatric Inpatient Hospital Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Suicide Prevention Services, Agreement for Provision of Hiv Care Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on 30 which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have 31 been 22 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) 24 hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 7 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach 11 (such 2 as whether full name, social security number, date of birth, home address, account number, 12 diagnosis, 3 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required 25 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 26 disclosure of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 37 // 1 for further information, or follow-up information after report to COUNTY, when such request is made 2 by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for the Provision of Psychiatry Services, Agreement for the Provision of Direct Digital Radiology Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) calendar 6 or business day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 24 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Services, Agreement for Provision of Sober Living Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.written
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.after
25 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe Breach to COUNTY as it may become available, in reporting increments of five (5) business days after the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such request is made by COUNTY.
9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Services, Contract for Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal common law of agency.
26 2. CONTRACTOR Contractor shall provide the notification of the Breach immediately to the COUNTY 27 County Privacy Officer. CONTRACTOROfficer at Xxxx Xxxxxxx, County Privacy Officer 000 X. 0xx Xxxxxx Xxxxx Xxx, XX 00000 (000) 000-0000 xxxxxxxx@xxxxx.xxx xxxxxxxxxxxxxx@xxxxx.xxx Or Xxxxx Xx, Deputy County Privacy Officer 000 X. 0xx Xxxxxx Xxxxx Xxx, XX 00000 (000) 000-0000 xxxx@xxxxx.xxx XXXXX@xxxxx.xxx
a. Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTORContractor’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 (1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 (2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 (3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 (4) A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future BreachesXxxxxxxx; and
8 (5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 5. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY County pursuant to Subparagraph F.2. E.2 above.
25 8. CONTRACTOR Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
9. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Administrative Services Agreement, Administrative Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty four (24) hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 20 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 32 requests for further information, or follow-up information after report to COUNTY, when such request 33 is made by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Behavioral Health Training Services, Agreement for Provision of on Site Engagement in Collaborative Courts Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 30 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 31 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) 24 hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 7 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 20 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 25 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 26 of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 37 for further information, or follow-up information after report to COUNTY, when such request is made 1 by COUNTY.
2 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 3 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 4 in addressing the Breach and consequences thereof, including costs of investigation, notification, 5 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 14 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 15 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 16 law enforcement official pursuant to 45 CFR § 164.412.
20 17 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 18 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 19 known to CONTRACTOR.
23 20 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 21 known, or by exercising reasonable diligence would have been known, to any person who is an 22 employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 23 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 24 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 25 notification within twenty twenty-four (24) hours of the oral notification.
29 26 3. CONTRACTOR’s notification shall include, to the extent possible:
30 27 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 28 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 29 b. Any other information that COUNTY is required to include in the notification to 33 30 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 31 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 32 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 33 1) A brief description of what happened, including the date of the Breach and the date 37 34 of the discovery of the Breach, if known;
1 35 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 36 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 37 disability code, or other types of information were involved);
4 1 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 3 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 4 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5 5) Contact procedures for Individuals to ask questions or learn additional information, 9 6 which shall include a toll-free telephone number, an eE-mail Mail address, Web site, or postal address.
10 7 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 8 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 9 COUNTY.
13 10 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 11 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 12 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 13 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 14 disclosure of PHI did not constitute a Breach.
18 15 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 16 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 17 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 18 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 19 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 20 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 21 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 22 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Contract for Provision of Services, Contract for Provision of Non Emergency Transportation Services
BREACH DISCOVERY AND NOTIFICATION. 17 20 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 21 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 22 law enforcement official pursuant to 45 CFR § 164.412.
20 23 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 24 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 25 known to CONTRACTOR.
23 26 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 27 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 28 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 29 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 30 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 31 notification within twenty four (24) 24 hours of the oral notification.
29 32 3. CONTRACTOR’s notification shall include, to the extent possible:
30 33 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 34 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 35 b. Any other information that COUNTY is required to include in the notification to 33 36 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 37 // 1 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 2 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 3 1) A brief description of what happened, including the date of the Breach and the date 37 4 of the discovery of the Breach, if known;
1 5 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 6 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 7 disability code, or other types of information were involved);
4 8 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;harm
6 10 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 11 mitigate harm to Individuals, and to protect against any future Breaches; and
8 12 5) Contact procedures for Individuals to ask questions or learn additional information, 9 13 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 14 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 15 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 16 COUNTY.
13 17 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 18 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 19 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 20 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 21 disclosure of PHI did not constitute a Breach.
18 22 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 23 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 24 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 25 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 26 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 27 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 28 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 29 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 30 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 31 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 32 requests for further information, or follow-up information after report to COUNTY, when such request 33 is made by COUNTY.
34 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 35 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 36 in addressing the Breach and consequences thereof, including costs of investigation, notification, 37 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Services, Contract for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 22 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 23 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 24 law enforcement official pursuant to 45 CFR § 164.412.
20 25 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 26 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 27 known to CONTRACTOR.
23 28 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 29 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 30 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 31 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 32 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 33 notification within twenty four (24) 24 hours of the oral notification.
29 34 3. CONTRACTOR’s notification shall include, to the extent possible:
30 35 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 36 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;; 37 //
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 4 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required 22 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 23 of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 29 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach 30 to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 34 for further information, or follow-up information after report to COUNTY, when such request is made 35 by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Housing Full Service Partnership Services Agreement, Housing Full Service Partnership Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 22 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Survivor Support Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 25 law enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 28 known to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 30 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 31 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 34 notification within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 22 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 23 disclosure of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Substance Use Disorder Residential Opiate Treatment Services, Substance Use Disorder Residential Opiate Treatment Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 1. a. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. 1) A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR 2) Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal or state common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR3) Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) 24 hours of the oral notification.
29 3. CONTRACTORb. Notices shall be sent to the following address: Xxxx Xxxxx, LMFT Behavioral Health Administrator 0000 Xxxxxxx Xxxxxx San Luis Obispo, CA 93401-4535
c. Contractor’s notification shall include, to the extent possible:
30 a. 1) The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. 2) Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) i. A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) ii. A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) iii. Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) iv. A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) v. Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web web site, or postal address.
10 4. COUNTY d. County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 5. e. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR f. Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur...
20 7. CONTRACTOR g. Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen ten (1510) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. aboveCounty.
25 8. CONTRACTOR h. Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
i. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
j. Contractor shall train and use reasonable measures to ensure compliance with the requirements of this Exhibit by employees who assist in the performance of functions or activities on behalf of County under this Contract and use or disclose protected information; and discipline employees who intentionally violate any provisions.
Appears in 2 contracts
Samples: Contract for Behavioral Health Services, Contract for Behavioral Health Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIProtected Health Information, CONTRACTOR COMMISSION shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official official, pursuant to 45 CFR § 164.412.
20 a. 2. A Breach shall be treated as discovered by CONTRACTOR COMMISSION as of the first day on which 21 such the Breach is known to CONTRACTOR orthe COMMISSION, or by exercising reasonable diligence, would have been 22 known to CONTRACTORCOMMISSION.
23 b. CONTRACTOR 3. COMMISSION shall be deemed to have knowledge of a Breach, Breach if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORthe COMMISSION, as determined by federal common law of agency.
26 24. CONTRACTOR COMMISSION shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officerwithout unreasonable delay, and in no case later than five (5) business days after a Breach.
5. CONTRACTOR’s The notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification. Thereafter, COMMISSION shall provide written notification containing the contents stated below, within five (5) business days. COMMISSION shall be required to provide any other information relevant to the Breach in writing, as soon as discovered, or as soon as the information is available.
29 36. CONTRACTORCOMMISSION’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI unsecured protected health information has been, or is reasonably 31 believed by CONTRACTOR COMMISSION to have been, accessed, acquired, used, or disclosed during the Breach;,
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under it must provide pursuant to 45 CFR §164.404 (c) ), at the time CONTRACTOR COMMISSION is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI Protected Health Information that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is the parties are doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 47. COUNTY may require CONTRACTOR COMMISSION to provide notice to the Individual as required in 11 45 CFR § 164.404, 164.404 if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 58. In the event that CONTRACTOR COMMISSION is responsible for for, or suffers a Breach of Unsecured PHI Protected Health Information, in violation 14 of the HIPAA Privacy Rule, CONTRACTOR COMMISSION shall have the burden of demonstrating that 15 CONTRACTOR COMMISSION made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification Notification regulations, or, or in the alternative, that the acquisition, access, use, use or 17 disclosure of PHI did not constitute a BreachBreach as defined in 45 CFR § 164.402.
18 69. CONTRACTOR COMMISSION shall maintain documentation of all required notifications required pursuant to this MOU in the event of a Breach an impermissible use or 19 disclosure of Unsecured Protected Health Information, or its risk assessment under 45 CFR § 164.402 of the application of an exception to demonstrate that a Breach did the notification was not occurrequired.
20 710. CONTRACTOR COMMISSION shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, Breach to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 the HITECH Act, as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s reporting the initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. abovethe COUNTY.
25 811. CONTRACTOR COMMISSION shall continue to provide all additional pertinent information about thethe Breach as it may become available, in reporting increments of fifteen (15) calendar days after the last report. COMMISSION shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to COUNTY, when such requested by COUNTY.
12. COMMISSION shall bear all expense or other costs associated with the Breach, that are incurred in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Memorandum of Understanding, Memorandum of Understanding
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) hours of the oral notification.
29 . 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Services, Behavioral Health Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR Contractor shall notify 18 COUNTY County of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR Contractor as of the first day on which 21 such Breach is known to CONTRACTOR Contractor or, by exercising reasonable diligence, would have been 22 known to CONTRACTORContractor.
23 b. CONTRACTOR Contractor shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTORContractor, as determined by federal common law of agency.
26 2. CONTRACTOR Contractor shall provide the notification of the Breach immediately to the COUNTY 27 County Privacy Officer. CONTRACTOROfficer at County Privacy Officer Interim County Privacy Officer HCA Information Technology Security Officer Not Available Xxxxx Le, CHP, CHPC (714) 834-4082 0000 X. Xxxxx Xxx., Xxxxx Xxx, XX 00000 Xxxxx.Xx@xxxxx.xxxxx.xxx Xxxxx Xxxxxxxxxxx (714) 834-3433 000 X. Xxxxx Xxx Xxxx., 10th Floor Santa Ana, CA 92701 xxxxxxxxxxxx@xxxxx.xxx
a. Contractor’s notification may be oral, but shall be followed by written 28 notification within twenty twenty-four (24) hours of the oral notification.
29 3. CONTRACTORContractor’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR Contractor to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY County is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR Contractor is required to notify COUNTY County or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 (1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 (2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 (3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 (4) A brief description of what CONTRACTOR Contractor is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 (5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY County may require CONTRACTOR Contractor to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTYCounty.
13 5. In the event that CONTRACTOR Contractor is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR Contractor shall have the burden of demonstrating that 15 CONTRACTOR Contractor made all notifications to COUNTY County consistent with this Subparagraph F Paragraph E and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR Contractor shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR Contractor shall provide to COUNTY County all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY County to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORContractor’s initial report of 24 the Breach to COUNTY County pursuant to Subparagraph F.2. E.2 above.
25 8. CONTRACTOR Contractor shall continue to provide all additional pertinent information about thethe Breach to County as it may become available, in reporting increments of five (5) business days after the last report to County. Contractor shall also respond in good faith to any reasonable requests for further information, or follow-up information after report to County, when such request is made by County.
9. Contractor shall bear all expense or other costs associated with the Breach and shall reimburse County for all expenses County incurs in addressing the Breach and consequences thereof, including costs of investigation, notification, remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Urinalysis Laboratory Testing Services, Urinalysis Laboratory Testing Services
BREACH DISCOVERY AND NOTIFICATION. 17 27 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 28 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 x 29 law enforcement official pursuant to 45 CFR § 164.412.
20 30 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 31 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 32 known to CONTRACTOR.
23 33 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 34 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 35 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.. 36 // 37 //
26 1 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 2 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 3 notification within twenty four (24) 24 hours of the oral notification.
29 4 3. CONTRACTOR’s notification shall include, to the extent possible:
30 5 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 6 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 7 b. Any other information that COUNTY is required to include in the notification to 33 8 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 9 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 10 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 11 1) A brief description of what happened, including the date of the Breach and the date 37 12 of the discovery of the Breach, if known;
1 13 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 14 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 15 disability code, or other types of information were involved);
4 16 3) Any steps Individuals should take to protect themselves from potential harm 5 17 resulting from the Breach;
6 18 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 19 mitigate harm to Individuals, and to protect against any future Breaches; and
8 20 5) Contact procedures for Individuals to ask questions or learn additional information, 9 21 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 22 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 23 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 24 COUNTY.
13 25 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 26 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 27 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph subparagraph F and as 16 required 28 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 29 disclosure of PHI did not constitute a Breach.
18 30 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 31 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 32 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 33 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 34 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 35 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 36 the Breach to COUNTY pursuant to Subparagraph F.2F.2 above. above.37 //
25 1 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Inpatient Mental Health Services for Youth, Agreement for Provision of Inpatient Mental Health Services for Youth
BREACH DISCOVERY AND NOTIFICATION. 17 23 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law 25 enforcement official pursuant to 45 CFR § 164.412.
20 26 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 27 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known 28 to CONTRACTOR.
23 29 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 30 or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or 31 other agent of CONTRACTOR, as determined by federal common law of agency.
26 32 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 33 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification 34 within twenty four (24) 24 hours of the oral notification.
29 35 3. CONTRACTOR’s notification shall include, to the extent possible:
30 36 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 37 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 4 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the45
Appears in 2 contracts
Samples: Agreement for Provision of Collaborative Courts Full Service Partnership/Wraparound Services, Agreement for Provision of Warmline Services
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Transitional Age Youth Crisis Residential Services, Agreement for Provision of Transitional Age Youth Crisis Residential Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties Parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) 24 hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 24 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Services, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 26 1. Following the discovery of a Breach of Unsecured PHIPHI , CONTRACTOR shall notify 18 27 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 28 law enforcement official pursuant to 45 CFR § 164.412.
20 29 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 30 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 31 known to CONTRACTOR.
23 32 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 33 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 34 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 35 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 36 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 37 notification within twenty four (24) 24 hours of the oral notification.
29 1 3. CONTRACTOR’s notification shall include, to the extent possible:
30 2 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 3 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 4 b. Any other information that COUNTY is required to include in the notification to 33 5 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 6 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 7 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 8 1) A brief description of what happened, including the date of the Breach and the date 37 9 of the discovery of the Breach, if known;
1 10 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 12 disability code, or other types of information were involved);
4 13 3) Any steps Individuals should take to protect themselves from potential harm 5 14 resulting from the Breach;
6 15 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 16 mitigate harm to Individuals, and to protect against any future Breaches; and
8 17 5) Contact procedures for Individuals to ask questions or learn additional information, 9 18 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 19 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 20 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 21 COUNTY.
13 22 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 23 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 24 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph Paragraph F and as 16 required by 25 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 26 of PHI did not constitute a Breach.
18 27 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 28 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 29 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 30 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 31 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 32 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 33 the Breach to COUNTY pursuant to Subparagraph F.2. F.2 above.
25 34 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 35 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 36 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable requests 37 // 1 for further information, or follow-up information after report to COUNTY, when such request is made 2 by COUNTY.
3 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 4 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 5 in addressing the Breach and consequences thereof, including costs of investigation, notification, 6 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Agreement for Provision of Services, Hiv Housing Plus Project Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 22 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 23 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 24 law enforcement official pursuant to 45 CFR § 164.412.
20 25 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 26 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 27 known to CONTRACTOR.
23 28 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 29 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 30 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 31 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 32 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 33 notification within twenty four (24) 24 hours of the oral notification.
29 34 3. CONTRACTOR’s notification shall include, to the extent possible:
30 35 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 36 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;; 37
32 1 b. Any other information that COUNTY is required to include in the notification to 33 2 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 3 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 4 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 5 1) A brief description of what happened, including the date of the Breach and the date 37 6 of the discovery of the Breach, if known;
1 7 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 8 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 9 disability code, or other types of information were involved);
4 10 3) Any steps Individuals should take to protect themselves from potential harm 5 11 resulting from the Breach;
6 12 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 13 mitigate harm to Individuals, and to protect against any future Breaches; and
8 14 5) Contact procedures for Individuals to ask questions or learn additional information, 9 15 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 16 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 17 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 18 COUNTY.
13 19 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 20 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 21 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 22 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 23 of PHI did not constitute a Breach.
18 24 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 25 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 26 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 27 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 28 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 29 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 30 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 31 8. CONTRACTOR shall continue to provide all additional pertinent information about thethe 32 Breach to COUNTY as it may become available, in reporting increments of five (5) business days after 33 the last report to COUNTY. CONTRACTOR shall also respond in good faith to any reasonable 34 requests for further information, or follow-up information after report to COUNTY, when such request 35 is made by COUNTY.
36 9. If the Breach is the fault of CONTRACTOR, CONTRACTOR shall bear all expense or 37 other costs associated with the Breach and shall reimburse COUNTY for all expenses COUNTY incurs 1 in addressing the Breach and consequences thereof, including costs of investigation, notification, 2 remediation, documentation or other costs associated with addressing the Breach.
Appears in 2 contracts
Samples: Contract for Provision of Medical Transportation Services, Contract for Provision of Medical Transportation Services
BREACH DISCOVERY AND NOTIFICATION. 17 16 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 17 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 18 law enforcement official pursuant to 45 CFR § 164.412.
20 19 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 20 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 21 known to CONTRACTOR.
23 22 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 23 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 24 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 25 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 26 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 27 notification within twenty twenty-four (24) hours of the oral notification.
29 28 3. CONTRACTOR’s notification shall include, to the extent possible:
30 29 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 30 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 31 b. Any other information that COUNTY is required to include in the notification to 33 32 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 33 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 34 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 35 1) A brief description of what happened, including the date of the Breach and the date 37 36 of the discovery of the Breach, if known;
1 37 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 11 of 14 EXHIBIT B 1 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 2 disability code, or other types of information were involved);
4 3 3) Any steps Individuals should take to protect themselves from potential harm 5 4 resulting from the Breach;
6 5 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 6 mitigate harm to Individuals, and to protect against any future Breaches; and
8 7 5) Contact procedures for Individuals to ask questions or learn additional information, 9 8 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 9 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 10 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 11 COUNTY.
13 12 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 13 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 14 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 15 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 16 disclosure of PHI did not constitute a Breach.
18 17 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 18 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 19 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 20 Breach, including the information listed in Section E.3.b.(1)-(5E.3.b. (1)-(5) above, if not yet provided, to permit 22 21 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 22 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 23 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 24 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Contract for Provision of Services, Contract for Provision of Medi Cal Mental Health Managed Care Psychiatric Inpatient Hospital Services
BREACH DISCOVERY AND NOTIFICATION. 17 25 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 26 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 27 law enforcement official pursuant to 45 CFR § 164.412.
20 28 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 29 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 30 known to CONTRACTOR.
23 31 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 32 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 33 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 34 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 35 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 36 notification within twenty four (24) hours of the oral notification.
29 37 3. CONTRACTOR’s notification shall include, to the extent possible:
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period 6 set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F F. and as 16 24 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 25 disclosure of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Inpatient Substance Use/Abuse Detoxification Services Agreement, Agreement for Provision of Services
BREACH DISCOVERY AND NOTIFICATION. 17 24 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 25 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 26 law enforcement official pursuant to 45 CFR § 164.412.
20 27 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 28 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 29 known to CONTRACTOR.
23 30 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 31 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 32 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 33 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 County 34 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 35 notification within twenty four (24) 24 hours of the oral notification.
29 36 3. CONTRACTOR’s notification shall include, to the extent possible:: 37 //
30 1 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 2 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 3 b. Any other information that COUNTY is required to include in the notification to 33 4 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 5 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 6 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 7 1) A brief description of what happened, including the date of the Breach and the date 37 8 of the discovery of the Breach, if known;
1 9 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 10 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 11 disability code, or other types of information were involved);
4 12 3) Any steps Individuals should take to protect themselves from potential harm 5 13 resulting from the Breach;
6 14 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 15 mitigate harm to Individuals, and to protect against any future Breaches; and
8 16 5) Contact procedures for Individuals to ask questions or learn additional information, 9 17 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 18 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 19 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 20 COUNTY.
13 21 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 22 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 23 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F Paragraph E and as 16 required by 24 the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 25 of PHI did not constitute a Breach.
18 26 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 27 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 28 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 29 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 30 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 31 practicable, but in no event later than fifteen (15) calendar days after CONTRACTORXXXXXXXXXX’s initial report of 24 32 the Breach to COUNTY pursuant to Subparagraph F.2. E.2 above.
25 33 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Optometry Services Agreement, Optometry Services Agreement
BREACH DISCOVERY AND NOTIFICATION. 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a law 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been known 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, 24 or by exercising reasonable diligence would have been known, to any person who is an employee, 25 officer, 25 or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written notification 28 notification within twenty four -four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day period 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an eE-mail Mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 45 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 12 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 13 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 14 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required 15 by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure 16 of PHI did not constitute a Breach.
18 17 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its 18 risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 19 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 20 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 21 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, 22 but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to 23 COUNTY pursuant to Subparagraph F.2. F.2 above.
25 24 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Appears in 2 contracts
Samples: Agreement for Provision of Adult Crisis Residential Services, Agreement for Provision of Services
