Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notificati...
Breach Notification. 5.1. CONTRACTOR shall notify the COUNTY’s contract administrator concerning any breach of COUNTY data or any data incident involving CONTRACTOR’s data in which the security of COUNTY data systems may be compromised within 24 hours of the breach or incident.
Breach Notification. The following provisions apply to both a HIPAA Breach and a Security Breach as defined in Section 2 (Definitions). For this Section only, the term “Breach” refers to either a HIPAA Breach or a Security Breach, each to the extent they affect HIE Data submitted by Submitter hereunder.
a. The Parties agree that within one (1) hour of discovering information that leads the Party to reasonably believe that a Breach may have occurred, it shall alert the other Party. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Party shall provide a Notification to the other Party. The Notification should include sufficient information for the other Party to understand the nature of the Breach. For instance, such Notification could include, to the extent available at the time of the Notification, the following information:
1. One or two sentence description of the Breach
2. Description of the roles of the people involved in the Breach (e.g. employees, Authorized Users, service providers, unauthorized persons, etc.)
3. The type of data Breached
4. Submitters likely impacted by the Breach
5. Number of individuals or records impacted/estimated to be impacted by the Breach
6. Actions taken by the Submitter to mitigate the Breach
7. Current Status of the Breach (under investigation or resolved)
8. Corrective action taken and steps planned to be taken to prevent a similar Breach.
b. The Party reporting the Breach shall supplement the information contained in the Notification as it becomes available and cooperate with the other Party in accordance with Section 1 of this Agreement. The Notification required by this Section 10.02 shall not include any PHI. If, on the basis of the Notification, NC HIEA determines that (i) other Submitters that have not been notified of the Breach would benefit from a summary of the Notification or (ii) a summary of the Notification to the other Submitters would enhance the security of NC HealthConnex, it may provide, in a timely manner, a summary to such Submitters that does not identify any of the individuals involved in the Breach.
c. Information provided by either Party in accordance with this Section 10.02 may be “Confidential Information.” Such “Confidential Information” shall be treated in accordance with Section 12.
Breach Notification. Business Associate agrees to implement response programs and record-keeping systems to enable Business Associate to comply with the requirements of this Section and 13402 of the HITECH Act and the regulations implementing such provisions, currently Subpart D of Part 164 of Title 45 of the Code of Federal Regulations, when Business Associate detects or becomes aware of unauthorized access to information systems or documents that contain Protected Health Information. Business Associate agrees to mitigate any effects of the inappropriate use or disclosure of Protected Health Information by Business Associate.
(a) Business Associate agrees to notify Covered Entity, by facsimile or telephone, of any breach or suspected breach of its security related to areas, locations, systems, documents or electronic systems which contain unsecured Protected Health Information, including, without limitation, any Security Incident, instance of theft, fraud, deception, malfeasance, or use, access or disclosure of Protected Health Information which is inconsistent with the terms of this Agreement (an “Incident”) immediately upon having reason to suspect that an Incident may have occurred, and typically prior to beginning the process of verifying that an Incident has occurred or determining the scope of any such Incident, and regardless of the potential risk of harm posed by the Incident. Notice shall be provided to the Covered Entity’s representative designated in this Agreement. Upon discovery of a breach or suspected Incident, Business Associate shall take:
(i) Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and
(ii) Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.
(b) In the event of any such Incident, Business Associate shall further provide to Covered Entity, in writing, such details concerning the Incident as Covered Entity may request, and shall cooperate with Covered Entity, its regulators and law enforcement to assist in regaining possession of such unsecured Protected Health Information and prevent its further unauthorized use, and take any necessary remedial actions as may be required by Covered Entity to prevent other or further Incidents. Business Associate and Covered Entity will cooperate in developing the content of any public statements.
(c) If Covered Entity determines that it may need to notify any Individual(s) as a ...
Breach Notification. 5.1. CONTRACTOR shall notify the COUNTY’s contract administrator concerning any breach of COUNTY data or any data incident involving CONTRACTOR’s data in which the security of COUNTY data systems may be compromised within 24 hours of the breach or incident. In accordance with the California Department of Social Services (CDSS), all contractors providing services funded through CDSS are required to comply with the requirements of CDSS Manual of Policies and Procedures, Division 21. CONTRACTOR shall, concurrent with this Agreement, execute and comply with all requirements contained herein. CONTRACTOR and CONTRACT ADMINISTRATOR shall, with oversight from the COUNTY Civil Rights Coordinator, develop and implement a plan to allow COUNTY to monitor CONTRACTOR’S non-discrimination and civil rights policies and procedures, as required by CDSS. Monitoring shall include, but is not limited to: accommodation of individuals with hearing impairments, visual impairments and other disabilities; appropriate language services, including bilingual interpreters available to provide services and how written information is effectively communicated to non- English-speaking and limited-English-proficient individuals; adequate CONTRACTOR staff training in the civil rights and cultural awareness requirements of Division 21; and procedures on informing participants of their civil rights. CONTRACTOR hereby agrees that it will comply with Title VI of the Civil Rights Act of 1964, as amended; Section 504 of the Rehabilitation Act of 1973, as amended; the Age Discrimination Act of 1975, as amended; the Food Stamp Act of 1977, as amended, and in particular Section 272.6; Title II of the Americans with Disabilities Act of 1990; California Civil Code, Section 51 et seq., as amended; California Government Code, Section 11135-11139.5, as amended; California Government Code, Section 12940(c), (h)(1), (i), and (j); California Government Code, Section 4450; 2 CCR §11140 – 11200; the Xxxxxxx- Xxxxxxxx Bilingual Services Act; Section 1808 of the Removal of Barriers to Inter Ethnic Adoption Act of 1996, and other applicable federal and state laws, as well as their implementing regulations [including 45 Code of Federal Regulations (CFR) Parts 80, 84, and 91; 7 CFR Part 15; and 28 CFR Part 35], by ensuring that employment practices and the administration of public assistance and social services programs are nondiscriminatory, to the effect that no person shall because of age, sex, color, disability...
Breach Notification. After becoming aware of a Personal Data breach, Licensor will notify Buyer without undue delay of: (a) the nature of the data breach; (b) the number and categories of data subjects and data records affected; and (c) the name and contact details for the relevant contact person at Licensor.
Breach Notification. Business Associate warrants that it has in place policies and procedures that are designed to detect inappropriate acquisition, access, use or disclosure of Protected Health Information and that it adequately trains its work force and agents on these procedures. Business Associate will notify Hybrid Entity within three (3) business days of discovering an acquisition, access, use or disclosure of Protected Health Information in a manner or for a purpose not permitted by the HIPAA Privacy Rule and within 30 calendar days of discovery will provide Hybrid Entity with the identification of each individual whose Protected Health Information has been or is reasonably believed by Business Associate to have been acquired, accessed, used or disclosed during such incident. Business Associate will assist Hybrid Entity in assessing whether the impermissible acquisition, access, use or disclosure of Protected Health Information compromises the security or privacy of such Protected Health Information. If Hybrid Entity determines that individuals whose data is affected by the impermissible acquisition, access, use or disclosure must be notified pursuant to the HIPAA Breach Notification Standards or other applicable law, Business Associate will reimburse Hybrid Entity’s reasonable notification costs, including legal fees and other costs associate with determining its notification duty, drafting its notification letter, mailing the notification letter and staffing its call center.
Breach Notification. SSA and OPM will follow PII breach notification policies and related procedures issued by OMB. If the agency that experienced the breach determines that the risk of harm requires notification to affected individuals or other remedies, that agency will carry out these remedies without cost to the other agency.
Breach Notification i. Contractor shall report to Covered California any Breach or Security Incident reasonably calculated to result in the Breach of PII or PHI created or received in connection with Contractor Covered California Functions in accordance with the provisions set forth herein. For purposes of this Paragraph (e), a “Breach” shall, in accordance with the HIPAA Breach Notification Rule, mean the impermissible use or disclosure of PII or PHI within Contractor’s custody or control which is reasonably calculated to compromise the security or privacy of any such PII or PHI [45 CFR §§164.400-414]. For purposes of this Paragraph (e), a “Security Incident” shall, in accordance with the HIPAA Security Rule, mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or the interference with system operations in an information system [45 CFR §164.304].
Breach Notification. In the event AGENCY finds that CONTRACTOR has violated any provision of this AGREEMENT, AGENCY shall provide CONTRACTOR with written notice of the violation, by certified mail to the CONTRACTOR, including all relevant details and an opportunity to cure the violation within a reasonable period of time. The notice referred to in this paragraph, shall have no effect if it comes from a MEMBER of the AGENCY. In order to have effect it must come from the AGENCY after a duly noticed meeting of the AGENCY Board of Directors. The written notice shall state the nature of the breach and whether it is considered major or minor by the AGENCY.
