Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Investigations and Remediations Lessor shall retain the responsibility and pay for any investigations or remediation measures required by governmental entities having jurisdiction with respect to the existence of Hazardous Substances on the Premises prior to the Start Date, unless such remediation measure is required as a result of Lessee's use (including "Alterations", as defined in Paragraph 7.3(a) below) of the Premises, in which event Lessee shall be responsible for such payment. Lessee shall cooperate fully in any such activities at the request of Lessor, including allowing Lessor and Lessor's agents to have reasonable access to the Premises at reasonable times in order to carry out Lessor's investigative and remedial responsibilities.
COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.
Incident Notice and Remediation If Contractor becomes aware of any Incident, it shall notify the State immediately and cooperate with the State regarding recovery, remediation, and the necessity to involve law enforcement, as determined by the State. Unless Contractor can establish that none of Contractor or any of its agents, employees, assigns or Subcontractors are the cause or source of the Incident, Contractor shall be responsible for the cost of notifying each person who may have been impacted by the Incident. After an Incident, Contractor shall take steps to reduce the risk of incurring a similar type of Incident in the future as directed by the State, which may include, but is not limited to, developing and implementing a remediation plan that is approved by the State at no additional cost to the State.
Termination and Remedies (a) In the event that the Purchaser defaults or fails to perform any of the terms and conditions contained in this Purchase Agreement, or assigns this Agreement without the Vendor’s consent, the Purchaser’s Deposit (including any portion of the Deposit bonded by the Purchaser under the terms of this Agreement) shall immediately be forfeited to the Vendor. Such forfeiture shall not be deemed to be liquidated damages, and shall not preclude further claims by the Vendor against the Purchaser for any and all remedies available at law and at equity, including but not limited to damages arising from the Purchaser’s breach and/or specific performance.
(b) In the event that the Purchaser defaults or fails to perform any of the terms and conditions contained in this Purchase Agreement and the Purchaser’s Deposit (including any portion of the Deposit bonded by the Purchaser under the terms of this Agreement) is forfeited to the Vendor, the Vendor’s damages arising from the Purchaser’s breach shall be deemed to be at least equal to the forfeited Deposit without restricting the right of the Vendor to xxx for additional damages and/or specific performance.
(c) In the event that the Purchaser defaults or fails to perform any of the terms and conditions contained in this Purchase Agreement and the Vendor takes steps to enforce the terms and conditions of this Purchase Agreement, or commences or defends any action for the judicial interpretation, enforcement, termination, cancellation or rescission hereof or for damages for the breach hereof, the Vendor, in the event it is successful in such action, shall be entitled to solicitor and client costs on a full indemnity basis.
(d) In the event that the Vendor, in its sole discretion, determines that the Purchaser is behaving in an unreasonable, disruptive or unruly manner either by action or inaction, or that the Vendor cannot meet the expectations of the Purchaser, the Vendor may unilaterally terminate this Purchase Agreement. In the event that the Vendor is unable to perform the scope of work as specified in this Purchase Agreement for reasons beyond the control of the Vendor, the Vendor may terminate this Purchase Agreement. Upon termination of this Purchase Agreement pursuant to this subclause, the Vendor will return all Deposits to the Purchaser, without interest, after deducting any reasonable and necessary expenses incurred by the Vendor prior to cancellation, including, but not limited to, taxes, utilities, interest and other carrying costs.
(e) In the event that the Vendor defaults or fails to perform any of the terms and conditions contained in this Purchase Agreement, then the Deposit paid by the Purchaser under the terms of this Purchase Agreement, together with any accrued interest thereon, will be paid by the Vendor to the Purchaser and the Purchaser will have no further claim against the Vendor.
BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:
a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and
b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.
Environmental Remediation Failure to remediate (or pursue the remediation process with due diligence and good faith) within the time period required by law or governmental order, (or within a reasonable time in light of the nature of the problem if no specific time period is so established), environmental problems in violation of Applicable Law related to Properties of the Borrower and/or its Subsidiaries where the estimated cost of remediation is in the aggregate in excess of Seventy-Five Million Dollars ($75,000,000), in each case after all administrative hearings and appeals have been concluded.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Indemnification and Remedies 10.1. The Shareholders and the holders of Vested Options (“Indemnifying Parties”) agree severally and not jointly to protect, defend, indemnify, and hold the Purchaser, the Company and their Affiliates, together with the directors, employees and advisors of the foregoing (the “Indemnified Parties”), harmless against and in respect of any and all loss, liability, deficiency, damage, decrease in value (excluding reduction in Tax losses or loss of NOLs), any damages paid to third parties, cost, expense, fines, interest or actions in respect thereof (including reasonable legal fees and expenses) but excluding consequential (except that a claim by a third party shall not be deemed consequential), incidental, multiple of revenue or earnings (but not including loss of value), loss of profits, punitive or exemplary damages (all of the foregoing, “Damages”), as and when incurred, occasioned by: (i) any non-fulfillment, non-performance, violation or breach of this Agreement or any Transaction Document by the Company; or (ii) any inaccuracy, breach or falsity of any of the representations and warranties of the Company contained in Section 5 above or any certificate or other instrument furnished or to be furnished by the Company hereunder; (iii) any Claim by a third party (regardless of whether the claimant is ultimately successful) which, if true, would constitute any of the above; and (iv) disregarding any disclosure in a disclosure schedule, any Pre-Closing Taxes and (disregarding any disclosure in a disclosure schedule) any breach or falsity contained in Sections 5.7, 6.8, 8.2.19, 8.11 or 8.12, any Tax liability of the Company in connection with any payment made or deemed made by the Company at or prior to the Closing in connection with the Transaction or any Tax liability in connection with any payment pursuant to this Agreement made without sufficient withholding under applicable law provided however, that the Shareholders shall not be jointly liable for a Claim in connection to Tax withholding against a breaching Shareholder for submission of incorrect or false information (in which case, such breaching Shareholder shall be severally liable as set forth in Section 10.2); (v) disregarding any disclosure in a disclosure schedule), any Transaction Costs, (vi) disregarding any disclosure in a disclosure schedule), any liability pursuant to indemnification undertakings granted by the Company to directors and/or officers thereof in connection with the period prior to the Closing Date; (vii) disregarding any disclosure in a disclosure schedule), the matters set out in Schedule 10.1 attached hereto; (viii) disregarding any disclosure in a disclosure schedule), any Claim by a Shareholder, or former shareholder (or holder of Company Options, including indemnity for Damages of such holder in respect of the rate of taxes paid by such holder in excess of the 102 benefit (25% plus excess tax, if applicable) in cases where the ITA disqualifies the grant under a trustee capital gains route, or any other equity securities) of the Company, or any other Person, seeking to assert, or based upon: (a) ownership or rights to ownership of any shares or other equity securities of the Company; (b) any rights of a Shareholder or other equity holder (other than the rights of the Shareholders to receive the payments set out in this Agreement, as and to the extent set forth herein), including any option, preemptive rights or rights to notice or to vote; (c) any Claim that his, her or its shares or other equity securities of the Company were wrongfully repurchased, cancelled, terminated or transferred by the Company or any Person; or (d) any Claim regarding any errors or failures in the allocation or calculation of the applicable Purchase Price payable to such Person or its pro rata share of the Escrow Amount, as set forth in the Waterfall (items (iv) to (viii), together the “Special Indemnities”).
10.2. In addition, each Shareholder, severally and not jointly, agrees to protect, defend, indemnify, and hold the Indemnified Parties, harmless against and in respect of any Damages, as and when incurred, occasioned by: (i) any non-fulfillment, non-performance, violation or breach of this Agreement or any Transaction Document by such Shareholder; or (ii) any inaccuracy, breach or falsity of any of the representations and warranties of such Shareholder contained in Section 6 above or any certificate or other instrument furnished or to be furnished by such Shareholder hereunder; and (iii) any Claim by a third party (regardless of whether the claimant is ultimately successful) which, if true, would constitute the above.
10.3. Promptly, but not later than thirty (30) days after (i) receipt by the Purchaser (or any of its directors, employees or advisors) of notice of the commencement of any Claim, proceeding, or investigation (“Third Party Claim”); or (ii) the Purchaser (or any of its directors, employees or advisors) becoming aware of any breach of this Agreement or falsity of representation or other event or circumstance, in each case, in respect of which indemnity may be sought as provided above, shall notify the Shareholder Representative on behalf of the Indemnifying Party of the Claim, proceeding or investigation and, when known, the facts constituting the basis of such Claim, proceeding or investigation, in reasonable detail, provided that any failure to provide such notice to the Shareholder Representative within such period will not relieve the Indemnifying Parties of any obligation or liability, except and only to the extent that the Shareholder Representative demonstrates that the Indemnifying Parties have been materially prejudiced by such failure to provide such notice to the Shareholder Representative within such period. In the event of any such claim for indemnification hereunder resulting from or in connection with any Third Party Claim, the notice to the Shareholder Representative shall specify, if known, the amount of damages asserted by such third party. In the event of any Third Party Claim, the Purchaser shall assume the defense or prosecution of such Third Party Claim and any litigation resulting therefrom (a “Third Party Defense”). Upon the Purchaser’s assumption of the Third Party Defense (i) the Purchaser shall inform the Shareholder Representative of such Third Party Defense (as set forth herein); (ii) the Shareholder Representative may retain separate counsel, at the expense of the Shareholders; (iii) the Purchaser will not consent to the entry of any judgment or enter into any settlement with respect to the Third Party Claim without the prior written consent of the Shareholder Representative which shall not be unreasonably withheld, conditioned or delayed; (iv) the Purchaser shall conduct the Third Party Defense actively and diligently in consultation with the Shareholder Representative and provide copies of all correspondence and related documentation in connection with the Third Party Defense to the Indemnifying Party; and (v) the Indemnifying Party will provide reasonable cooperation in the Third Party Defense to protect the interests of the Indemnified Party. If the Purchaser elects not to assume the Third Party Defense it shall notify the Shareholder Representative of its decision not to assume such defense, and the Shareholder Representative shall have the right to assume the Third Party Defense with counsel of its choice at the expense of the applicable Indemnifying Parties; provided, however, that the Purchaser shall have the right, at its expense, to participate in such Third Party Defense but the Shareholder Representative shall control the investigation and defense thereof in consultation with the Purchaser; provided, however, that any settlement or compromise by the Shareholder Representative shall be subject to the consent of the Purchaser not to be unreasonably withheld, delayed or conditioned. The Shareholder Representative shall conduct the Third Party Defense actively and diligently, and the Purchaser will provide reasonable cooperation in the Third Party Defense. The Parties will in any event co-operate with each other in dealing with any Claim other than in the event of a conflict of interest, and, other than in the event of a conflict of interest, will allow their respective representatives and advisers reasonable access to all books and records which might be useful for such purpose during normal business hours and at the place where they are normally kept, with full right to make copies thereof or take extracts therefrom. Such books and records shall be subject to a duty of confidentiality except for disclosure necessary for resolving such Claim or otherwise required by applicable law. The Indemnifying Party shall not be authorized to settle or compromise any Claim without the written consent of the Indemnified Party, which shall not be unreasonably withheld.
10.4. Notwithstanding anything to the contrary in this Agreement (including Section 10.3), following the Closing Date, the Purchaser will have the right, in the Purchaser’s sole and absolute discretion, to conduct and control, through counsel of the Purchaser’s choosing, the defense of any Tax Contest; provided, however, that to the extent that any Tax Contest could reasonably give rise to an indemnification claim by the Purchaser under this Section 10, the Purchaser will (i) provide notice of such Tax Contest to the Shareholder Representative within thirty (30) days after receiving the first written notice of the commencement of such Tax Contest or from the relevant Governmental Authority, provided that any failure to provide such notice to the Shareholder Representative within such period will not relieve the Shareholders of any obligation or liability, except to the extent that the Shareholders have been materially prejudiced by such failure to provide such notice to the Shareholder Representative within such period, (ii) provide to the Shareholder Representative all information reasonably requested by the Shareholder Representative regarding such Tax Contest, (iii) permit the Shareholder Representative to evaluate and comment on such Tax Contest, and (iv) reasonably and in good faith consider any such comments of the Shareholder Representative. The Purchaser may settle, adjust, or compromise any Tax Contest, in the Purchaser’s sole and absolute discretion, without the consent of the Shareholder Representative. However, without the prior written consent of the Shareholder Representative – which consent (i) will not be unreasonably withheld, delayed, or conditioned and (ii) will be deemed to have been given unless the Shareholder Representative objects in writing within thirty (30) days after receipt of a written request for such consent from the Purchaser – no settlement, adjustment, or compromise of any Tax Contest will be determinative of the existence of a claim for indemnification under this Section 10 or the amount of indemnifiable amounts relating to such claim. In the event that the Shareholder Representative consents in writing to (or is deemed to have consented to) any settlement, adjustment, or compromise of any Tax Contest, neither the Shareholder Representative nor any Shareholder will have any power or authority to object under any provision of this Section 10 to the amount of any claim by the Purchaser for indemnification under this Section 10 with respect to such settlement, adjustment, or compromise.
10.5. Other than with respect to a specific Shareholder for such Shareholder’s Shareholder Fraud Event, the remedies provided in this Section 10 shall be the sole and exclusive remedy of the Purchaser, or any of their Affiliates for any Claims or Damages resulting from the Transaction, except that each Party shall be entitled to injunctive relief to enjoin the breach or threatened breach of any provisions of this Agreement and the specific performance by the other of its obligations hereunder.
10.6. The representation and warranties of the Company and the Shareholders (read together with the disclosure schedules) and the rights of the Purchaser (and its directors, employees and advisors) to indemnification under this Section 10 shall not be affected by any examination made for or on behalf of the Purchaser or the knowledge of any of the Purchaser’s officers, directors, employees or agents. It is understood and agreed that if the Company suffers, incurs or otherwise becomes subject to any Damages as a result of or in connection with any inaccuracy in or breach of any representation, warranty, covenant or obligation (read together with the disclosure schedules) herein, then (without limiting any of the rights of the Purchaser as an Indemnified Party but without double counting and without providing for diminution in value) the Purchaser shall also be deemed, by virtue of its ownership of the shares of the Company, to have incurred Damages as a result of and in connection with such inaccuracy or breach.
