BREACH NOTIFICATION TO INDIVIDUALS. 13.1 Business Associate shall, to the extent Covered Entity determines that there has been a Breach of Unsecured Protected Health Information by Business Associate, its employees, representatives, agents or Subcontractors, provide breach notification to the Individual in a manner that permits Covered Entity to comply with its obligations under 45 C.F.R. § 164.404.
BREACH NOTIFICATION TO INDIVIDUALS. Business Associate’s duty to notify Covered Entity of any breach does not permit Business Associate to notify those individuals whose PHI has been breached by Business Associate without the express written permission of Covered Entity to do so. Any and all notification to those individuals whose PHI has been breached shall be made under the direction, review and control of Covered Entity. The Business Associate will notify the Privacy Officer via telephone with follow-up in writing to include; name of individuals whose PHI was breached, information breached, date of breach, form of breach, etc. The cost of the notification will be paid by the Business Associate.
BREACH NOTIFICATION TO INDIVIDUALS and Reporting to Authorities. Tex. Bus. & Comm. Code §521.053; 45 CFR 164.404 (Individuals), 164.406 (Media); 164.408 (Authorities)
BREACH NOTIFICATION TO INDIVIDUALS. 13.1 Business Associate shall, to the extent Covered Entity determines that there has been a Breach of Unsecured Protected Health Information by Business Associate, its employees, representatives, agents or Subcontractors, provide breach notification to the Individual in a manner that permits Covered Entity to comply with its obligations under 45 C.F.R. § 164.404.
13.1.1 Business Associate shall notify, subject to the review and approval of Covered Entity, each Individual whose Unsecured Protected Health Information has been, or is reasonably believed to have been, accessed, acquired, Used, or Disclosed as a result of any such Breach.
13.1.2 The notification provided by Business Associate shall be written in plain language, shall be subject to review and approval by Covered Entity, and shall include, to the extent possible:
(a) A brief description of what happened, including the date of the Breach and the date of the Discovery of the Breach, if known;
(b) A description of the types of Unsecured Protected Health Information that were involved in the Breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved);
(c) Any steps the Individual should take to protect him or herself from potential harm resulting from the Breach;
(d) A brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to Individual(s), and to protect against any further Breaches; and
(e) Contact procedures for Individual(s) to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
13.2 Covered Entity, in its sole discretion, may elect to provide the notification required by Section 13.1 and/or to establish the contact procedures described in Section 13.1.2.
13.3 Business Associate shall reimburse Covered Entity any and all costs incurred by Covered Entity, in complying with Subpart D of 45 C.F.R. Part 164, including but not limited to costs of notification, internet posting, or media publication, as a result of Business Associate's Breach of Unsecured Protected Health Information; Covered Entity shall not be responsible for any costs incurred by Business Associate in providing the notification required by 13.1 or in establishing the contact procedures required by Section 13.1.2.
BREACH NOTIFICATION TO INDIVIDUALS. 13.1 Business Associate shall, to the extent Covered Entity determines that there has been a Breach of Unsecured Protected Health Information by Business Associate, its employees, representatives, agents or Subcontractors, provide breach notification to the Individual in a manner that permits Covered Entity to comply with its obligations under 45 C.F.R. § 164.404. Business Associate shall notify, subject to the review and approval of Covered Entity, each Individual whose Unsecured Protected Health Information has been, or is reasonably believed to have been, accessed, acquired, Used, or Disclosed as a result of any such Breach. The notification provided by Business Associate shall be written in plain language, shall be subject to review and approval by Covered Entity, and shall include, to the extent possible: A brief description of what happened, including the date of the Breach and the date of the Discovery of the Breach, if known; A description of the types of Unsecured Protected Health Information that were involved in the Breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); Any steps the Individual should take to protect him or herself from potential harm resulting from the Breach; A brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to Individual(s), and to protect against any further Breaches; and Contact procedures for Individual(s) to ask questions or learn additional information, which shall include a toll-free telephone number, an e- mail address, Web site, or postal address.
BREACH NOTIFICATION TO INDIVIDUALS. 13.1 Contractor shall, to the extent CalMHSA determines that there has been a Breach of Unsecured Protected Health Information by Contractor, its employees, representatives, agents or Subcontractors, provide breach notification to the Individual in a manner that permits CalMHSA to comply with its obligations under 45 C.F.R. § 164.404.
BREACH NOTIFICATION TO INDIVIDUALS. Business Associate’s duty to notify Covered Entity of any breach does not permit Business Associate to notify those individuals whose PHI has been breached by Business Associate without the express written permission of Covered Entity to do so. Any and all notification to those individuals whose PHI has been breached shall be made under the direction, review and control of Covered Entity. The Business Associate will notify the Privacy Officer via telephone with follow-up in writing to include; name of individuals whose PHI was breached, information breached, date of breach, form of breach, etc. The cost of the notification will be paid by the Business Associate. Business Associate shall be liable for all costs associated with any breach caused by Business Associate’s negligent or willful acts or omissions, or those negligent or willful acts or omissions of Business Associate’s agents, officers, employees or subcontractors. Obligations of Covered Entity. If deemed applicable by Covered Entity, Covered Entity shall: provide Business Associate a copy of its Notice of Privacy Practices (“Notice”) produced by Covered Entity in accordance with 45 C.F.R. 164.520 as well as any changes to such Notice; provide Business Associate with any changes in, or revocation of, authorizations by Individuals relating to the use and/or disclosure of PHI, if such changes affect Business Associate’s permitted or required uses and/or disclosures; notify Business Associate of any restriction to the use and/or disclosure of PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI; not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy rule if done by the Covered entity; notify Business Associate of any amendment to PHI to which Covered Entity has agreed that affects a Designated Record Set maintained by Business Associate; if Business Associate maintains a Designated Record Set, provide Business Associate with a copy of its policies and procedures related to an Individual’s right to: access PHI; request an amendment to PHI; request confidential communications of PHI; or request an accounting of disclosures of PHI; and, notify individuals of breach of their Unsecured PHI in accordance with the requirements set forth in 45 C.F.R. §164.404.
BREACH NOTIFICATION TO INDIVIDUALS and Reporting to Authorities. Tex. Bus. & Comm. Code §521.053; 45 CFR 164.404 (Individuals), 164.406 (Media); 164.408 (Authorities) HHS may direct CONTRACTOR to provide Breach notification to Individuals, regulators or third-parties, as specified by HHS following a Breach. CONTRACTOR must obtain HHS’s prior written approval of the time, manner and content of any notification to Individuals, regulators or third-parties, or any notice required by other state or federal authorities. Notice letters will be in CONTRACTOR's name and on CONTRACTOR's letterhead, unless otherwise directed by HHS, and will contain contact information, including the name and title of CONTRACTOR's representative, an email address and a toll-free telephone number, for the Individual to obtain additional information. CONTRACTOR will provide HHS with copies of distributed and approved communications. CONTRACTOR will have the burden of demonstrating to the satisfaction of HHS that any notification required by HHS was timely made. If there are delays outside of CONTRACTOR's control, CONTRACTOR will provide written documentation of the reasons for the delay. If HHS delegates notice requirements to CONTRACTOR, HHS shall, in the time and manner reasonably requested by CONTRACTOR, cooperate and assist with CONTRACTOR’s information requests in order to make such notifications and reports.
