Breach of Unsecured PHI. If Business Associate determines that a reportable Breach of Unsecured PHI has occurred, Business Associate shall provide a written report to Covered Entity without unreasonable delay but no later than thirty (30) calendar days after discovery of the Breach. To the extent that information is available to Business Associate, Business Associate’s written report to Covered Entity shall be in accordance with 45 C.F.R. §164.410(c). Business Associate shall cooperate with Covered Entity in meeting Covered Entity’s obligations under the HITECH Act with respect to such Breach. Covered Entity shall have sole control over the timing and method of providing notification of such Breach to the affected individual(s), the Secretary and, if applicable, the media, as required by the HITECH Act. Business Associate shall reimburse Covered Entity for its reasonable costs and expenses in providing the notification, including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance) for affected individuals whose PHI has or may have been compromised as a result of the Breach.
Appears in 3 contracts
Samples: Business Associate Agreement, Hipaa Business Associate Agreement, Business Associate Agreement
Breach of Unsecured PHI. If Business Associate determines that a reportable Breach breach of Unsecured unsecured PHI has occurred, Business Associate shall provide a written report to Covered Entity without unreasonable delay delay, but no later than thirty (30) calendar days after discovery of the Breachbreach. To the extent that information is available to Business Associate, Business Associate’s written report to Covered Entity shall be in accordance with 45 C.F.R. §164.410(c). Business Associate shall cooperate with Covered Entity in meeting Covered Entity’s obligations under HIPAA and the HITECH Act with respect to such Breachbreach. Covered Entity shall have sole control over the timing and method of providing notification of such Breach breach to the affected individual(s), the HHS Secretary and, if applicable, the media, as required by HIPAA and the HITECH Act. Business Associate shall reimburse Covered Entity for its reasonable costs and expenses in providing the notification, including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance) for affected individuals whose PHI has or may have been compromised as a result of the Breachbreach.
Appears in 1 contract
Samples: Business Associate Agreement
Breach of Unsecured PHI. If Business Associate 2 determines that a reportable Breach of Unsecured PHI has occurred, Business Associate 2 shall provide a written report to Covered Entity Business Associate 1 without unreasonable delay but no later than thirty (30) calendar days after discovery of the Breach. To the extent that information is available to Business AssociateAssociate 2, Business AssociateAssociate 2’s written report to Covered Entity Business Associate 1 shall be in accordance with 45 C.F.R. §164.410(c). Business Associate 2 shall cooperate with Covered Entity Business Associate 1 in meeting Covered EntityBusiness Associate 1’s obligations under the HITECH Act with respect to such Breach. Covered Entity Business Associate 1 shall have sole control over the timing and method of providing notification of such Breach to the affected individual(s), the Secretary and, if applicable, the media, as required by the HITECH Act. Business Associate 2 shall reimburse Covered Entity Business Associate 1 for its reasonable costs and expenses in providing the notification, including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance) for affected individuals whose PHI has or may have been compromised as a result of the Breach.
Appears in 1 contract
Samples: Business Associate Agreement
Breach of Unsecured PHI. If Business Associate determines that a reportable Breach breach of Unsecured unsecured PHI has occurred, Business Associate shall provide a written report to Covered Entity without unreasonable delay but no later than thirty (30) calendar days after discovery of the Breachbreach. To the extent that information is available to Business Associate, Business Associate’s written report to Covered Entity shall be in accordance with 45 C.F.R. §164.410(c). Business Associate shall cooperate with Covered Entity in meeting Covered Entity’s obligations under HIPAA and the HITECH Act with respect to such Breachbreach. Covered Entity entity shall have sole control over the timing and method of providing notification of such Breach breach to the affected individual(s), the HHS Secretary and, if applicable, the media, as required by HIPAA and the HITECH Act. Business Associate shall reimburse Covered Entity for its reasonable costs and expenses in providing the notification, including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance) for affected individuals whose PHI has or may have been compromised as a result of the Breachbreach.
Appears in 1 contract
Samples: Business Associate Agreement