Breach of Unsecured Protected Health Information. 1. In the case of a breach of unsecured Protected Health Information, Contractor shall comply with the applicable provisions of 42 U.S.C. § 17932 and 45 C.F.R. part 164, subpart D, including but not limited to 45 C.F.R. § 164.410.
2. Contractor agrees to notify County of any access, use or disclosure of Protected Health Information not permitted or provided for by this Agreement of which it becomes aware, including any breach as required in 45 45 C.F.R. § 164.410. or security incident immediately upon discovery by telephone at 000-000-0000 and Xxxxxxxxxxxxxx@xxxxxxxxxxxx.xxx or 000-000-0000 and will include, to the extent possible, the identification of each Individual whose unsecured Protect Health Information has been, or is reasonably believed by the Contractor to have been accessed, acquired, used, or disclosed, a description of the Protected Health Information involved, the nature of the unauthorized access, use or disclosure, the date of the occurrence, and a description of any remedial action taken or proposed to be taken by Contractor. Contractor will also provide to County any other available information that the Covered entity requests.
3. A breach or unauthorized access, use or disclosure shall be treated as discovered by the Contractor on the first day on which such unauthorized access, use, or disclosure is known, or should reasonably have been known, to the Contractor or to any person, other than the individual committing the unauthorized disclosure, that is an employee, officer, subcontractor, agent or other representative of the Contractor.
4. Contractor shall mitigate, to the extent practicable, any harmful effect that results from a breach, security incident, or unauthorized access, use or disclosure of unsecured Protected Health Information by Contractor or its employees, officers, subcontractors, agents or representatives.
5. Following a breach, security incident, or any unauthorized access, use or disclosure of unsecured Protected Health Information, Contractor agrees to take any and all corrective action necessary to prevent recurrence, to document any such action, and to make all documentation available to the County.
6. Except as provided by law, Contractor agrees that it will not inform any third party of a breach or unauthorized access, use or disclosure of Unsecured Projected Health Information without obtaining the County’s prior written consent. County hereby reserves the sole right to determine whether and how such notice is t...
Breach of Unsecured Protected Health Information. As required by the Breach Notification Rule, Business Associate shall, and shall require its Subcontractor(s) to, maintain systems to monitor and detect a Breach of Unsecured PHI, whether in paper or electronic form.
2.8.1 Business Associate shall provide to Covered Entity notice of a Breach of Unsecured PHI immediately upon becoming aware of the Breach, and in no case later than 48 hours after discovery.
2.8.2 Business Associate shall cooperate with Covered Entity in timely providing the appropriate and necessary information to Covered Entity.
Breach of Unsecured Protected Health Information. A Breach of Unsecured Protected Health Information includes any Breach as defined in the HITECH act or regulations adopted pursuant thereto.
Breach of Unsecured Protected Health Information. We shall provide you notice of a Breach of Unsecured PHI within five (5) business days of the first day the Breach is known, or reasonably should have been known, to us, including for this purpose any employee, officer, or other agent of ours (other than the individual committing the Breach). The notice shall include, to the extent possible, the identification of each Individual whose Unsecured PHI was, or is reasonably believed to have been, subject to the Breach and the circumstances of the Breach, as both are known to us at that time. To the extent possible, the description of the circumstances of the Breach shall include:
(1) a brief description of what happened, including the date of the Breach and the date of the discovery of the Breach; (2) a description of the types of Unsecured PHI that were involved in the Breach; and (3) a brief description of what we are doing to investigate the Breach, to mitigate harm to Individuals, and to protect against any further Breaches. Following the notice to you, we shall conduct such further investigation and analysis as is reasonably required and shall promptly supplement the information provided pursuant to (1) – (3) herein, previously provided.
Breach of Unsecured Protected Health Information. Business Associate will report to Covered Entity any potential Breach of Unsecured Protected Health Information immediately and not more than seventy-two (72) hours after discovery of such potential Breach. Business Associate will treat a potential Breach as being discovered in accordance with 45 CFR §164.410. Business Associate will make the notice and report to Covered Entity's Privacy Officer. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, Business Associate may delay notifying Covered Entity for the applicable time period. Business Associate's report will include at least the following, provided that absence of any information will not be cause for Business Associate to delay the report and available information will be provided in a subsequent report as soon as reasonably possible:
(A) Identify the nature of the Breach, which will include a brief description of what happened, including the date of any Breach and the date of the discovery of any Breach, and the number of individuals who are subject to a Breach;
(B) Identify the types of Protected Health Information that were involved in the Breach (such as whether full name, Social Security number, date of birth, home address, account number, diagnosis, or other information were involved);
(C) Identify who made the non-permitted use or disclosure and who received the non- permitted disclosure;
(D) Identify what corrective or investigational action Business Associate took or will take to prevent further non-permitted uses or disclosures, to mitigate harmful effects, and to protect against any further Breaches;
(E) Identify what steps the individuals who were subject to a Breach should take to protect themselves;
(F) Provide such other information, including a written report and risk assessment under 45 CFR §164.402, as Covered Entity may reasonably request.
Breach of Unsecured Protected Health Information. 3.4.1 A Breach of Unsecured PHI by Business Associate shall be determined to be discovered on the first date that Business Associate knows of such Breach or, by exercising reasonable diligence, would have known of such Breach.
3.4.2 Thereafter, without unreasonable delay, but in no case later than sixty (60) days, Business Associate shall provide Notice of the Breach to Covered Entity. Such Notice shall include the following information, to the extent known or discoverable by Business Associate:
3.4.2.1 A brief description of what happened, including (1) date of the Breach, and
Breach of Unsecured Protected Health Information. As required by the Breach Notification Rule, BA shall maintain systems to monitor and detect a Breach of Unsecured PHI, whether in paper or electronic form. BA shall provide to Provider notice of a Breach of Unsecured PHI as soon as possible but not later than ten Business days after the first day the Breach is known. BA shall cooperate with Provider to determine whether the Breach “poses a significant risk of financial, reputational, or other harm to the individual,” thereby requiring notice to individuals, and will cooperate with Provider as may be necessary to allow Provider to provide notification of the Breach to individuals as required by the Breach Notification Rule. Provider is responsible for the provision of notice to Individuals in a timely manner, provided that Provider shall consult with BA as needed regarding the details of the notice.
Breach of Unsecured Protected Health Information. As required by the Breach Notification Rule, Business Associate shall, and shall require its Subcontractor(s) to, maintain systems to monitor and detect a Breach of Unsecured PHI, whether in paper or electronic form.
Breach of Unsecured Protected Health Information. As required by the Breach Notification Rule, BA shall maintain systems to monitor and detect a Breach of Unsecured PHI, whether in paper or electronic form. BA shall provide to Covered Entity notice of a Breach of Unsecured PHI as soon as possible but not later than ten Business days after the first day the Breach is known. BA shall cooperate with Covered Entity to determine whether the Breach “poses a significant risk of financial, reputational, or other harm to the individual,” thereby requiring notice to individuals, and will cooperate with Covered Entity as may be necessary to allow Covered Entity to provide notification of the Breach to individuals as required by the Breach Notification Rule. Covered Entity is responsible for the provision of notice to Individuals in a timely manner, provided that Covered Entity shall consult with BA as needed regarding the details of the notice.
Breach of Unsecured Protected Health Information. As required by the Breach Notification Rule, Business Associate shall, and shall require its Subcontractor(s) to, maintain systems to monitor and detect a Breach of Unsecured PHI, whether in paper or electronic form.
2.8.1 Business Associate shall provide to Covered Entity notice of a Provisional or Actual Breach of Unsecured PHI immediately upon becoming aware of the Breach.
2.8.2 Business Associate shall cooperate with Covered Entity in timely providing the appropriate and necessary information to HCFA.
2.8.3 HCFA shall make the final determination whether the Breach requires notification and whether the notification shall be made by Covered Entity or Business Associate.
