Breach Reporting. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Covered Entity by Business Associate shall be required only upon request. "Unsuccessful Security Incidents" shall include, but not be limited to, pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate's notification to Covered Entity of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404.
Breach Reporting. Contractor shall report breaches and suspected security incidents to County, to include:
Breach Reporting. If SSA or VA suspects or confirms a breach, as defined by OMB M-17-12 or suspects or experiences an incident involving the loss or breach of PII provided by SSA or VA under the terms of this Agreement, they will follow the breach reporting guidelines issued by OMB and agency policy. In the event of a reportable breach under OMB guidance involving PII, the agency experiencing the breach is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team, the agency’s privacy office). In addition, the agency experiencing the breach (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this Agreement. If VA is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), VA will call SSA’s National Network Service Center toll free at 0-000-000-0000. SSA must also notify VA’s Systems Security Contact and the VA Network and Security Operations Center (1-800- 877-4328) within one hour.
Breach Reporting. Contractor will report, in writing, any breach of protected health information to State within five (5) business days of discovery, in accordance with 45 C.F.R § 164.410. Content of report to State. Reports to the authorized representative regarding breaches of protected health information will include:
Breach Reporting. Report in writing to Covered Entity within ten (10) business days after discovery, any suspected or actual: (a) access, use or disclosure of PHI not permitted by this Agreement; (b) breach of unsecured PHI in accordance with 45 CFR 164.410; (c) security breach or intrusion; (d) use or disclosure of PHI in violation of any applicable federal or state laws or regulations. Business Associate will implement a reasonable system for discovery of Breaches.
Breach Reporting. 4.11.1 The Contractor shall promptly inform the Client if any Client Data is copied, modified, lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to the Client Data. In such case, the Contractor will restore such Client Data at its own expense and will comply will all of its obligations under Data Protection Legislation in this regard.
Breach Reporting a. As specified by WV State Code and State Privacy Policy, all users of State systems must report suspected or detected information security incidents, as well as all breaches of PHI and/or PII, within 24 hours of discovery.
Breach Reporting. BUSINESS ASSOCIATE shall report to STATE’s Information Security Officer any breach or suspected breach of PHI as defined by 45 C.F.R. § 164.402 (“Breach”). BUSINESS ASSOCIATE shall report Breaches as soon as possible and not more than twenty-four (24) hours after BUSINESS ASSOCIATE knows or reasonably should have known of such Breach, and such reports shall be communicated to STATE in the most expeditious method possible, including but not limited to e-mail, voice call, and text. BUSINESS ASSOCIATE shall fully cooperate, and require its employees, agents, contractors, and subcontractors to fully cooperate, with STATE in investigating such Breach and in meeting STATE’s obligations under the HITECH Act and other security breach notification laws. In addition to the above reporting requirements, BUSINESS ASSOCIATE shall, within three (3) business days of a Breach, submit a report in writing and in any other format requested by STATE, and such report shall at minimum accomplish the following:
Breach Reporting. Business Associate shall report to Covered California any Breaches of PHI. Business Associate shall make such report to Covered California’s Chief Privacy Official not more than twenty-four (24) hours after Business Associate knows, or should reasonably have known, of such Breach. Business Associate shall cooperate with Covered California in investigating such Breach, and in meeting Covered California’s obligations under the HITECH Act and any other security breach notification laws. Business Associate shall report all Breaches to Covered California in writing (and in the format requested by Covered California) and such reports shall, at a minimum:
Breach Reporting. 40.1 We shall promptly inform You if any of User Uploaded Data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of User Uploaded Data. In such case, We will use Our reasonable endeavours to restore User Uploaded Data at Your expense (save where the incident was caused by Our negligent act or omission, in which case it will be at Our expense), and will comply with all of Our obligations under Data Protection Legislation in this regard.
