Complete Report Sample Clauses

Complete Report. To provide a complete report of the investigation to the Department Program Contract Manager and the Information Protection Unit within ten (10) working days of the discovery of the breach or unauthorized use or disclosure. The report shall be submitted on the “Privacy Incident Report” form and shall include an assessment of all known factors relevant to a determination of whether a breach occurred under applicable provisions of HIPAA, the HITECH Act, and the HIPAA regulations. The report shall also include a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain the improper use or disclosure. If the Department requests information in addition to that listed on the “Privacy Incident Report” form, Contractor shall make reasonable efforts to provide the Department with such information. If, because of the circumstances of the incident, Contractor needs more than ten (10) working days from the discovery to submit a complete report, the Department may grant a reasonable extension of time, in which case Contractor shall submit periodic updates until the complete report is submitted. If necessary, a Supplemental Report may be used to submit revised or additional information after the completed report is submitted, by submitting the revised or additional information on an updated “Privacy Incident Report” form. The Department will review and approve the determination of whether a breach occurred and whether individual notifications and a corrective action plan are required.
AutoNDA by SimpleDocs
Complete Report. To provide a complete report of the investigation to Covered Entity and the DHCS Information Protection Unit within ten (10) working days of the discovery of the breach or unauthorized use or disclosure. The report to DHCS shall be submitted on the “Privacy Incident Report” form and shall include an assessment of all known factors relevant to a determination of whether a breach occurred. The report shall also include a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain the improper use or disclosure. If DHCS requests information in addition to that listed on the “Privacy Incident Report” form, Business Associate shall make reasonable efforts to provide Covered Entity or DHCS, as applicable, with such information. If, because of the circumstances of the incident, Business Associate needs more than ten (10) working days from the discovery to submit a complete report, the DHCS may grant a reasonable extension of time, in which case Business Associate shall submit periodic updates until the complete report is submitted. If necessary, a Supplemental Report may be used to submit revised or additional information after the completed report is submitted, by submitting the revised or additional information on an updated “Privacy Incident Report” form. DHCS will review and approve the determination of whether a breach occurred and whether individual notifications and a corrective action plan are required.
Complete Report. To provide a complete report of the investigation to the DHCS contacts within ten (10) working days of the discovery of the security incident or breach. This “Final PIR” must include any applicable additional information not included in the Initial Form. The Final PIR Form shall include an assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws. The report shall also include a full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure. If DHCS requests information in addition to that requested through the PIR form, Business Associate shall make reasonable efforts to provide DHCS with such information. A “Supplemental PIR” may be used to submit revised or additional information after the Final PIR is submitted. DHCS will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan. 18.3.1 If Business Associate does not complete a Final PIR within the ten (10) working day timeframe, Business Associate shall request approval from DHCS within the ten (10) working day timeframe of a new submission timeframe for the Final PIR.
Complete Report. To provide a complete report of the investigation to the DHCS Program Contract Manager, the DHCS Privacy Officer, and the DHCS Information Security Officer within ten (10) working days of the discovery of the breach or unauthorized use or disclosure. If all of the required information was not included in either the initial report, or the Investigation Report, then a separate Complete Report must be submitted. The report shall be submitted on the “DHCS Privacy Incident Report” form and shall include an assessment of all known factors relevant to a determination of whether a breach occurred under applicable provisions of HIPAA, the HITECH Act, the HIPAA regulations and/or state law. The report shall also include a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain the improper use or disclosure. If DHCS requests information in addition to that listed on the ”DHCS Privacy Incident Report” form, Business Associate shall make reasonable efforts to provide DHCS with such information. If necessary, a Supplemental Report may be used to submit revised or additional information after the completed report is submitted, by submitting the revised or additional information on an updated “DHCS Privacy Incident Report” form. DHCS will review and approve or disapprove the determination of whether a breach occurred, is reportable to the appropriate entities, if individual notifications are required, and the corrective action plan.
Complete Report. If all of the required information was not included in either the initial report or the investigation PIR submission, then a separate complete report shall be submitted within ten working days of the discovery. The Complete Report of the investigation shall include an assessment of all known factors relevant to the determination of whether a breach occurred under applicable provisions of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Information Protection Act, or other applicable law. The report shall also include a Corrective Action Plan (CAP) that shall include, at minimum, detailed information regarding the mitigation measures taken to halt and/or contain the improper use or disclosure. If DHCS requests additional information related to the incident, the County Department/Agency shall make reasonable efforts to provide DHCS with such information. If necessary, the County Department/Agency shall submit an updated PIR with revisions and/or additional information after the Completed Report has been provided. DHCS will review and determine whether a breach occurred and whether individual notification is required. DHCS will maintain the final decision making over a breach determination.
Complete Report. Business Associate shall provide a complete written report of the investigation (“Final Report”) to the KHS Contact within seven (7) working days of the discovery of the security incident or breach. Business Associate shall comply with KHS’s additional form and content requirements for reporting of such privacy incident. 17.4.1. The Final Report shall provide a comprehensive discussion of the matters identified in Section 17.3 above and the following: 17.4.1.1. An assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws; 17.4.1.2. A full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure and to reduce the harmful effects of the breach; 17.4.1.3. The potential impacts of the incident, such as potential misuse of data, identity theft, etc.; and 17.4.1.4. A corrective action plan describing how Business Associate will prevent reoccurrence of the incident in the future. Notwithstanding the foregoing, all corrective actions are subject to the approval of KHS and KHS’s regulator(s), as applicable. 17.4.2. If KHS or KHS’s regulator(s) requests additional information, Business Associate shall make reasonable efforts to provide KHS with such information. A supplemental written report may be used to submit revised or additional information after the Final Report is submitted. 17.4.3. KHS and KHS’s regulator(s), as applicable, will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan.
Complete Report. To provide a complete report of the investigation to the CCHCS Program Contract Manager, the CCHCS Privacy Officer, and the CCHCS information Security Officer within ten (10) working days of the discovery of the breach or unauthorized use or disclosure. If all the required information was not included in either the initial report or the Investigation Report, then a separate Complete Report must be submitted. The report shall be submitted on the CCHCS Information Security Incident Report form and shall include an assessment of all known factors relevant to a determination of whether a breach occurred under applicable provisions of HIPAA, the HITECH Act, the HIPAA regulations and/or state law. The report shall also include a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain the improper use or disclosure. If CCHCS request information in addition to that listed on the CCHCS Information Security Incident Report form, Business Associate shall make reasonable efforts to provide CCHCS with such information. If necessary, a Supplemental Report may be used to submit revised or additional information after the completed report is submitted, by submitting the revised or additional information on an updated “CCHCS Information Security Incident Report” form. CCHCS will review and approve or disapprove the determination of whether a breach occurred, is reportable to the appropriate entities, if individual notifications are required, and the corrective action plan. De-identification of Individuals. If the cause of a breach of PHI or PII is attributable to Business Associate or its subcontractors, agents or vendors, Business Associate shall notify individuals of the breach or unauthorized use disclosure when notification is required under state or federal law and shall pay any costs of such notifications, as well as any cost associated with the breach. The notifications shall comply with requirements set forth in 42 O.S.C. section 17932 and implementing regulations, including, but not limited to, the requirement that the notifications be made without unreasonable delay and in no event later than 60 calendar days. The CCHCS Program Contract Manager, the CCHCS Privacy Officer, and the CCHCS Information Security Officer shall approve the time, manner and content of any such notifications and their review and approval must be obtained before the notifications are made.
AutoNDA by SimpleDocs
Complete Report. The complete report of the investigation shall include an assessment of all known factors relevant to the determination of whether a breach occurred under applicable provisions of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Information Protection Act, or other applicable law. The report shall include a Corrective Action Plan (CAP) which includes, at a minimum, detailed information regarding the mitigation measures taken to halt and/or contain the improper use or disclosure. If County requests additional information related to the incident, the Contractor shall make reasonable efforts to provide County with such information. County will review report and determine whether a breach occurred and whether individual notification is required. County will maintain the final decision making over a breach determination.
Complete Report. To provide a complete report of the investigation to the CDPH Program Contract Manager, the CDPH Privacy Officer, and the CDPH Information Security Officer within ten (10) working days of the discovery of the breach or unauthorized use or disclosure. The report shall be submitted on the “CDPH Privacy Incident Report” form and shall include an assessment of all known factors relevant to a determination of whether a breach occurred under applicable provisions of HIPAA, the HITECH Act, the HIPAA regulations and/or state law. The report shall also include a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain the improper use or disclosure. If CDPH requests information in addition to that listed on the ”CDPH Privacy Incident Report” form, Business Associate shall make reasonable efforts to provide CDPH with such information. If necessary, a Supplemental Report may be used to submit revised or additional information after the completed report is submitted, by submitting the revised or additional information on an updated “CDPH Privacy Incident Report” form. CDPH will review and approve the determination of whether a breach occurred and individual notifications are required, and the corrective action plan.
Complete Report. Business Associate shall provide a complete report of the investigation to DHCS within ten (10) working days of the discovery of the security incident or breach. This complete report must include any applicable additional information not included in the initial submission. The complete report shall include an assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws. The report shall also include a full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure. If DHCS requests additional information, Business Associate shall make reasonable efforts to provide DHCS with such information. DHCS will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan. 19.3.1 If Business Associate does not submit a complete report within the ten (10) working day timeframe, Business Associate shall request approval from DHCS within the ten (10) working day timeframe of a new submission timeframe for the complete report.
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!