Common use of Complete Report Clause in Contracts

Complete Report. Business Associate shall provide a complete report of the investigation to DHCS within ten (10) working days of the discovery of the security incident or breach. This complete report must include any applicable additional information not included in the initial submission. The complete report shall include an assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws. The report shall also include a full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure. If DHCS requests additional information, Business Associate shall make reasonable efforts to provide DHCS with such information. DHCS will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan. 19.3.1 If Business Associate does not submit a complete report within the ten (10) working day timeframe, Business Associate shall request approval from DHCS within the ten (10) working day timeframe of a new submission timeframe for the complete report.

Complete Report. Business Associate shall provide a complete report of the investigation to DHCS within ten (10) working days of the discovery of the security incident or breach. This complete report must include any applicable additional information not included in the initial submission. The complete report shall include an assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws. The report shall also include a full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure. If DHCS requests additional information, Business Associate shall make reasonable efforts to provide DHCS with such information. DHCS will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan. 19.3.1 18.3.1. If Business Associate does not submit a complete report within the ten (10) working day timeframe, Business Associate shall request approval from DHCS within the ten (10) working day timeframe of a new submission timeframe for the complete report.