Common use of Complete Report Clause in Contracts

Complete Report. Business Associate shall provide a complete written report of the investigation (“Final Report”) to the KHS Contact within seven (7) working days of the discovery of the security incident or breach. Business Associate shall comply with KHS’s additional form and content requirements for reporting of such privacy incident. 17.4.1. The Final Report shall provide a comprehensive discussion of the matters identified in Section 17.3 above and the following: 17.4.1.1. An assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws; 17.4.1.2. A full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure and to reduce the harmful effects of the breach; 17.4.1.3. The potential impacts of the incident, such as potential misuse of data, identity theft, etc.; and 17.4.1.4. A corrective action plan describing how Business Associate will prevent reoccurrence of the incident in the future. Notwithstanding the foregoing, all corrective actions are subject to the approval of KHS and KHS’s regulator(s), as applicable. 17.4.2. If KHS or KHS’s regulator(s) requests additional information, Business Associate shall make reasonable efforts to provide KHS with such information. A supplemental written report may be used to submit revised or additional information after the Final Report is submitted. 17.4.3. KHS and KHS’s regulator(s), as applicable, will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan.

Complete Report. Business Associate shall provide a complete written report of the investigation (“Final Report”) to the KHS GCHP Contact within seven (7) working days of the discovery of the security incident or breach. Business Associate shall comply with KHSGCHP’s additional form and content requirements for reporting of such privacy incident. 17.4.1. The Final Report shall provide a comprehensive discussion of the matters identified in Section 17.3 above and the following: 17.4.1.1. An assessment of all known factors relevant to a determination of whether a breach occurred under HIPAA and other applicable federal and state laws; 17.4.1.2. A full, detailed corrective action plan, including its implementation date and information on mitigation measures taken to halt and/or contain the improper use or disclosure and to reduce the harmful effects of the breach; 17.4.1.3. The potential impacts of the incident, such as potential misuse of data, identity theft, etc.; and 17.4.1.4. A corrective action plan describing how Business Associate will prevent reoccurrence of the incident in the future. Notwithstanding the foregoing, all corrective actions are subject to the approval of KHS GCHP and KHSGCHP’s regulator(s), as applicable. 17.4.2. If KHS GCHP or KHSGCHP’s regulator(s) requests additional information, Business Associate shall make reasonable efforts to provide KHS GCHP with such information. A supplemental written report may be used to submit revised or additional information after the Final Report is submitted. 17.4.3. KHS GCHP and KHSGCHP’s regulator(s), as applicable, will review and approve or disapprove Business Associate’s determination of whether a breach occurred, whether the security incident or breach is reportable to the appropriate entities, if individual notifications are required, and Business Associate’s corrective action plan.