Common use of Compliance with Security Rule; Security Incidents Clause in Contracts

Compliance with Security Rule; Security Incidents. As set forth and more fully described in Section 7(a), Business Associate agrees to implement appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of any of Covered Entity’s Electronic Protected Health Information that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall: (x) report to Covered Entity any successful unauthorized access, use, disclosure, modification or destruction of Covered Entity’s Electronic Protected Health Information or interference with system operations in an information system containing Covered Entity’s Electronic Protected Health Information and (y) report the aggregate number of unsuccessful, unauthorized attempts to access, use, disclose, modify or destroy Covered Entity’s Electronic Protected Health Information or interfere with system operations in an information system containing Covered Entity’s Electronic Protected Health Information, provided that: (a) such reports will be provided only as frequently as the parties hereto mutually agree, but no more than once per month; and (b) if the definition of “Security Incident” under the Security Rule is amended to remove the requirement for reporting “unsuccessful” attempts to use, disclose, modify or destroy Covered Entity’s Electronic Protected Health Information, the portion of this Section 2 addressing the reporting of unsuccessful, unauthorized attempts to access, use, disclose, modify or destroy Covered Entity’s Electronic Protected Health Information will no longer apply as of the effective date of such amendment.

Compliance with Security Rule; Security Incidents. As set forth and more fully described in Section 7(a), Business Associate agrees to implement appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of any of Covered Entity’s 's Electronic Protected Health Information that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall: (x) report to Covered Entity any successful unauthorized access, use, disclosure, modification or destruction of Covered Entity’s 's Electronic Protected Health Information or interference with system operations in an information system containing Covered Entity’s 's Electronic Protected Health Information and (y) report the aggregate number of unsuccessful, unauthorized attempts to access, use, disclose, modify or destroy Covered Entity’s 's Electronic Protected Health Information or interfere with system operations in an information system containing Covered Entity’s 's Electronic Protected Health InformationInformation , provided that: (a) such reports will be provided only as frequently as the parties hereto mutually agree, but no more than once per month; and (b) if the definition of “"Security Incident” " under the Security Rule is amended to remove the requirement for reporting “"unsuccessful” " attempts to use, disclose, modify or destroy Covered Entity’s 's Electronic Protected Health InformationInformation , the portion of this Section 2 addressing the reporting of unsuccessful, unauthorized attempts to access, use, disclose, modify or destroy Covered Entity’s 's Electronic Protected Health Information will no longer apply as of the effective date of such amendment.

Compliance with Security Rule; Security Incidents. As set forth and more fully described in Section 7(a), Business Associate agrees to implement appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of any of Covered Entity’s Electronic Protected Health Information that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall: (x) report to Covered Entity any successful unauthorized access, use, disclosure, modification or destruction of Covered Entity’s Electronic Protected Health Information or interference with system operations in an information system containing Covered Entity’s Electronic Protected Health Information and (y) report the aggregate number of unsuccessful, unauthorized attempts to access, use, disclose, modify or destroy Covered Entity’s Electronic Protected Health Information or interfere with system operations in an information system containing Covered Entity’s Electronic Protected Health InformationInformation , provided that: (a) such reports will be provided only as frequently as the parties hereto mutually agree, but no more than once per month; and (b) if the definition of “Security Incident” under the Security Rule is amended to remove the requirement for reporting “unsuccessful” attempts to use, disclose, modify or destroy Covered Entity’s Electronic Protected Health InformationInformation , the portion of this Section 2 addressing the reporting of unsuccessful, unauthorized attempts to access, use, disclose, modify or destroy Covered Entity’s Electronic Protected Health Information will no longer apply as of the effective date of such amendment.