DBI Requirements. Upon DBI’s discovery of a Breach of Unsecured PHI by DBI, DBI shall – (1) Pursuant to the requirements set forth in subsection (c) below, provide written notice of the Breach to the Privacy Official, as soon as administratively practicable, but no later than three (3) business days after the Breach is discovered; and (2) Pursuant to the requirements set forth in subsection (b) below, provide written notice of the Breach, on behalf of the Plan, without unreasonable delay and in no case later than sixty (60) calendar days after discovery of a Breach as authorized under 45 CFR § 164.404 or such later date as is authorized under 45 CFR § 164.412 to: (i) each Individual whose Unsecured PHI has been, or is reasonably believed by DBI to have been, accessed, acquired, used or disclosed as a result of the Breach; (ii) the media to the extent required under 45 CFR § 164.406; and (iii) the Secretary to the extent required under 45 CFR § 164.408 (unless the Plan has elected to provide this notification and has informed DBI); and (3) If the Breach involves less than 500 individuals, maintain a log or other documentation of the Breach which contains such information as would be required to be included if the log were maintained by the Plan pursuant to 45 CFR § 164.408, and provide such log to the Plan within five (5) business days of the Plan’s written request.
Appears in 2 contracts
Samples: Administrative Services Agreement, Administrative Services Agreement
DBI Requirements. Upon DBI’s discovery of a Breach of Unsecured PHI by DBI, DBI shall shall–
(1) Pursuant to the requirements set forth in subsection (c) below, provide written notice of the Breach to the Privacy Official, as soon as administratively practicable, but no later than three (3) business days after the Breach is discovered; and
(2) Pursuant to the requirements set forth in subsection (b) below, provide written notice of the Breach, on behalf of the Plan, without unreasonable delay and in but no case later than sixty (60) calendar days after discovery of a following the date the Breach as authorized under 45 CFR § 164.404 is discovered or such later date as is authorized under 45 CFR § 164.412 164.412, to:
(i) each Individual whose Unsecured PHI has been, or is reasonably believed by DBI to have been, accessed, acquired, used or disclosed as a result of the Breach;
(ii) the media to the extent required under 45 CFR § 164.406; and
(iii) the Secretary to the extent required under 45 CFR § 164.408 (unless the Plan has elected to provide this notification and has informed DBI);
(2) Pursuant to the requirements set forth in subsection (c) below, provide written notice of the Breach to the Privacy Official, as soon as administratively practicable, but no later than three (3) business days after the Breach is discovered; and
(3) If the Breach involves less than 500 individuals, maintain a log or other documentation of the Breach which contains such information as would be required to be included if the log were maintained by the Plan pursuant to 45 CFR § 164.408, and provide such log to the Plan within five (5) business days of the Plan’s written request.
Appears in 1 contract
DBI Requirements. Upon DBI’s discovery of a Breach of Unsecured PHI by DBIDBI which occurs on or after the Compliance Date (as set forth in subsection (d) below), DBI shall –
(1) Pursuant to the requirements set forth in subsection (c) below, provide written notice of the Breach to the Privacy Official, as soon as administratively practicable, but no later than three (3) business days after the Breach is discovered; and
(2) Pursuant to the requirements set forth in subsection (b) below, provide written notice of the Breach, on behalf of the Plan, without unreasonable delay and in but no case later than sixty (60) calendar days after discovery of a following the date the Breach as authorized under 45 CFR § 164.404 is discovered or such later date as is authorized under 45 CFR § 164.412 164.412, to:
(i) each Individual whose Unsecured PHI has been, or is reasonably believed by DBI to have been, accessed, acquired, used or disclosed as a result of the Breach;
(ii) the media to the extent required under 45 CFR § 164.406; and
(iii) the Secretary to the extent required under 45 CFR § 164.408 (unless the Plan has elected to provide this notification and has informed DBI);
(2) Pursuant to the requirements set forth in subsection (c) below, provide written notice of the Breach to the Privacy Official, as soon as administratively practicable, but no later than three (3) business days after the Breach is discovered; and
(3) If the Breach involves less than 500 individuals, maintain a log or other documentation of the Breach which contains such information as would be required to be included if the log were maintained by the Plan pursuant to 45 CFR § 164.408, and provide such log to the Plan within five (5) business days of the Plan’s written request.
Appears in 1 contract
