Discovery and Notification of Breach Sample Clauses

Discovery and Notification of Breach. Contractor shall notify County immediately by telephone call and email upon the discovery of a breach (or suspected breach) of privacy or security of PHI, PI, and/or PII in electronic, paper, spoken or in any other media, if the PHI, PI, and/or PII was not securely transmitted, or is reasonably believed to have been, accessed, acquired by an unauthorized person, or upon the discovery of a suspected privacy or security incident that involves data provided to County by the Social Security Administration or involving County PHI, PI, and/or PII; or by email within twenty- four (24) hours of the discovery of any suspected security incident, intrusion, or unauthorized use or disclosure of PHI, PI, and/or PII in violation of this agreement or the Business Associate Agreement, or potential loss of confidential data affecting this agreement. A breach shall be treated as discovered by Contractor as of the first day on which the breach is known, or by exercising reasonable diligence, would have been known, to any person (other than the person committing the breach) who is an employee, officer, or other agent of Contractor. Notification shall be provided to the KernBHRS Contract Manager, the KernBHRS Privacy & Corporate Office, and the KernBHRS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves electronic PHI, PI, and/or PII, notification shall be provided by calling the KernBHRS Information Security Officer at (000) 000-0000. Alternately, contact the KernBHRS Information Technology Services Division (ITSD) Help Desk at 000-000-0000. Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use, or disclosure of PHI, PI, and/or PII, Contractor shall take: 1) Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the Contractor’s operating environment and information confidentiality and security requirements. 2) Any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations.
AutoNDA by SimpleDocs
Discovery and Notification of Breach a. Business Associate shall implement reasonable systems, policies, and procedures for discovery of possible HIPAA violations and breaches (as defined below), and shall ensure that its workplace members and other agents are adequately trained and aware of the importance of timely reporting of possible breaches. b. Upon the discovery of any HIPAA violation by the Business Associate or any member of its workforce, (which includes, without limitation, employees, subcontractors and agents), with respect to Protected Health Information ("PHI"), the Business Associate shall promptly perform a risk assessment to determine whether a breach of unsecured PHI has occurred and whether or not the breach has resulted in reputation harm to the owner of the PHI as required by HITECH Act. c. When performing such risk assessment, the Business Associate shall consider who impermissibly used or to whom the information was impermissibly disclosed and the type and amount of PHI involved, keeping in mind that many forms of health information are considered sensitive for purposes of the risk of reputational harm to an individual. d. When performing risk assessments with respect to impermissible use or disclosure of limited data sets, which include zip codes and dates of birth, the Business Associate shall consider the risk of re- identification. e. The Business Associate shall maintain fact specific documentation of all risk assessments performed with respect to the PHI for a minimum of six years from the date the documentation is created, and shall make such documentation available to the ADHS upon request. Such documentation shall include whether the HIPAA violation that triggered the risk assessment was or was not determined to be a breach and the reason for such determination. f. The Business Associate shall take immediate steps to mitigate any HIPAA violation with respect to the Covered Entity’s PHI that is discovered and shall provide the Covered Entity with written documentation of such steps. g. If the Business Associate determines that a breach of unsecured PHI has occurred, the Business Associate shall notify the Covered Entity of such breach within ten calendar days. Such notice shall include: (i) A brief description of the occurrence, including the date of the breach and the date of discovery, if known; (ii) To the extent possible, the identity of each individual whose unsecured PHI has been, or is reasonably believed to have been, breached; (iii) A description of the...
Discovery and Notification of Breach. The Contractor shall notify the State immediately by telephone call, plus e-mail or fax, upon the discovery of breach of security of Personal Information, Sensitive Information, or Confidential Information (PSCI) in computerized form if the PSCI was, or is reasonably believed to have been, acquired by an unauthorized person, or within one (1) hour by e-mail or fax of the discovery of any suspected security incident, intrusion or unauthorized use or disclosure of PSCI in violation of this Contract, this provision, the law, or potential loss of confidential Data affecting this Contract. Notification shall be provided to the State Project Director and any persons designated by the State. If the incident occurs after business hours or on a weekend or holiday and involves electronic PSCI, notification shall be provided by telephone and e-mail to the State Project Director or designee. The Contractor shall take: a. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable federal and State laws and regulations.

Related to Discovery and Notification of Breach

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Notification of Breach During the term of this Agreement:

  • Notification of Breach / Compliance Reports The Adviser shall notify the Trust immediately upon detection of (i) any material failure to manage any Fund in accordance with its investment objectives and policies or any applicable law; or (ii) any material breach of any of the Funds’ or the Adviser’s policies, guidelines or procedures. In addition, the Adviser shall provide a quarterly report regarding each Fund’s compliance with its investment objectives and policies, applicable law, including, but not limited to the 1940 Act and Subchapter M of the Code, as applicable, and the Fund’s policies, guidelines or procedures as applicable to the Adviser’s obligations under this Agreement. The Adviser agrees to correct any such failure promptly and to take any action that the Board may reasonably request in connection with any such breach. Upon request, the Adviser shall also provide the officers of the Trust with supporting certifications in connection with such certifications of Fund financial statements and disclosure controls pursuant to the Xxxxxxxx-Xxxxx Act. The Adviser will promptly notify the Trust in the event (i) the Adviser is served or otherwise receives notice of any action, suit, proceeding, inquiry or investigation, at law or in equity, before or by any court, public board, or body, involving the affairs of the Trust (excluding class action suits in which a Fund is a member of the plaintiff class by reason of the Fund’s ownership of shares in the defendant) or the compliance by the Adviser with the federal or state securities laws or (ii) an actual change in control of the Adviser resulting in an “assignment” (as defined in the 0000 Xxx) has occurred or is otherwise proposed to occur.

  • PREVENTION OF BRIBERY 26.1 The Supplier represents and warrants that neither it, nor to the best of its knowledge any Supplier's Personnel, have at any time prior to the Commencement Date: (a) committed a Prohibited Act or been formally notified that it is subject to an investigation or prosecution which relates to an alleged Prohibited Act; and/or (b) been listed by any government department or agency as being debarred, suspended, proposed for suspension or debarment, or otherwise ineligible for participation in government procurement programmes or contracts on the grounds of a Prohibited Act. 26.2 The Supplier shall not during the term of this agreement: (a) commit a Prohibited Act; and/or (b) do or suffer anything to be done which would cause the Authority or any of the Authority's employees, consultants, contractors, sub-contractors or agents to contravene any of the Bribery Act or otherwise incur any liability in relation to the Bribery Act. 26.3 The Supplier shall during the term of this agreement: (a) establish, maintain and enforce, and require that its Sub- contractors establish, maintain and enforce, policies and procedures which are adequate to ensure compliance with the Bribery Act and prevent the occurrence of a Prohibited Act; and (b) keep appropriate records of its compliance with its obligations under clause 26.3(a) and make such records available to the Authority on request. 26.4 The Supplier shall immediately notify the Authority in writing if it becomes aware of any breach of clause 26.1 and/or clause 26.2, or has reason to believe that it has or any of the Supplier's Personnel have: (a) been subject to an investigation or prosecution which relates to an alleged Prohibited Act; (b) been listed by any government department or agency as being debarred, suspended, proposed for suspension or debarment, or otherwise ineligible for participation in government procurement programmes or contracts on the grounds of a Prohibited Act; and/or (c) received a request or demand for any undue financial or other advantage of any kind in connection with the performance of this agreement or otherwise suspects that any person or Party directly or indirectly connected with this agreement has committed or attempted to commit a Prohibited Act. 26.5 If the Supplier makes a notification to the Authority pursuant to clause 26.4, the Supplier shall respond promptly to the Authority's enquiries, co-operate with any investigation, and allow the Authority to audit any books, records and/or any other relevant documentation in accordance with clause 22. 26.6 If the Supplier is in Default under clause 26.1 and/or clause 26.2, the Authority may by notice: (a) require the Supplier to remove from performance of this agreement any Supplier's Personnel whose acts or omissions have caused the Default; or (b) immediately terminate this agreement. 26.7 Any notice served by the Authority under clause 26.6 shall specify the nature of the Prohibited Act, the identity of the Party who the Authority believes has committed the Prohibited Act and the action that the Authority has elected to take (including, where relevant, the date on which this agreement shall terminate).

  • Investigation of Breach If the Seller (i) has knowledge of a breach of a representation or warranty made in Section 3.4, (ii) receives notice from the Depositor, the Trust, the Owner Trustee or the Indenture Trustee of a breach of a representation or warranty made in Section 3.4, (iii) receives a written request to repurchase a Receivable due to an alleged breach of a representation and warranty in Section 3.4 from the Owner Trustee, the Indenture Trustee, any Verified Note Owner or any Noteholder (which repurchase request shall provide sufficient detail so as to allow the Seller to reasonably investigate the alleged breach of the representations and warranties in Section 3.4; provided, that with respect to a repurchase request from a Noteholder or a Verified Note Owner, such repurchase request shall initially be provided to the Indenture Trustee) for a Receivable (each, a “Repurchase Request”) or (iv) receives a final report from the Asset Representations Reviewer that indicates that the Asset Representations Reviewer has determined that a test procedure under the Asset Representations Review Agreement has not been satisfied with respect to a representation or warranty set forth in Section 3.4 for a Receivable, then, in each case, the Seller will investigate the Receivable to confirm the breach and determine if the breach materially and adversely affects the interests of the Purchaser, the Issuer or the Noteholders in any Receivable. None of the Servicer, the Issuer, the Owner Trustee, the Indenture Trustee, the Asset Representations Reviewer or the Administrator will have an obligation to investigate whether a breach of any representation or warranty has occurred or whether any Receivable is required to be repurchased under this Section 3.5.

  • Medicaid Notification of Termination Requirements Party shall follow the Department of Vermont Health Access Managed-Care-Organization enrollee-notification requirements, to include the requirement that Party provide timely notice of any termination of its practice.

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach. 2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33

  • Notification of Breaches of Representations and Warranties Upon discovery by the Custodian of a breach of any representation or warranty made by the Seller or the Master Servicer as set forth in the Pooling and Servicing Agreement, the Custodian shall give prompt written notice to the Seller, the Master Servicer and the Trustee.

  • Notification of Recall Notification of recall from layoff shall be sent by certified mail, return receipt requested, deliverable to addressee only, to the employee's last known address. The notice shall give the employee a minimum of ten (10) calendar days within which to respond after the notice of recall has been mailed. Employees who decline recall or who, in the absence of extenuating circumstances, fail to respond within the time set for return to work, shall be presumed to have resigned and their name shall be removed from the seniority and preferred eligibility list.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!