OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law.
2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract.
3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY.
4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract.
5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410.
6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information.
7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format.
8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed.
9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule.
10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528.
12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation.
13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors.
14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Standard of Care; Liability (a) Notwithstanding any other provision of this Agreement, Bank shall exercise reasonable care, prudence and diligence in carrying out all of its duties and obligations under this Agreement (except to the extent Applicable Law provides for a higher standard of care, in which case such higher standard shall apply), and shall be liable to Customer for any and all Liabilities suffered or incurred by Customer resulting from the failure of Bank to exercise such reasonable care, prudence and diligence or resulting from Bank's negligence, willful misconduct, or fraud and to the extent provided in Section 5.2(a). Unless otherwise specified or required by Applicable Law, Bank shall not be in violation of this Agreement with respect to any matter as to which it has satisfied the standard of care under this Agreement.
(b) Bank shall not be liable under any circumstances for any indirect, incidental, consequential or special damages (including, without limitation, lost profits) of any form incurred by any person, whether or not foreseeable and regardless of the type of action in which such a claim may be brought, with respect to the Accounts or Bank's performance hereunder or Bank's role as custodian.
(c) Subject to the limitations set forth in this Agreement, each Customer severally and not jointly shall indemnify the Bank Indemnitees against, and hold them harmless from, any Liabilities that may be imposed on, incurred by or asserted against any of the Bank Indemnitees in connection with or arising out of Bank's performance under this Agreement, provided the Bank Indemnitees have not acted with negligence or bad faith or engaged in fraud or willful misconduct in connection with the Liabilities in question. Nevertheless, Customer shall not be obligated to indemnify any Bank Indemnitee under the preceding sentence with respect to any Liability for which Bank is liable under Section 5.2 of this Agreement. Bank shall use all commercially reasonable efforts to mitigate any Liability for which indemnity is sought hereunder (provided, however, that reasonable expenses incurred with respect to such mitigation shall be Liabilities subject to indemnification hereunder).
(d) Subject to any obligation Customer may have to indemnify Bank with respect to amounts claimed by third parties, Customer shall have no liability whatsoever for any consequential, special, indirect or speculative loss or damages (including, but not limited to, lost profits) suffered by Bank Indemnitees in connection with the transactions and services contemplated hereby and the relationship established hereby even if Customer has been advised as to the possibility of the same and regardless of the form of action.
(e) Without limiting Subsections 7.1 (a) or (b), Bank shall have no duty or responsibility to:
(i) question Instructions or make any suggestions to Customer or an Authorized Person regarding such Instructions, provided that Bank believes in good faith that such Instructions have been given by Authorized Persons or which are transmitted with proper testing or authentication pursuant to terms and conditions that Bank may specify; (ii) supervise or make recommendations with respect to investments or the retention of Financial Assets; (iii) advise Customer or an Authorized Person regarding any default in the payment of principal or income of any security other than as provided in Section 2.7(b) of this Agreement; (iv) except as otherwise expressly required herein, evaluate or report to Customer or an Authorized Person regarding the financial condition of any broker, agent or other party to which Bank is instructed to deliver Financial Assets or cash; or (v) except for trades settled at DTC where the broker provides DTC trade confirmation and Customer provides for Bank to receive the trade instruction, review or reconcile trade confirmations received from brokers (and Customer or its Authorized Persons issuing Instructions shall bear any responsibility to review such confirmations against Instructions issued to and statements issued by Bank).
(f) Bank shall indemnify the Customer from and against any and all Liabilities which may be imposed on, incurred by, or asserted against the Customer resulting directly either from Bank's negligence, bad faith, fraud or willful misconduct in the performance of its obligations or duties hereunder, or from any act or omission by a Subcustodian in the performance of its subcustodial obligations or duties hereunder for which Bank is expressly liable under Section 5.2, taking into account the standards and market practice prevailing in the relevant market, provided that (i) in no event shall the Bank be obliged to indemnify Customer from against any Liability (or any claim for a Liability) to the extent such Liability is described in clause 7.1(b) this Agreement and (ii) the Customer shall use all commercially reasonable efforts to mitigate any Liability for which indemnity is sought hereunder (provided, however, that reasonable expenses incurred with respect to such mitigation shall be Liabilities subject to indemnification hereunder).
Duty of Care and Indemnification 5.1 MSDW TRUST shall not be responsible for, and the Fund shall indemnify and hold MSDW TRUST harmless from and against, any and all losses, damages, costs, charges, counsel fees, payments, expenses and liability arising out of or attributable to:
(a) All actions of MSDW TRUST or its agents or subcontractors required to be taken pursuant to this Agreement, provided that such actions are taken in good faith and without negligence or willful misconduct.
(b) The Fund's refusal or failure to comply with the terms of this Agreement, or which arise out of the Fund's lack of good faith, negligence or willful misconduct or which arise out of breach of any representation or warranty of the Fund hereunder.
(c) The reliance on or use by MSDW TRUST or its agents or subcontractors of information, records and documents which (i) are received by MSDW TRUST or its agents or subcontractors and furnished to it by or on behalf of the Fund, and (ii) have been prepared and/or maintained by the Fund or any other person or firm on behalf of the Fund.
(d) The reliance on, or the carrying out by MSDW TRUST or its agents or subcontractors of, any instructions or requests of the Fund.
(e) The offer or sale of Shares in violation of any requirement under the federal securities laws or regulations or the securities or Blue Sky laws of any State or other jurisdiction that notice of offering of such Shares in such State or other jurisdiction or in violation of any stop order or other determination or ruling by any federal agency or any State or other jurisdiction with respect to the offer or sale of such Shares in such State or other jurisdiction.
5.2 MSDW TRUST shall indemnify and hold the Fund harmless from or against any and all losses, damages, costs, charges, counsel fees, payments, expenses and liability arising out of or attributable to any action or failure or omission to act by MSDW TRUST as a result of the lack of good faith, negligence or willful misconduct of MSDW TRUST, its officers, employees or agents.
5.3 At any time, MSDW TRUST may apply to any officer of the Fund for instructions, and may consult with legal counsel to the Fund, with respect to any matter arising in connection with the services to be performed by MSDW TRUST under this Agreement, and MSDW TRUST and its agents or subcontractors shall not be liable and shall be indemnified by the Fund for any action taken or omitted by it in reliance upon such instructions or upon the opinion of such counsel. MSDW TRUST, its agents and subcontractors shall be protected and indemnified in acting upon any paper or document furnished by or on behalf of the Fund, reasonably believed to be genuine and to have been signed by the proper person or persons, or upon any instruction, information, data, records or documents provided to MSDW TRUST or its agents or subcontractors by machine readable input, telex, CRT data entry or other similar means authorized by the Fund, and shall not be held to have notice of any change of authority of any person, until receipt of written notice thereof from the Fund. MSDW TRUST, its agents and subcontractors shall also be protected and indemnified in recognizing stock certificates which are reasonably believed to bear the proper manual or facsimile signature of the officers of the Fund, and the proper countersignature of any former transfer agent or registrar, or of a co-transfer agent or co-registrar.
5.4 In the event either party is unable to perform its obligations under the terms of this Agreement because of acts of God, strikes, equipment or transmission failure or damage reasonably beyond its control, or other causes reasonably beyond its control, such party shall not be liable for damages to the other for any damages resulting from such failure to perform or otherwise from such causes.
5.5 Neither party to this Agreement shall be liable to the other party for consequential damages under any provision of this Agreement or for any act or failure to act hereunder.
5.6 In order that the indemnification provisions contained in this Article 5 shall apply, upon the assertion of a claim for which either party may be required to indemnify the other, the party seeking indemnification shall promptly notify the other party of such assertion, and shall keep the other party advised with respect to all developments concerning such claim. The party who may be required to indemnify shall have the option to participate with the party seeking indemnification in the defense of such claim. The party seeking indemnification shall in no case confess any claim or make any compromise in any case in which the other party may be required to indemnify it except with the other party's prior written consent.
Standard of Care; Liabilities (a) The Bank shall be responsible for the performance of only such duties as are set forth in this Agreement or expressly contained in Instructions which are consistent with the provisions of this Agreement. Notwithstanding anything to the contrary in this Agreement:
(i) The Bank will use reasonable care with respect to its obligations under this Agreement and the safekeeping of Assets. The Bank shall be liable to the Customer for any loss which shall occur as the result of the failure of a Subcustodian to exercise reasonable care with respect to the safekeeping of such Assets to the same extent that the Bank would be liable to the Customer if the Bank were holding such Assets in New York. In the event of any loss to the Customer by reason of the failure of the Bank or its Subcustodian to utilize reasonable care, the Bank shall be liable to the Customer only to the extent of the Customer’s direct damages, and shall in no event be liable for any special or consequential damages.
(ii) The Bank will not be responsible for any act, omission, default or for the solvency of any broker or agent which it or a Subcustodian appoints unless such appointment was made negligently or in bad faith or for any loss due to the negligent act of such broker or agent except to the extent that such broker or agent (other than a Subcustodian) performs in a negligent manner which is the cause of the loss to the Customer and the Bank failed to exercise reasonable care in monitoring such broker’s or agent’s performance where Customer has requested and Bank has agreed to accept such monitoring responsibility.
(iii) The Bank shall be indemnified by, and without liability to the Customer for any action taken or omitted by the Bank whether pursuant to Instructions or otherwise within the scope of this Agreement if such act or omission was in good faith, without negligence. In performing its obligations under this Agreement, the Bank may rely on the genuineness of any document which it believes in good faith to have been validly executed.
(iv) The Customer agrees to pay for and hold the Bank harmless from any liability or loss resulting from the imposition or assessment of any taxes or other governmental charges, and any related expenses with respect to income from or Assets in the Accounts, except to the extent that the Bank has failed to exercise reasonable care in performing any obligations which the Bank may have agreed to assume (in addition to those stated in this Agreement) with respect to taxes and such failure by the Bank is the direct cause of such imposition or assessment of such taxes, charges or expenses.
(v) The Bank shall be entitled to rely, and may act, upon the advice of counsel (who may be counsel for the Customer) on all legal matters and shall be without liability for any action reasonably taken or omitted pursuant to such advice; provided, that the Bank gives (to the extent practicable) prior notice to Customer of Bank’s intention to so seek advice of counsel and an opportunity for consultation with Customer on the proposed contact with counsel.
(vi) The Bank represents and warrants that it currently maintain a banker's blanket bond which provides standard fidelity and non-negligent loss coverage with respect to the Securities and Cash which may be held by Subcustodians pursuant to this Agreement. The Bank agrees that if at any time it for any reason discontinues such coverage, it shall immediately give sixty (60) days' prior written notice to the Customer. The Bank need not maintain any insurance for the benefit of the Customer.
(vii) Without limiting the foregoing, the Bank shall not be liable for any loss which results from: (1) the general risk of investing, or (2) investing or holding Assets in a particular country including, but not limited to, losses resulting from nationalization, expropriation or other governmental actions; regulation of the banking or securities industry; currency restrictions, devaluations or fluctuations; and market conditions which prevent the orderly execution of securities transactions or affect the value of Assets.
(viii) Neither party shall be liable to the other for any loss due to forces beyond their control including, but not limited to strikes or work stoppages, acts of war or terrorism, insurrection, revolution, nuclear fusion, fission or radiation, or acts of God.
(b) Consistent with and without limiting the first paragraph of this Section 12, it is specifically acknowledged that the Bank shall have no duty or responsibility to:
(i) question Instructions or make any suggestions to the Customer or an Authorized Person regarding such Instructions;
(ii) supervise or make recommendations with respect to investments or the retention of Securities;
(iii) advise the Customer or an Authorized Person regarding any default in the payment of principal or income of any security other than as provided in Section 5(c) of this Agreement;
(iv) evaluate or report to the Customer or an Authorized Person regarding the financial condition of any broker, agent (other than a Subcustodian) or other party to which Securities are delivered or payments are made pursuant to this Agreement;
(v) review or reconcile trade confirmations received from brokers. The Customer or its Authorized Persons (as defined in Section 10) issuing Instructions shall bear any responsibility to review such confirmations against Instructions issued to and statements issued by the Bank.
(c) The Customer authorizes the Bank to act under this Agreement notwithstanding that the Bank or any of its divisions or affiliates may have a material interest in a transaction, or circumstances are such that the Bank may have a potential conflict of duty or interest including the fact that the Bank or any of its affiliates may provide brokerage services to other customers, act as financial advisor to the issuer of Securities, act as a lender to the issuer of Securities, act in the same transaction as agent for more than one customer, have a material interest in the issue of Securities, or earn profits from any of the activities listed herein.
Standard of Care/Limitations of Liability (a) Subject to the terms of this Section 10, PFPC Trust shall be liable to the Funds (or any person or entity claiming through the Funds) for damages only to the extent caused by PFPC Trust’s own intentional misconduct, bad faith, negligence or reckless disregard of its duties under this Agreement (“Standard of Care”).
(b) Notwithstanding anything in this Agreement to the contrary (other than as specifically provided in Section 12(h)(ii)(B)(4) and Section 12(h)(iii)(A) of this Agreement), the Funds shall be responsible for all filings, tax returns and reports on any transactions undertaken pursuant to this Agreement, or in respect of the Property or any collections undertaken pursuant to this Agreement, which may be requested by any relevant authority. In addition, the Funds shall be responsible for the payment of all taxes and similar items (including without limitation penalties and interest related thereto).
(c) PFPC Trust shall not be liable for damages (including without limitation damages caused by delays, failure, errors, interruption or loss of data) occurring directly or indirectly by reason of circumstances beyond its reasonable control, including without limitation: acts of God; action or inaction of civil or military authority; national emergencies; public enemy; war; terrorism; riot; fire; flood; catastrophe; sabotage; epidemics; labor disputes; civil commotion; interruption, loss or malfunction of utilities, transportation, computer or communications capabilities; insurrection; elements of nature; non-performance by a third party; failure of the mails; or functions or malfunctions of the internet, firewalls, encryption systems or security devices caused by any of the above. Should an event beyond PFPC Trust’s reasonable control occur, PFPC Trust will follow applicable procedures in its disaster recovery and business continuity plan and use commercially reasonable efforts to mitigate and minimize any service interruptions to the Funds.
(d) PFPC Trust shall not be under any duty or obligation to inquire into and shall not be liable for the validity or invalidity, authority or lack thereof, or truthfulness or accuracy or lack thereof, of any instruction, direction, notice, instrument or other information which PFPC Trust reasonably believes to be genuine. PFPC Trust shall not be liable for any damages that are caused by actions or omissions taken by PFPC Trust in accordance with Written Instructions or the reasonable advice of counsel. PFPC Trust shall not be liable for any damages arising out of any action or omission to act by any prior service provider of the Funds or for any failure to discover any such error or omission. PFPC Trust shall not have responsibility for any anti-money laundering requirements to which the Funds are subject under applicable laws or regulations or under the Subscription Documents with any Portfolio Fund in which the Funds have invested.
(e) PFPC Trust shall have no liability for any action by the Funds or by any of the Portfolio Funds that prevents or limits the redemption or other liquidation of the Property (including without limitation any action taken by any Portfolio Fund to suspend or curtail redemptions or to make distributions in kind, including distributions of illiquid investments).
(f) Neither PFPC Trust nor its affiliates shall be liable for any consequential, incidental, exemplary, punitive, special or indirect damages, whether or not the likelihood of such damages was known by PFPC Trust or its affiliates.
(g) No party may assert a cause of action against PFPC Trust or any of its Affiliates that allegedly occurred more than 24 months immediately prior to the discovery of such cause of action.
(h) Each party shall have a duty to reasonably mitigate damages for which the other party may become responsible.
(i) This Section 10 shall survive termination of this Agreement.
Liability; Standard of Care Notwithstanding anything herein to the contrary, neither Subadviser, nor any of its directors, officers or employees, shall be liable to Manager or the Trust for any loss resulting from Subadviser’s acts or omissions as Subadviser to the Fund, except to the extent any such losses result from bad faith, willful misfeasance, reckless disregard or gross negligence on the part of the Subadviser or any of its directors, officers or employees in the performance of the Subadviser’s duties and obligations under this Agreement.
Liability for Acts and Omissions of Foreign Subcustodians The Custodian shall be liable to a Fund for any loss or damage to such Fund caused by or resulting from the acts or omissions of any Foreign Subcustodian to the extent that, under the terms set forth in the subcustodian agreement between the Custodian or a Domestic Subcustodian and such Foreign Subcustodian, the Foreign Subcustodian has failed to perform in accordance with the standard of conduct imposed under such subcustodian agreement and the Custodian or Domestic Subcustodian recovers from the Foreign Subcustodian under the applicable subcustodian agreement.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Duty of Care It is understood and agreed that, in furnishing the Company with the services as herein provided, neither the Transfer Agent, nor any officer, director or agent thereof shall be held liable for any loss arising out of or in connection with their actions under this Agreement so long as they act in good faith and with due diligence, and are not negligent or guilty of any willful misconduct. It is further understood and agreed that the Transfer Agent may rely upon information furnished to it reasonably believed to be accurate and reliable. In the event the Transfer Agent is unable to perform its obligations under the terms of this Agreement because of an act of God, strike or equipment or transmission failure reasonably beyond its control, the Transfer Agent shall not be liable for any damages resulting from such failure.
Servicer's Liability Except in the case of a purchase by the Servicer of a Mortgage Loan from the Trustee thereof due to a breach of a representation or warranty by the Servicer or failure to perform the servicing procedures as set forth in this Agreement, the Servicer is not liable for any Realized Loss on any Mortgage Loan.
