HIPAA Data Breach Notification and Mitigation. Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any “breach” of “unsecured PHI” as those terms are defined by 45 C.F.R. §164.402 (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. §164.404, as described below in this Section 9.1, governs the determination of the date of a HIPAA Breach. In the event of any conflict between this Section 9.1 and the Confidentiality Requirements, the more stringent requirements shall govern. Business Associate will, following the discovery of a HIPAA Breach, notify Covered Entity immediately and in no event later than three (3) business days after Business Associate discovers such HIPAA Breach, unless Business Associate is prevented from doing so by 45 C.F.R. §164.412 concerning law enforcement investigations. For purposes of reporting a HIPAA Breach to Covered Entity, the discovery of a HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to the Business Associate or, by exercising reasonable diligence, would have been known to the Business Associate. Business Associate will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is an employee, officer or other agent of the Business Associate. No later than seven (7) business days following a HIPAA Breach, Business Associate shall provide Covered Entity with sufficient information to permit Covered Entity to comply with the HIPAA Breach notification requirements set forth at 45 C.F.R. §164.400 et seq. Specifically, if the following information is known to (or can be reasonably obtained by) the Business Associate, Business Associate will provide Covered Entity with: (i) contact information for individuals who were or who may have been impacted by the HIPAA Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the HIPAA Breach, including the date of the HIPAA Breach and date of discovery; (iii) a description of the types of unsecured PHI involved in the HIPAA Breach (e.g., names, social security number, date of birth, address(es), account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what the Business Associate has done or is doing to investiga...
HIPAA Data Breach Notification and Mitigation. Business Associate agrees to implement reasonable systems for the discovery and prompt reporting to Covered Entity of any “breach” of “unsecured PHI” as those terms are defined by 45 C.F.R. § 164.402. Specifically, a breach is an unauthorized acquisition, access, use or disclosure of unsecured PHI, including EPHI, which compromises the security or privacy of the PHI/EPHI. A breach compromises the security or privacy of PHI/EPHI if it poses a significant risk of financial, reputational, or other harm to the individual whose PHI/EPHI was compromised (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section 8.1, governs the determination of the date of discovery of a HIPAA Breach. In the event of any conflict between this Section 8.1 and the Confidentiality Requirements, the more stringent requirements shall govern.
HIPAA Data Breach Notification and Mitigation. Distributor agrees to implement reasonable systems for the discovery and prompt reporting of any "breach " of "unsecured PH1" as those term s are defined by 45 C.F.R. § J 64.402 (hereinafter a "HIPAA Breach "). The Parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section, governs the determination of the date of a HIPAA Breach. In the event of any conflict between this Section and the Confidentiality Requirements, the more stringent requirements shall govern. Distributor will, following the discovery of a HIPAA Breach, notify Atossa immediately within fifteen (15) Distributor discovers such HIPAA Breach, unless Distributor is prevented from doing so by 45 C.F.R. § 164.412 concerning law enforcement investigations. For purposes of reporting a HIPAA Breach to Atossa, the discovery of a HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to the Distributor or, by exercising reasonable diligence, would have been known to the Distributor. Distributor will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is an employee, officer or other agent of the Distributor. No later than three (3) business days following a HIPAA Breach, Distributor shall provide Atossa with sufficient information to permit Atossa to comply with the HlPAA Breach notification requirements set forth at 45 C.F.R. § 164.400 et seq. Specifically, if the following information is known to (or can be reasonably obtained by) the Distributor, Distributor will provide Atossa with: (i) contact information for individuals who were or who may have been impacted by the 1-0PAA Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the HIPAA Breach, including the date of the HIPAA Breach and date of discovery: (iii) a description of the types of unsecured PHl involved in the HIPAA Breach (e.g., names, social security number, date of birth, addresses, account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what the Distributor has done or is doing to investigate the HIPAA Breach, mitigate harm to the individual impacted by the HJPAA Breach, and protect against future HIPAA Breaches; and (v) appoint a liaison and provid...
HIPAA Data Breach Notification and Mitigation. Business Associate agrees to implement reasonable systems for the discovery and prompt reporting to Covered Entity of any “breach” of “unsecured PHI” as those terms are defined by 45 C.F.R. § 164.402. Specifically, a breach is an unauthorized acquisition, access, use or disclosure of unsecured PHI, including ePHI, which compromises the security or privacy of the PHI/ePHI. A breach is presumed to have occurred unless there is a low probability that the PHI has been compromised based on a risk assessment of at least the factors listed in 45 C.F.R. § 164.402(2)(i)-(iv) (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section 8.1, governs the determination of the date of discovery of a HIPAA Breach. In addition to the foregoing and notwithstanding anything to the contrary herein, Business Associate will also comply with applicable state law, including without limitation, Section 521 Texas Business and Commerce Code, as amended by HB 300 (82nd Legislature), or such other laws or regulations as may later be amended or adopted. In the event of any conflict between this Section 8.1, the Confidentiality Requirements, Section 521 of the Texas Business and Commerce Code, and any other later amended or adopted laws or regulations, the most stringent requirements shall govern.
HIPAA Data Breach Notification and Mitigation. A. Contractor agrees to implement reasonable systems for the discovery and prompt reporting of any “breach” of “unsecured PHI” as those terms are defined by 45 C.F.R. §164.402 (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. §164.404, as described below in this Section, governs the determination of the date of a HIPAA Breach. Contractor will, following the discovery of a HIPAA Breach, notify County immediately and in no event later than seven business days after Contractor discovers such HIPAA Breach, unless Contractor is prevented from doing so by 45 C.F.R. §164.412 concerning law enforcement investigations.
HIPAA Data Breach Notification and Mitigation. Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any suspected Breach of Unsecured PHI as those terms are defined by 45 CFR § 164.402 (hereinafter a “HIPAA Breach”). The Parties acknowledge and agree that 45 CFR § 164.404, as described below in this Section 11.1, governs the determination of the date of a HIPAA Breach. Business Associate will fully cooperate with Covered Entity to conduct a HIPAA Breach risk analysis in accordance with 45 CFR §164.400 et seq. In the event of any conflict between this Section 11.1 and the HIPAA Regulations, the more stringent requirements will govern.
HIPAA Data Breach Notification and Mitigation. BA agrees to implement reasonable systems for the discovery and prompt reporting to CE of any “Breach” of “Unsecured PHI” as those terms are defined by HIPAA. Specifically, a breach is an unauthorized acquisition, access, use or disclosure of Unsecured PHI, including ePHI, which compromises the security or privacy of the PHI/ePHI. A breach is presumed to have occurred unless there is a low probability that the PHI has been compromised based on a risk assessment of at least the factors listed in 45 C.F.R. § 164.402 (2)(i)- (iv) (a “HIPAA Breach”). The Parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section 8.1, governs the determination of the date of discovery of a HIPAA Breach. In addition to the foregoing and notwithstanding anything to the contrary herein, BA will also comply with all other Applicable Law regarding breaches of PHI-related information. In the event of any conflict between this Section 8.1, HIPAA, and any other Applicable Law, the most stringent requirements shall govern.
HIPAA Data Breach Notification and Mitigation. A. Each Party agrees to implement reasonable systems for the discovery and prompt reporting of any “breach” of “unsecured PHI” as those terms are defined by 45 C.F.R. §164.402 (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. §164.404, as described below in this Section, governs the determination of the date of a HIPAA Breach. Each Party will, following the discovery of a HIPAA Breach, notify the other Party immediately and in no event later than seven business days after a Party discovers such HIPAA Breach, unless the discovering Party is prevented from doing so by 45 C.F.R. §164.412 concerning law enforcement investigations.
HIPAA Data Breach Notification and Mitigation. Business Associate agrees to implement reasonable systems for the discovery and prompt reporting to Covered Entity of any “breach” of “unsecured PHI” as those terms are defined by 45 C.F.R. § 164.402. Specifically, a breach is an unauthorized acquisition, access, use or disclosure of unsecured PHI, including ePHI, which compromises the security or privacy of the PHI/ePHI. A breach compromises the security or privacy of PHI/ePHI if it poses a significant risk of financial, reputational, or other harm to the individual whose PHI/ePHI was compromised (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section 8.1, governs the determination of the date of discovery of a HIPAA Breach. In addition to the foregoing and notwithstanding anything to the contrary herein, Business Associate will also comply with applicable state law, including without limitation, Section 521 Texas Business and Commerce Code, as amended by HB 300 (82nd Legislature), or such other laws or regulations as may later be amended or adopted. In the event of any conflict between this Section 8.1, the Confidentiality Requirements, Section 521 of the Texas Business and Commerce Code, and any other later amended or adopted laws or regulations, the most stringent requirements shall govern.
