Common use of HIPAA Data Breach Notification and Mitigation Clause in Contracts

HIPAA Data Breach Notification and Mitigation. Distributor agrees to implement reasonable systems for the discovery and prompt reporting of any "breach " of "unsecured PH1" as those term s are defined by 45 C.F.R. § J 64.402 (hereinafter a "HIPAA Breach "). The Parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section, governs the determination of the date of a HIPAA Breach. In the event of any conflict between this Section and the Confidentiality Requirements, the more stringent requirements shall govern. Distributor will, following the discovery of a HIPAA Breach, notify Atossa immediately within fifteen (15) Distributor discovers such HIPAA Breach, unless Distributor is prevented from doing so by 45 C.F.R. § 164.412 concerning law enforcement investigations. For purposes of reporting a HIPAA Breach to Atossa, the discovery of a HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to the Distributor or, by exercising reasonable diligence, would have been known to the Distributor. Distributor will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is an employee, officer or other agent of the Distributor. No later than three (3) business days following a HIPAA Breach, Distributor shall provide Atossa with sufficient information to permit Atossa to comply with the HlPAA Breach notification requirements set forth at 45 C.F.R. § 164.400 et seq. Specifically, if the following information is known to (or can be reasonably obtained by) the Distributor, Distributor will provide Atossa with: (i) contact information for individuals who were or who may have been impacted by the 1-0PAA Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the HIPAA Breach, including the date of the HIPAA Breach and date of discovery: (iii) a description of the types of unsecured PHl involved in the HIPAA Breach (e.g., names, social security number, date of birth, addresses, account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what the Distributor has done or is doing to investigate the HIPAA Breach, mitigate harm to the individual impacted by the HJPAA Breach, and protect against future HIPAA Breaches; and (v) appoint a liaison and provide contact information for same so that Atossa may ask questions or learn additional information concerning the HIPAA Breach. Following a HIPAA Breach, Distributor will have a continuing duty to inform Atossa of new information learned by Distributor regarding the HIPAA Breach, including but not limited to the information described in items (i) through (v), above.

HIPAA Data Breach Notification and Mitigation. Distributor Subcontractor agrees to implement reasonable systems for the discovery and prompt reporting of any "breach " “breach” of "“unsecured PH1" PHI” as those term s terms are defined by 45 C.F.R. § J 64.402 §164.402 (hereinafter a "“HIPAA Breach "Breach”). The Parties acknowledge and agree that 45 C.F.R. § 164.404§§164.404 and 164.410, as described below in this SectionSection 9.1, governs govern the determination of the date of a HIPAA Breach. In the event of any conflict between this Section 9.1 and the Confidentiality Requirements, the more stringent requirements shall govern. Distributor will, following Following the discovery of a HIPAA Breach, Subcontractor will notify Atossa TokenEx immediately within fifteen and in no event later than five (155) Distributor business days after Subcontractor discovers such HIPAA Breach, Breach unless Distributor Subcontractor is prevented from doing so by 45 C.F.R. § §164.412 concerning law enforcement investigations. If known to Subcontractor, Subcontractor shall identify in writing for TokenEx the data impacted by and scope of impact of a HIPAA Breach (e.g., Individuals from which the PHI that was subject to the HIPAA Breach originated and/or databases, instances, etc. impacted by the HIPAA Breach) no later than five (5) business days following a HIPAA Breach. For purposes of reporting a HIPAA Breach to AtossaTokenEx, the discovery of a HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to the Distributor Subcontractor, or, by exercising reasonable diligence, diligence would have been known to the DistributorSubcontractor. Distributor Subcontractor will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is an employee, officer or other agent of the DistributorSubcontractor. No later than three seven (37) business days following a HIPAA Breach, Distributor Subcontractor shall provide Atossa TokenEx with sufficient information to permit Atossa TokenEx to comply with the HlPAA HIPAA Breach notification requirements set forth at 45 C.F.R. § §164.400 et seq. SpecificallyAdditionally, if the following information is known to (or can be reasonably obtained by) the DistributorSubcontractor, Distributor Subcontractor will provide Atossa TokenEx with: (i) contact information for individuals Individuals who were or who may have been impacted by the 1-0PAA HIPAA Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the HIPAA Breach, including the date of the HIPAA Breach and date of discovery: ; (iii) a description of the types of unsecured PHl PHI involved in the HIPAA Breach (e.g., names, social security number, date of birth, addressesaddress(es), account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what the Distributor Subcontractor has done or is doing to investigate the HIPAA Breach, mitigate harm to the individual Individual impacted by the HJPAA HIPAA Breach, and protect against future HIPAA Breaches; and (v) appoint a liaison and provide contact information for same so that Atossa TokenEx may ask questions or learn additional information concerning the HIPAA Breach. Following a HIPAA Breach, Distributor Subcontractor will have a continuing duty to inform Atossa TokenEx of new information learned by Distributor Subcontractor regarding the HIPAA Breach, including but not limited to the information described in items (i) through (v), ) above. This Section 9.1 shall survive the expiration or termination of this Agreement and shall remain in effect for so long as Subcontractor maintains PHI.

HIPAA Data Breach Notification and Mitigation. Distributor Contractor agrees to implement reasonable systems for the discovery and prompt reporting of any "breach " “breach” of "“unsecured PH1" PHI” as those term s terms are defined by 45 C.F.R. § J 64.402 164.402 (hereinafter a "“HIPAA Breach "Breach”). The Parties acknowledge and agree that 45 C.F.R. § 164.404, as described below in this Section, governs the determination of the date of a HIPAA Breach. In the event of any conflict between this Section and the Confidentiality Requirements, the more stringent requirements shall govern. Distributor Contractor will, following the discovery of a HIPAA Breach, notify Atossa NRLBH immediately within fifteen (15) Distributor Contractor discovers such HIPAA Breach, unless Distributor Contractor is prevented from doing so by 45 C.F.R. § 164.412 concerning law enforcement investigations. For purposes of reporting a HIPAA Breach to AtossaNRLBH, the discovery of a HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to the Distributor Contractor or, by exercising reasonable diligence, would have been known to the DistributorContractor. Distributor Contractor will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is an employee, officer or other agent of the DistributorContractor. No later than three (3) business days following a HIPAA Breach, Distributor Contractor shall provide Atossa NRLBH with sufficient information to permit Atossa NRLBH to comply with the HlPAA HIPAA Breach notification requirements set forth at 45 C.F.R. § 164.400 et seq. Specifically, if the following information is known to (or can be reasonably obtained by) the DistributorContractor, Distributor Contractor will provide Atossa NRLBH with: (i) contact information for individuals who were or who may have been impacted by the 1-0PAA HIPAA Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the HIPAA Breach, including the date of the HIPAA Breach and date of discovery: ; (iii) a description of the types of unsecured PHl PHI involved in the HIPAA Breach (e.g., names, social security number, date of birth, addressesaddress(es), account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what the Distributor Contractor has done or is doing to investigate the HIPAA Breach, mitigate harm to the individual impacted by the HJPAA HIPAA Breach, and protect against future HIPAA Breaches; and (v) appoint a liaison and provide contact information for same so that Atossa NRLBH may ask questions or learn additional information concerning the HIPAA Breach. Following a HIPAA Breach, Distributor Contractor will have a continuing duty to inform Atossa NRLBH of new information learned by Distributor Contractor regarding the HIPAA Breach, including but not limited to the information described in items (i) through (v), above.