Incident and Breach Reporting Sample Clauses

Incident and Breach Reporting. Web-broker must implement Incident and Breach Handling procedures as required by the NEE SSP and that are consistent with CMS’s Incident and Breach Notification Procedures. Such policies and procedures must identify the Web-broker’s Designated Security and Privacy Official(s), if applicable, and/or identify other personnel authorized to access PII and responsible for reporting to CMS and managing Incidents or Breaches; provide details regarding the identification, response, recovery and follow-up of Incidents and Breaches, which should include Information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes. Web-broker agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident.
Sample 1Sample 2
AutoNDA by SimpleDocs
Incident and Breach Reporting. WBE agrees to report any suspected or confirmed Incident or Breach of PII to the CMS IT Service Desk by telephone at (410) 000- 0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within one hour of discovery of the Incident or Breach. In the event of an Incident or Breach WBE must permit CMS to gather all information necessary to conduct all Incident response activities deemed necessary by CMS. If WBE fails to report an Incident or Breach in compliance with this provision, the WBE may be subject to the Termination provision (Section IV) of this Agreement. Termination pursuant to Section IV may also result where an Incident or Breach is found to have resulted from WBE’s failure to comply with the terms of this Agreement.
Sample 1

Related to Incident and Breach Reporting

  • Incident Reporting Transfer Agent will use commercially reasonable efforts to promptly furnish to Fund information that Transfer Agent has regarding the general circumstances and extent of such unauthorized access to the Fund Data.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.

  • Accident Reporting 25.1 If You or an Authorised Driver has an Accident or if the Vehicle is stolen You must report the Accident or theft to Us within 24 hours of it occurring and fully complete an Accident/Theft report form. 25.2 If the Vehicle is stolen or if You or an Authorised Driver of the Vehicle has an Accident where: (a) any person is injured; (b) the other party has failed to stop or leaves the scene of the Accident without exchanging names and addresses; or (c) the other party appears to be under the influence of drugs or alcohol, You or the Authorised Driver must also report the theft or Accident to the Police. 25.3 If You or an Authorised Driver has an Accident You and the Authorised Driver must: (a) exchange names and addresses and telephone numbers with the other driver and drivers licence details; (b) take the registration numbers of all vehicles involved; (c) take as many photos as is reasonable showing: (i) the position of the Vehicles before they are moved for towing or salvage; (ii) the Damage to the Vehicle; (iii) the damage to any third party vehicle or property; and (iv) the general area where the Accident occurred, including any road or traffic signs; (d) obtain the names, addresses and phone numbers of all witnesses; (e) not make any admission of fault or promise to pay the other party's claim or release the other party from any liability; (f) forward all third party correspondence or court documents to Us within 7 days of receipt together with a fully completed Accident Report Form (if not already submitted); and (g) co-operate with Us in the prosecution of any legal proceedings that We may institute or defence of any legal proceedings which may be instituted against You or Us as a result of an Accident, including: (i) attending Our lawyer's office; and (ii) any Court hearing.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Incident Reports Any serious occurrence involving a beneficiary, outside the normal routine of the OTP (see TRICARE Operations Manual (XXX), Chapter 7, Section 4), shall be reported to the referring military providers and/or Military Treatment Facility (MTF)/Enhanced Multi-Service Market (eMSM) referral management office (on behalf of the military provider), and DHA, and/or a designee, as follows: (a) An incident of a life-threatening accident, patient death, patient disappearance, suicide attempt, incident of cruel or abusive treatment, or any equally dangerous situation involving a beneficiary, shall be reported by telephone on the next business day with a full written report within seven days. (b) The incident and the following report shall be documented in the patient’s clinical record. (c) Notification shall be provided, if appropriate, to the parents, legal guardian, or legal authorities.

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.

  • Adverse Event Reporting Both Parties acknowledge the obligation to comply with the Protocol and / or applicable regulations governing the collection and reporting of adverse events of which they may become aware during the course of the Clinical Trial. Both Parties agree to fulfil and ensure that their Agents fulfil regulatory requirements with respect to the reporting of adverse events.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Inspection and Reporting Each Grantor shall permit the Collateral Agent, or any agent or representatives thereof or such professionals or other Persons as the Collateral Agent may designate, not more than once a year in the absence of an Event of Default, (i) to examine and make copies of and abstracts from such Grantor's records and books of account, (ii) to visit and inspect its properties, (iii) to verify materials, leases, Instruments, Accounts, Inventory and other assets of such Grantor from time to time, (iii) to conduct audits, physical counts, appraisals and/or valuations, examinations at the locations of such Grantor. Each Grantor shall also permit the Collateral Agent, or any agent or representatives thereof or such professionals or other Persons as the Collateral Agent may designate to discuss such Grantor's affairs, finances and accounts with any of its officers subject to the execution by the Collateral Agent or its designee(s) of a mutually agreeable confidentiality agreement.

  • Duty to report Force Majeure Event 21.5.1 Upon occurrence of a Force Majeure Event, the Affected Party shall by notice report such occurrence to the other Party forthwith. Any notice pursuant hereto shall include full particulars of: (a) the nature and extent of each Force Majeure Event which is the subject of any claim for relief under this Article 21 with evidence in support thereof; (b) the estimated duration and the effect or probable effect which such Force Majeure Event is having or will have on the Affected Party’s performance of its obligations under this Agreement; (c) the measures which the Affected Party is taking or proposes to take for alleviating the impact of such Force Majeure Event; and (d) any other information relevant to the Affected Party’s claim. 21.5.2 The Affected Party shall not be entitled to any relief for or in respect of a Force Majeure Event unless it shall have notified the other Party of the occurrence of the Force Majeure Event as soon as reasonably practicable, and in any event no later than 10 (ten) days after the Affected Party knew, or ought reasonably to have known, of its occurrence, and shall have given particulars of the probable material effect that the Force Majeure Event is likely to have on the performance of its obligations under this Agreement. 21.5.3 For so long as the Affected Party continues to claim to be materially affected by such Force Majeure Event, it shall provide the other Party with regular (and not less than weekly) reports containing information as required by Clause 21.5.1, and such other information as the other Party may reasonably request the Affected Party to provide.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!