Incident and Breach Reporting Policies and Procedures. QHPI agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident. In the event of an Incident or Breach QHPI must permit CMS to gather all information necessary to conduct all Incident response activities deemed necessary by CMS. If QHPI fails to report an Incident or Breach in compliance with this provision, the QHPI may be subject to the Termination provision (Section V) of this Agreement. Termination pursuant to Section V may also result where an Incident or Breach is found to have resulted from 1 While CMS owns FFE data, other contractors operate the FFE system in which the enrollment and financial management data flow. Contractors provide the pipeline network for the transmission of electronic data, including the transport of Exchange data to and from the Hub and QHPI so that QHPI may discern the activity related to enrollment functions of persons they serve. QHPI may also use the transported data to receive descriptions of financial transactions from CMS. QHPI’s failure to comply with the terms of this Agreement. Nothing in this Agreement should be construed to limit the ability of HHS to temporarily suspend the ability of a QHPI to connect to HHS systems due to suspected or confirmed security risks and Incidents or Breaches.
Appears in 5 contracts
Samples: Qualified Health Plan Certification Agreement and Privacy and Security Agreement, Qualified Health Plan Certification Agreement and Privacy and Security Agreement, Qualified Health Plan Certification Agreement and Privacy and Security Agreement
Incident and Breach Reporting Policies and Procedures. QHPI agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident. In the event of an Incident or Breach QHPI must permit CMS to gather all information necessary to conduct all Incident response activities deemed necessary by CMS. If QHPI fails to report an Incident or Breach in compliance with this provision, the QHPI may be subject to the Termination provision (Section V) of this Agreement. Termination pursuant to Section V may also result where an Incident or Breach is found to have resulted from 1 While CMS owns FFE data, other contractors operate the FFE system in which the enrollment and financial management data flow. Contractors provide the pipeline network for the transmission of electronic data, including the transport of Exchange data to and from the Hub and QHPI so that QHPI may discern the activity related to enrollment functions of persons they serve. QHPI may also use the transported data to receive descriptions of financial transactions from CMS. provision (Section V) of this Agreement. Termination pursuant to Section V may also result where an Incident or Breach is found to have resulted from QHPI’s failure to comply with the terms of this Agreement. Nothing in this Agreement should be construed to limit the ability of HHS to temporarily suspend the ability of a QHPI to connect to HHS systems due to suspected or confirmed security risks and Incidents or Breaches.
Appears in 1 contract
Samples: Qualified Health Plan Certification Agreement and Privacy and Security Agreement
