Incident Reporting Sample Clauses

Incident Reporting. 6.1.1. Business Associate shall report to Covered Entity the following: 6.1.1.1. Any use or disclosure of PHI which is not in compliance with the terms of this Agreement or applicable law of which it becomes aware; and 6.1.1.2. Any security incident of which it becomes aware. For purposes of this Agreement, “security incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. 6.1.2. Within 24 hours of discovery of a suspected reportable incident as described in 6.1.1 above, Business Associate shall notify Covered Entity of the existence and nature of the incident as understood at that time. Business Associate shall immediately investigate the incident and within 72 hours of discovery shall provide Covered Entity, in writing, a report describing the results of Business Associate’s investigation, including: 6.1.2.1. What data elements were involved, the extent of the data involved in the incident, and the identification of affected individuals, if applicable; 6.1.2.2. A description of the unauthorized persons known or reasonably believed to have improperly used or disclosed PHI, or to have been responsible for the incident; 6.1.2.3. A description of where the PHI is believed to have been improperly transmitted, sent, or utilized, if applicable; 6.1.2.4. A description of the probable causes of the incident; 6.1.2.5. A description of the proposed plan for preventing similar future incidents, including ongoing risk remediation plan approval; and 6.1.2.6. Whether the Associate believes any federal or state laws requiring notifications to individuals are triggered. 6.1.3. Reporting and other communications made to the Covered Entity under this section must be made to the agency’s HIPAA privacy officer at: Ohio Department of Administrative Services Office of Legal Services ▇▇ ▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇▇▇, ▇▇▇▇ ▇▇▇▇▇ Main: (▇▇▇) ▇▇▇-▇▇▇▇ Direct: (▇▇▇) ▇▇▇-▇▇▇▇ Fax: ▇▇▇.▇▇▇.▇▇▇▇

Incident Reporting. (1) The Provider must develop and implement processes for defining, recording, and resolving incidents and adverse events that include an internal documented reporting process that enables the early identification of any incidents and adverse event trends and the appropriate corrective and preventive strategies available.

Incident Reporting. Transfer Agent will use commercially reasonable efforts to promptly furnish to Fund information that Transfer Agent has regarding the general circumstances and extent of such unauthorized access to the Fund Data.

Incident Reporting. 1.10.1 Users shall immediately report any unusual activity, incident or suspected event following Avangrid incident reporting procedures (e.g. Service (Help) Desk, REPORTER, etc.)

Incident Reporting. Pursuant to Rule 63F-11.001-006, Florida Administrative Code (F.A.C.), Central Communications Center (CCC), the Provider shall comply with all Department incident reporting requirements as outlined in the Department’s incident reporting policy and procedure (FDJJ–2020 and 2020P, Revised 4/20/16). The Provider shall develop an internal numbering process for all incident reports to ensure that all reports are present and maintained in accordance with Department policy, including implementation of a written Arrest Reporting procedure requiring all owners, operators, directors, caretaker/direct contact staff, and subcontracted staff, who have been arrested for any criminal offense to make a report of their arrest, either written or oral, to their immediate supervisor and the CCC within two (2) hours (pending availability/release from jail) per the CCC Rule that requires the arrested staff member to report the arrest to the CCC within two (2) hours pending availability/release from jail.

Incident Reporting. Vendor shall immediately report suspected or confirmed information security incidents to the NYC Health + Hospitals’ vendor management liaison.

Incident Reporting. (a) The Network Service Provider is required to notify the Managing Entity of all possible critical incidents, as defined in the Department CFOP 215-6 Incident Reporting and Client Risk Prevention (dated April 1, 2013 or most recent version), which is incorporated herein by reference. This requirement is met through the Network Service Provider’s direct reporting into the Department’s Incident Reporting and Analysis System (IRAS), within twenty-four (24) hours of the incident occurring. (b) The Network Service Provider must have written policies and procedures in place to ensure the timely and accurate reporting of critical incidents to the Managing Entity. (c) The Network Service Provider shall designate at least one (1) staff person to be the Incident Coordinator, or similar title, for the provider/agency. This person shall manage the Network Service Provider’s incident notification process, and shall be the identified single point of contact for the Managing Entity regarding incident reporting. Additional staff may be designated to enter incident information into the IRAS at the discretion of the Network Service Provider. (d) The Network Service Provider shall notify the Managing Entity’s CQI Specialist in writing of the name and contact information of the designated Incident Coordinator(s). (e) The Network Service Provider shall, within 5 business days, submit written notification to the Managing Entity’s CQI Specialist of any change in the Incident Coordinator position, identifying the name and contact information of the successor. (f) The Network Service Provider is required to notify the Managing Entity of all possible critical incidents, via direct data entry into IRAS within 24 hours of the incident occurring. This includes weekends and holidays. (g) In the event of a death of an individual served which occurs on any of the Network Service Provider’s service delivery sites, the Network Service Provider is required to provide an electronic submission into IRAS and notify the Managing Entity via telephone of the death within 24 hours of the occurrence. Calling the Managing Entity, in addition to IRAS submission, also applies to elopement of a child or court-ordered adult and any incident involving active media involvement. Network Service Providers may call the Managing Entity’s Access to Care Line, requesting to speak to a member of the Clinical Department at (▇▇▇) ▇▇▇-▇▇▇▇. (h) When information is found to be missing from an incident report, a req...

Incident Reporting. The Employer shall notify CUPE of the submission of any injury/incident reports in which an employee identifies their employee group as CUPE.

Incident Reporting. 13.1 As soon as the Contractor becomes aware, it shall immediately report any incident affecting the delivery of the Service(s) to the Framework Public Body. The Contractor will undertake an immediate investigation and will provide feedback in writing on findings, including corrective actions required and trends observed, to the Framework Public Body within 24 hours of the incident being reported by telephone/e-mail. 13.2 Serious incidents can be categorised as but not limited to:  Any breach of security which may affect the security of data supplied by the Framework Public Body to the Contractor;  Failure to deliver the required Services due to any type of service disruption. 13.3 These examples are indicative only and the Framework Public Body may provide for further categories of serious incidents at the call-off level. 13.4 The Contractor shall, in the event of a serious incident, provide from within Contractor’s senior management, a single point of contact person within 1 hour of notification. 13.5 It shall be the responsibility of the contact person to pursue the investigation and mitigation of the incident to the satisfaction of the Framework Public Body and they shall be required to provide progress updates to the Framework Public Body on request. 13.6 In addition to the above notification requirements, the Contractor shall have in place an effective and efficient incident handling procedure for dealing with security breaches in the provision of Service(s) to the Framework Public Body and these should be agreed by the Framework Public Body and Contractor in advance. As a minimum it must include but not be limited to:  Early identification of any loss of data;  Early notification to Framework Public Body on any security breaches;  Set procedures in place to conduct thorough premises searches;  Ability to provide immediate feedback on investigations to Framework Public Body contacts that may be requested at any time from the notification;  Internal escalation procedures in place to notify senior Contract Managers and Security Managers;  Ability within workforce planning to provide on-site management and assistance to ascertain the causes of the security breach and implement any immediate remedial actions in mitigation;  Final reporting writing procedures in agreement with the Framework Public Body;  Full co-operation with any requests for written reports and information pertaining to security incidents that may be requested by the Informati...