Common use of Loss Reporting Clause in Contracts

Loss Reporting. The Contractor must notify the State’s Privacy Officer and Security Officer of any Security Incidents and Breaches immediately, at the email addresses provided in Section VI. The Contractor must further handle and report Incidents and Breaches involving PHI in accordance with the agency’s documented Incident Handling and Breach Notification procedures and in accordance with 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, Contractor’s compliance with all applicable obligations and procedures, Contractor’s procedures must also address how the Contractor will: 1. Identify Incidents; 2. Xxxxxxxxx if personally identifiable information is involved in Incidents; 3. Report suspected or confirmed Incidents as required in this Exhibit or P-37; 4. Identify and convene a core response group to determine the risk level of Incidents and determine risk-based responses to Incidents; and 5. Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures. Incidents and/or Breaches that implicate PI must be addressed and reported, as applicable, in accordance with NH RSA 359-C:20.

Loss Reporting. The Contractor must notify the State’s Privacy Officer Officer, Information Security Office and Security Officer Program Manager of any Security Incidents and Breaches immediately, at within two (2) hours of the email addresses provided in Section VItime that the Contractor learns of their occurrence. The Contractor must further handle and report Incidents and Breaches involving PHI in accordance with the agency’s documented Incident Handling and Breach Notification procedures and in accordance with 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, Contractor’s compliance with all applicable obligations and procedures, Contractor’s procedures must also address how the Contractor will: 1. Identify Incidents; 2. Xxxxxxxxx if personally identifiable information is involved in Incidents; 3. Report suspected or confirmed Incidents as required in this Exhibit or P-37; 4. Identify and convene a core response group to determine the risk level of Incidents and determine risk-based responses to Incidents; and 5. Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures. Incidents and/or Breaches that implicate PI must be addressed and reported, as applicable, in accordance with NH RSA 359-C:20.

Loss Reporting. The Contractor Grantee must notify the State’s Privacy Officer and Security Officer of any Security Incidents and Breaches immediately, at the email addresses provided in Section VI. The Contractor Grantee must further handle and report Incidents and Breaches involving PHI in accordance with the agency’s documented Incident Handling and Breach Notification procedures and in accordance with 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, ContractorGrantee’s compliance with all applicable obligations and procedures, ContractorGrantee’s procedures must also address how the Contractor Grantee will: 1. Identify Incidents; 2. Xxxxxxxxx if personally identifiable information is involved in Incidents; 3. Report suspected or confirmed Incidents as required in this Exhibit or P-37; 4. Identify and convene a core response group to determine the risk level of Incidents and determine risk-based responses to Incidents; and 5. Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures. Incidents and/or Breaches that implicate PI must be addressed and reported, as applicable, in accordance with NH RSA 359-C:20.