Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:
a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and
b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.
BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Timely and Sustained Response Interconnection Customer shall ensure that the Small Generating Facility’s real power response to sustained frequency deviations outside of the deadband setting is automatically provided and shall begin immediately after frequency deviates outside of the deadband, and to the extent the Small Generating Facility has operating capability in the direction needed to correct the frequency deviation. Interconnection Customer shall not block or otherwise inhibit the ability of the governor or equivalent controls to respond and shall ensure that the response is not inhibited, except under certain operational constraints including, but not limited to, ambient temperature limitations, physical energy limitations, outages of mechanical equipment, or regulatory requirements. The Small Generating Facility shall sustain the real power response at least until system frequency returns to a value within the deadband setting of the governor or equivalent controls. An Applicable Reliability Standard with equivalent or more stringent requirements shall supersede the above requirements.
Failure to Respond If you fail to respond by the date given above, your application will be refused under Section 3A(4)(a) of the Registered Designs Act 1949.
Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.
Line Item Question Response 46 Do your warranties cover all products, parts, and labor? Warranties are those supplied by the equipment manufacturers. Generally cover parts and labor. * 47 Do your warranties impose usage restrictions or other limitations that adversely affect coverage? Warranty will not cover abuse or lack of maintenance. * 48 Do your warranties cover the expense of technicians' travel time and mileage to perform warranty repairs? Yes * 49 Are there any geographic regions of the United States or Canada (as applicable) for which you cannot provide a certified technician to perform warranty repairs? How will Sourcewell participating entities in these regions be provided service for warranty repair? We have coverage in the United States. * 50 Will you cover warranty service for items made by other manufacturers that are part of your proposal, or are these warranties issues typically passed on to the original equipment manufacturer? We warranty any work we preform. The equipment is covered by the original equipment manufacturer. * 51 What are your proposed exchange and return programs and policies? Special order items are not returnable and will not be exchanged. If a manufacture will take back an item they consider returnable, the return must have an RMA and be returned within 90 days in the original carton. All freight, restocking, damage plus a service fee will be deducted form the credit for equipment. * 52 Describe any service contract options for the items included in your proposal. We offer preventative maintenance contracts for refrigeration equipment in Texas. DFW, Houston, Beaumont and Austin. * 53 Describe your payment terms and accepted payment methods. Standard payment terms are Net 30 days. To be considered for an open account, all new customers will be required to complete a New Customer Application and provide tax exemption certification if applicable. All applicants are subject to Strategic's Credit Terms and Policies and must meet criteria specified therein. Finance charges of 1/5% per month (18% APR) or the maximum rate that an applicant may lawfully contract to pay, whichever is less, on any payment Seller considers past due until collected. Accepted payment methods include check, ACH, wire transfer, credit card * 54 Describe any leasing or financing options available for use by educational or governmental entities. TriMark Strategic has developed business relationships with several reputable third-party leasing companies and can provide Sourcewell customers with information regarding this option upon request. * 55 Describe any standard transaction documents that you propose to use in connection with an awarded contract (order forms, terms and conditions, service level agreements, etc.). Upload a sample of each (as applicable) in the document upload section of your response. Strategic will require a valid Purchase Order from Sourcewell customers. Upon acceptance, Strategic will agree to the terms and conditions set forth in the Purchase Order. All quotes submitted by Strategic to Sourcewell customers will be on a standard Quotation Form and will have this statement regarding the Terms of Sale: "This Quote shall be subject to Trimark's Terms of Sale http//xxx.xxxxxxxxxx.xxx/XxxxXxxxx/XxxxXxxxxxxxx/Xxxx/XxxXxxx-Xxxxx- and-Conditions-of-Sale.pdf, which are incorporated herein by reference. The customer's Purchase Order terms and conditions shall govern. *
Emergency Response Partners must develop, maintain, and carry out a response plan for public water system emergencies, including disease outbreaks, spills, operational failures, and water system contamination. Partners must notify DWS in a timely manner of emergencies that may affect drinking water supplies.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
Employee Response The employee upon whom a Notice of Proposed Action has been served shall have seven (7) calendar days to respond to the appointing authority either orally or in writing before the proposed action may be taken. Upon request of the employee and for good cause, the appointing authority may extend in writing the period to respond. If the employee's response is not filed within seven (7) days or during an extension, the right to respond is lost.
