BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412.
20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR.
23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency.
26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification.
29 3. CONTRACTOR’s notification shall include, to the extent possible:
30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach;
32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including:
36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known;
1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved);
4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach;
6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and
8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.
10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY.
13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach.
18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur.
20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above.
25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Emergency Response Partners must develop, maintain, and carry out a response plan for public water system emergencies, including disease outbreaks, spills, operational failures, and water system contamination. Partners must notify DWS in a timely manner of emergencies that may affect drinking water supplies.
Failure to Respond If you fail to respond by the date given above, your application will be refused under Section 3A(4)(a) of the Registered Designs Act 1949.
Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor’s Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: ● SAO Toll Free Hotline: 1-800-TX-AUDIT ● SAO website: xxxx://xxx.xxxxx.xxxxx.xx.xx/ All reports made to the OIG must be made through one of the following avenues: ● OIG Toll Free Hotline 0-000-000-0000 ● OIG Website: XxxxxxXxxxxXxxxx.xxx ● Internal Affairs Email: XxxxxxxxXxxxxxxXxxxxxxx@xxxx.xxxxx.xx.xx ● OIG Hotline Email: XXXXxxxxXxxxxxx@xxxx.xxxxx.xx.xx. ● OIG Mailing Address: Office of Inspector General Attn: Fraud Hotline MC 1300 P.O. Box 85200 Austin, Texas 78708-5200
Rectification of Safety Hazard Where, because of the existence of a safety hazard, a site has been stopped for a defined period of time and Employees sent off site by agreement between Site Managers and any combination of Union Official/s, Health and Safety Committee, those people who remain on site to do rectification work will be paid at the rate of double time for all such work.
Workplace Violence Prevention and Crisis Response (applicable to any Party and any subcontractors and sub-grantees whose employees or other service providers deliver social or mental health services directly to individual recipients of such services): Party shall establish a written workplace violence prevention and crisis response policy meeting the requirements of Act 109 (2016), 33 VSA §8201(b), for the benefit of employees delivering direct social or mental health services. Party shall, in preparing its policy, consult with the guidelines promulgated by the U.S. Occupational Safety and Health Administration for Preventing Workplace Violence for Healthcare and Social Services Workers, as those guidelines may from time to time be amended. Party, through its violence protection and crisis response committee, shall evaluate the efficacy of its policy, and update the policy as appropriate, at least annually. The policy and any written evaluations thereof shall be provided to employees delivering direct social or mental health services. Party will ensure that any subcontractor and sub-grantee who hires employees (or contracts with service providers) who deliver social or mental health services directly to individual recipients of such services, complies with all requirements of this Section.
Personal Responsibility The Participant and his/her parent(s) or legal guardian(s) certify that Participant has no physical or mental condition that precludes him/her from participating in the Activities and that he/she is not participating against medical advice.
Lobbying Activities - Standard Form - LLL No response Do not upload this form unless Vendor has reportable lobbying activities. There are Attributes entitled, “2 CFR Part 200 or Federal Provision - Xxxx Anti-Lobbying Amendment – Continued.” Properly respond to those Attributes and only upload this form if applicable/instructed. If upload is required based on your response to those Attributes, the Disclosure of Lobbying Activities – Standard Form - LLL must be downloaded from the “Attachments” section of the IonWave eBid System, reviewed, properly completed, and uploaded to this location.
Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
ARTICLE HEALTH AND SAFETY The Employer and the Union agree that they mutually desire to maintain standards of safety and health in the Home, in order to prevent injury and illness and abide by the Occupational Health and Safety Act as amended from time to time. Scheduled time spent in such meetings is to be considered time worked for which shall be paid by the Employer at his or her regular or overtime rate. Minutes shall be taken of all meetings and copies shall be sent to the Committee members. Minutes of the meetings shall be posted on the workplace health safety bulletin board. The Employer shall provide the time from work with pay and all related tuition costs and expenses necessary to certify the worker representative. Where an inspector makes an inspection of a workplace under the powers conferred upon or her under the Occupational Health and Safety Act, the employer shall afford a certified committee member representing workers the opportunity to accompany the inspector during his or her physical inspection of a workplace, or any part or parts thereof. Where a worker certified member is not on-site and available, the Employer shall afford a worker health and safety representative if any, or a worker selected by a Union, because of knowledge, experience and training, to represent it, the opportunity to accompany the inspector during his or her physical inspection of a workplace, or any part or parts thereof. Two (2) representatives of the Joint Health and Safety Committee, one (I) from management and one (1) from the employees, shall make monthly inspections of the work place and shall report to the health and safety committee the results of their inspection. The members of the Committee who represent the workers shall designate a member representing workers to inspect the workplace. Where possible that member shall be a certified member. The employer shall provide the member with such information and assistance as the member may require for the purpose of carrying out an inspection of the workplace. In the event of accident or injury, such representatives shall be notified immediately and shall investigate and report as soon as possible to the committee and to the Employer on the nature and causes of the accident or injury. Furthermore, such representatives must be notified of the inspection of a government inspector and shall have the right to accompany him on his inspections. Scheduled time spent in all such activities shall be considered as time worked. The Joint Health and Safety Committee and the representatives thereof shall have access to the annual summary of data from the relating to the number of work accident fatalities, the number of lost workday cases, the number of lost workdays, the number of non-fatal cases that required medical aid without lost workdays, the incidence of occupational injuries, and such other data as the may decide to disclose. It is and agreed that no information will be provided to the Committee which is confidential. This information shall be a standing item recorded in the minutes of each meeting. The Union will use its best efforts to obtain the full co-operation of its membership in the compliance of all safety rules and practices. The Employer will use its best efforts to make all affected direct care employees aware of residents who have serious infectious diseases. The nature of the disease need not be disclosed. Employees will be made aware of special procedures required of them to deal with these circumstances. The parties agree that all employees are aware of the requirement to practice universal precautions in all circumstances. The parties further agree that suitable subjects for discussion at the joint Labour Management Committee will include aggressive residents. The Employer will review with the Joint Occupational Health and Safety Committee written policies to 'address the management of violent behaviour. Such policies will include but not be limited to:
