Common use of Notice to DHCS Clause in Contracts

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take: a. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured Unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incidentSecurity Incident involving PHI or PI, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach Breach shall be treated as discovered by Business Associate as of the first business day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” Report form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select selected “Privacy” in the left column and then “Business Use” near the middle of the page) ), or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx/ Upon discovery of a breach Breach or suspected security incidentincident involving PHI, intrusion or unauthorized access, use or disclosure of PHI or PIPI in violation of this Addendum, Business Associate shall take: a. Prompt corrective action to mitigate any risks or damages involved with the breach Breach known to Business Associate and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations, including the provision of any required notices as set forth in Section (III)(J)(4) below.

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAsso ciatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take: a. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery a breach of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, or upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. (2) To notify DHCS within 24 hours by email or fax of the discovery of any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate User as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business AssociateUser. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administrationelectronic PHI, notice shall be provided by calling the DHCS EITS ITSD Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate User shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate User shall take: a. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery a breach of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, or upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. (2) To notify DHCS within 24 hours by email or fax of the discovery of any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administrationelectronic PHI, notice shall be provided by calling the DHCS EITS ITSD Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnl y.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take: a. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI Pl in electronic media or in any other media if the PHI or PI Pl was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI Pl in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “"DHCS Privacy Incident Report” " form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “"Privacy” " in the left column and then “"Business Use” " near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall takehttp:l/xxx.xxxx.xx.xxx/xxxxxxxxxxxx/xxxx/xxxx/XxxxxxXXXXXxxxxxxxXxxxxxxxxxXxxx.xxxx a. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and b. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.. DHCS HIPAA BAA 2/15 Page 7 of 15