Common use of Notification and Reporting Activities Clause in Contracts

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date; 2) The date of the discovery of the Event; 3) The nature of the Event, including as much specific detail as possible (e.g., cause, contributing factors, chronology of events); 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted); 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined; 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event; 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken; 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date;. 2) The date of the discovery of the Event;. 3) The nature of the Event, including as much specific detail as possible (e.g., cause, contributing factors, chronology of events); 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted);. 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined;. 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event;. 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken;. 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.

Notification and Reporting Activities. As soon as possible, but in any event no later than two twenty-four (224) business days following the date upon which the Transportation Provider hours after Contractor becomes aware of the Event, the Transportation Provider Contractor shall verbally report the Event to EOHHS Privacy Office with as much of the details listed below as possible, and shall follow such verbal report within five three (53) business days with a written report outlining the Event with the following informationinformation to the extent known: 1) a. The date of the Event if known or, if the date is unknown, or the estimated datedate (if date unknown); 2) b. The date of the discovery of the Event; 3) c. The nature of the Event, including a root cause analysis, containing as much specific detail as possible (e.g., cause, contributing factors, chronology of events); 4) d. The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted); 5) e. The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined; 6) f. A summary of the nature and scope of the Transportation ProviderContractor’s investigation into the Event; 7) g. The harmful effects of the Event known to the Transportation ProviderContractor, all actions the Transportation Provider Contractor has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken; 8) h. A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) i. Any additional information and/or documentation that the Transportation Provider Contractor is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable LawLaw in connection with the PI. To the extent that any such information is not available at the time of the report, the Transportation Provider Contractor shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider Contractor shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this sectionif appropriate.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally orally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal oral report within five (5) business days with a written report outlining the Event with the following information: 1) : The date of the Event if known or, if the date is unknown, the estimated date; 2) ; The date of the discovery of the Event; 3) ; The nature of the Event, including as much specific detail as possible (e.g.,, cause, contributing factors, chronology of events); 4) ; The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted); 5) ; The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined; 6) ; A summary of the nature and scope of the Transportation Provider’s investigation into the Event; 7) ; The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken; 8) ; A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) and Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. 45 CFR Part 164, Subpart D. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under Section 2.5 of this section.Appendix A.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date; 2) The date of the discovery of the Event; 3) The nature of the Event, including as much specific detail as possible (e.g.,, cause, contributing factors, chronology of events); 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted); 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined; 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event; 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken; 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider Contractor becomes aware of the Event, the Transportation Provider Contractor shall verbally report the Event to EOHHS MassIT, CCA and/or EOHHS, as the case may be, with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following informationdetails to the extent that such details are available at the time of the report and subsequently as additional information becomes available: 1a) The the date of the Event Event, if known or, or if the date is unknownnot known, the estimated date; 2b) The the date of the discovery of the Event; 3c) The the nature of the Event, including as much specific detail as possible (e.g.for example, cause, contributing factors, chronology of events); 4) The and the nature of the PI involved in the Event (e.g.for example, the types of identifiers and involved such as name, address, age, social security numbers or account numbers; or medical or financial or other information involvedtypes of information), together with samples of ; d) include any sample forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted); 5e) The the exact number of individuals whose PI was involved in the Event if known orEvent, if unknownknown, or if not known, a reasonable estimate based on the known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals)facts, together with a description of how the exact or estimated number of individuals was determineddetermined (if different types of PI was involved for different individuals, please categorize the exact or estimated numbers of individuals involved according to type of PI); 6f) A summary of the nature and scope of the Transportation Provider’s investigation into the Event; 7) The harmful effects of the Event known to the Transportation ProviderContractor, all actions the Transportation Provider Contractor has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken; 8) A g) a summary of the nature and scope of Contractor’s investigation; and h) a summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes processes, and staff training. Contractor shall provide the verbal and written reports described above to the following entity or entities: a) If an Event involves PI relating solely to applicants, beneficiaries and/or Household Members of EOHHS Programs, Contractor shall report such Event to the Privacy Officer of EOHHS; b) If an Event involves PI relating solely to applicants, beneficiaries and/or Household Members of CCA Programs, Contractor shall report such Event to the Privacy Officer of CCA; c) If an Event involves PI relating to applicants, members and/or Household Members of both EOHHS and CCA Programs, or if Contractor cannot determine conclusively that the PI relates to solely to applicants, beneficiaries and/or Household Members of a CCA or EOHHS Program, Contractor shall report such Event to the Privacy Officers of EOHHS and CCA; d) With respect to an Event pertaining to system administration, data security or system security, in addition to other notification and reporting obligations under this Agreement, Contractor shall report such Event to the MassIT’s Privacy and Security Officers; and 9e) Any additional information and/or documentation that With respect to an Event pertaining to Third Party Data or Third Party Systems, Contractor shall report such Event to the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410Privacy Officers of EOHHS, M.G.L. c. 93H, §3(a) or other similar Applicable LawCCA and MassIT. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider Contractor acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or or that differ from, its obligations under this sectionSection 2.6. In cases where Contractor provides notice to more than one entity in accordance with the foregoing procedures, MassIT, EOHHS and CCA will work together in good faith, and shall promptly determine and notify Contractor in writing of the appropriate entity(ies) for further information, notification, mitigation or other action, and Contractor shall provide such further information, notification, mitigation or actions required by this Agreement as directed by the entity so identified.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date;. 2) The date of the discovery of the Event;. 3) The nature of the Event, including as much specific detail as possible (e.g., cause, contributing factors, chronology of events);. 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted);. 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined;. 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event;. 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken;. 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.