Common use of Notification and Reporting Activities Clause in Contracts

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date. 2) The date of the discovery of the Event. 3) The nature of the Event, including as much specific detail as possible (e.g., cause, contributing factors, chronology of events); 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted). 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined. 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event. 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken. 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date.; 2) The date of the discovery of the Event.; 3) The nature of the Event, including as much specific detail as possible (e.g., cause, contributing factors, chronology of events); 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted).; 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined.; 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event.; 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken.; 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.

Notification and Reporting Activities. As soon as possible, but in any event no later than two twenty-four (224) business days following the date upon which the Transportation Provider hours after Contractor becomes aware of the Event, the Transportation Provider Contractor shall verbally report the Event to EOHHS Privacy Office with as much of the details listed below as possible, and shall follow such verbal report within five three (53) business days with a written report outlining the Event with the following informationinformation to the extent known: 1) a. The date of the Event if known or, if the date is unknown, or the estimated date.date (if date unknown); 2) b. The date of the discovery of the Event.; 3) c. The nature of the Event, including a root cause analysis, containing as much specific detail as possible (e.g., cause, contributing factors, chronology of events); 4) d. The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted).; 5) e. The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined.; 6) f. A summary of the nature and scope of the Transportation ProviderContractor’s investigation into the Event.; 7) g. The harmful effects of the Event known to the Transportation ProviderContractor, all actions the Transportation Provider Contractor has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken.; 8) h. A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) i. Any additional information and/or documentation that the Transportation Provider Contractor is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable LawLaw in connection with the PI. To the extent that any such information is not available at the time of the report, the Transportation Provider Contractor shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider Contractor shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this sectionif appropriate.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal report within five (5) business days with a written report outlining the Event with the following information: 1) The date of the Event if known or, if the date is unknown, the estimated date.; 2) The date of the discovery of the Event.; 3) The nature of the Event, including as much specific detail as possible (e.g.,, cause, contributing factors, chronology of events); 4) The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted).; 5) The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined.; 6) A summary of the nature and scope of the Transportation Provider’s investigation into the Event.; 7) The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken.; 8) A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under this section.

Notification and Reporting Activities. As soon as possible, but in any event no later than two (2) business days following the date upon which the Transportation Provider becomes aware of the Event, the Transportation Provider shall verbally orally report the Event to EOHHS with as much of the details listed below as possible, and shall follow such verbal oral report within five (5) business days with a written report outlining the Event with the following information: 1) : The date of the Event if known or, if the date is unknown, the estimated date. 2) ; The date of the discovery of the Event. 3) ; The nature of the Event, including as much specific detail as possible (e.g.,, cause, contributing factors, chronology of events); 4) ; The nature of the PI involved in the Event (e.g., the types of identifiers and other information involved), together with samples of any forms or documents that were involved in the Event to illustrate the type of PI involved (with personal identifiers removed or redacted). 5) ; The exact number of individuals whose PI was involved in the Event if known or, if unknown, a reasonable estimate based on known facts (categorized according to the type of PI involved, if different types of PI was involved for different individuals), together with a description of how the exact or estimated number of individuals was determined. 6) ; A summary of the nature and scope of the Transportation Provider’s investigation into the Event. 7) ; The harmful effects of the Event known to the Transportation Provider, all actions the Transportation Provider has taken or plans to take to mitigate such effects, and the results of all mitigation actions already taken. 8) ; A summary of steps taken in connection with and to prevent such Event in the future, including copies of revised policies and procedures, changes in business processes and staff training; and 9) and Any additional information and/or documentation that the Transportation Provider is required to provide to EOHHS under 45 CFR §164.410, M.G.L. c. 93H, §3(a) or other similar Applicable Law. To the extent that any such information is not available at the time of the report, the Transportation Provider shall provide such information to EOHHS as such information becomes available in one or more subsequent written reports. The Transportation Provider shall provide EOHHS with such additional information regarding the Event as EOHHS may reasonably request, which additional information may include a written risk analysis rebutting any presumption that the Event constituted a breach for purposes of the Breach Notification Rule. 45 CFR Part 164, Subpart D. The Transportation Provider acknowledges and agrees that it may be subject to reporting obligations under one or more Third Party Agreements in addition to, and/or that differ from, its obligations under Section 2.5 of this section.Appendix A.