Notification of Possible Breach. BA shall notify CE within twenty-four (24) hours of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Contract or Addendum; any security incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in and information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by BA or its agents or subcontractors. The notification shall include, to the extent possible, the identification of each individual whose unsecured Protected Information has been, or is reasonably believed by the BA to have been, accessed, acquired, used, or disclosed, as well as any other available information that CE is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited to, 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. BA shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(c); 45 C.F.R. Section164.308(b)].
Appears in 129 contracts
Samples: Contract for Services, Contract for Services, Contract for Services
Notification of Possible Breach. BA shall notify CE within twenty-four (24) hours of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Contract or Addendum; any security incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in and an information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by BA or its agents or subcontractors. The notification shall include, to the extent possible, the identification of each individual whose who unsecured Protected Information has been, or is reasonably believed by the BA business associate to have been, accessed, acquired, used, or disclosed, as well as any other available information that CE is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited tolimited, to 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. BA shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws laws. (This provision should be negotiated.) [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(c164.504(e)(2)(ii)(C); 45 C.F.R. Section164.308(b)].45
Appears in 1 contract
Samples: mission.sfgov.org
Notification of Possible Breach. BA shall notify CE within twenty-four (24) hours of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Contract or Addendum; any security incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in and information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by BA or its agents or subcontractors. The notification shall include, to the extent possible, the identification of each individual whose unsecured Protected Information has been, or is reasonably believed by the BA to have been, accessed, acquired, used, or disclosed, as well as any other available information that CE is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited to, 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. BA shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(c); 45 C.F.R. Section164.308(b)].. DRAFT
Appears in 1 contract
Samples: Contract for Services
