Privacy Breach. Business Associate will report to Covered Entity any use or disclosure of Covered Entity’s PHI that is not permitted by this Agreement or the Underlying Agreement. In addition, Business Associate will report to Covered Entity, following discovery and without reasonable delay, but in no event later than ten (10) days following discovery, any suspected or actual “Breach” of “Unsecured Protected Health Information” as these terms are defined by the HITECH Act and any implementing regulations. Business Associate shall cooperate with Covered Entity in investigating the potential or actual breach and in meeting Covered Entity’s obligations under the HITECH Act and any other state or federal privacy or security breach notification laws. Any such report shall contain at a minimum the information set forth on Attachment A attached hereto and incorporated by reference. Since time is of the essence under the HITECH Act, in addition to providing the report in accordance with the notice provisions contained in Section XI below, a copy of the report shall be faxed to the Privacy Officer at (000)000-0000 or to such other person as Covered Entity shall request in writing of Business Associate.
Appears in 5 contracts
Samples: Pathology Services Agreement, Pathology Services Agreement (Veracyte, Inc.), Pathology Services Agreement (Veracyte, Inc.)
