Report Inappropriate Uses or Disclosures, Security Incidents, and Breaches of Unsecured PHI Sample Clauses

Report Inappropriate Uses or Disclosures, Security Incidents, and Breaches of Unsecured PHI. Upon discovery, Business Associate agrees to report to Covered Entity in writing any use or disclosure of PHI by Business Associate not permitted by this Agreement; any Security Incident; and any breach of unsecured PHI as required by 45 CFR §164.410 as follows: In the event that Business Associate discovers a breach of unsecured PHI, Business Associate agrees to notify Covered Entity without unreasonable delay, and in no case later than 60 calendar days after Business Associate first becomes aware of the incident. Business Associate is deemed to have become aware of the breach as of the first day such breach is known or, with the exercise of reasonable diligence, would have been known to any person, other than the person committing the breach, who is an employee, officer, or other agent of Business Associate. The notice must include, to the extent possible, the identification of each individual whose unsecured PHI was the subject of the breach; a brief description of what happened; the date of the breach and the date of the discovery of the breach, if known; a description of the types of unsecured PHI that were involved in the breach (such as full name, social security number, date of birth, and home address); any steps the individuals should take to protect themselves from potential harm resulting from the breach; and a brief description of what Business Associate is doing to investigate the breach, mitigate losses, and protect against further breaches. [The parties may wish to add different or additional specificity regarding the breach notification obligations of the business associate, such as a stricter timeframe for the business associate to report a potential breach to the covered entity and/or whether the business associate will handle breach notifications to individuals, the HHS Office for Civil Rights (OCR), and potentially the media, on behalf of the covered entity.]
Sample 1
AutoNDA by SimpleDocs

Related to Report Inappropriate Uses or Disclosures, Security Incidents, and Breaches of Unsecured PHI

  • Accessibility of Web-Based Information and Applications For State Agency Authorized User Acquisitions: Any web-based information and applications development, or programming delivered pursuant to the contract or procurement, will comply with New York State Enterprise IT Policy NYS-P08-005, Accessibility of Web-Based Information and Applications as follows: Any web-based information and applications development, or programming delivered pursuant to the contract or procurement, will comply with New York State Enterprise IT Policy NYS-P08- 005, Accessibility of Web-Based Information and Applications as such policy may be amended, modified or superseded, which requires that state agency web-based information and applications are accessible to persons with disabilities. Web-based information and applications must conform to New York State Enterprise IT Policy NYS-P08-005 as determined by quality assurance testing. Such quality assurance testing will be conducted by the State Agency Authorized User and the results of such testing must be satisfactory to the Authorized User before web-based information and applications will be considered a qualified deliverable under the contract or procurement.

  • Contractor Certification regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code], Contractor certifies Contractor is not engaged in business with Iran, Sudan, or a foreign terrorist organization. Contractor acknowledges this Agreement may be terminated and payment withheld if this certification is inaccurate.

  • NOXIOUS WEEDS DISCLOSURE Buyers of property in the State of Montana should be aware that some properties contain noxious weeds. The laws of the State of Montana require owners of property within this state to control, and to the extent possible, eradicate noxious weeds. For information concerning noxious weeds and your obligations as an owner of property, contact either your local County extension agent or Weed Control Board.

  • Notice Regarding Predatory Offender Information Information regarding the predatory offender registry and persons registered with the predatory offender registry under MN Statute 243.166 may be obtained by contacting the local law enforcement offices in the community where the property is located, or the Minnesota Department of Corrections at (000) 000-0000, or from the Department of Corrections Web site at xxx.xxxx.xxxxx.xx.xx. AUTHORIZATION

  • Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.

  • Reporting Unauthorized Transactions You should notify us immediately if you believe your Access Codes or any Access Devices have been lost or stolen, that someone has gained access to the Security Procedure, or that someone has transferred or may transfer money from your Account without your permission or if you suspect any fraudulent activity on your Account. To notify us, call us at the number provided in Section 9.6 between 8:00 a.m. to 4:30 p.m. Central Time during a Business Day.

  • OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. Contractor agrees not to use or further disclose PHI County discloses to Contractor other than as permitted or required by this Business Associate Contract or as required by law.

  • Dissemination of Research Findings and Acknowledgement of Controlled-Access Datasets Subject to the NIH GDS Policy It is NIH’s intent to promote the dissemination of research findings from use of controlled-access dataset(s) subject to the NIH GDS Policy as widely as possible through scientific publication or other appropriate public dissemination mechanisms. Approved Users are strongly encouraged to publish their results in peer-reviewed journals and to present research findings at scientific meetings.

  • Confidentiality and Safeguarding of University Records; Press Releases; Public Information Under this Agreement, Contractor may (1) create, (2) receive from or on behalf of University, or (3) have access to, records or record systems (collectively, University Records). Among other things, University Records may contain social security numbers, credit card numbers, or data protected or made confidential or sensitive by Applicable Laws. [Option (Include if University Records are subject to FERPA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Family Educational Rights and Privacy Act, 20 United States Code (USC) §1232g (FERPA) are addressed in Section 12.41.] [Option (Include if University is a HIPAA Covered Entity and University Records are subject to HIPAA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Health Insurance Portability and Accountability Act and 45 Code of Federal Regulations (CFR) Part 160 and subparts A and E of Part 164 (collectively, HIPAA) are addressed in Section 12.26.] Contractor represents, warrants, and agrees that it will: (1) hold University Records in strict confidence and will not use or disclose University Records except as (a) permitted or required by this Agreement, (b) required by Applicable Laws, or (c) otherwise authorized by University in writing; (2) safeguard University Records according to reasonable administrative, physical and technical standards (such as standards established by the National Institute of Standards and Technology and the Center for Internet Security [Option (Include if Section 12.39 related to Payment Card Industry Data Security Standards is not include in this Agreement.):, as well as the Payment Card Industry Data Security Standards]) that are no less rigorous than the standards by which Contractor protects its own confidential information; (3) continually monitor its operations and take any action necessary to assure that University Records are safeguarded and the confidentiality of University Records is maintained in accordance with all Applicable Laws and the terms of this Agreement; and (4) comply with University Rules regarding access to and use of University’s computer systems, including UTS165 at xxxx://xxx.xxxxxxxx.xxx/board-of-regents/policy-library/policies/uts165-information-resources-use-and-security-policy. At the request of University, Contractor agrees to provide University with a written summary of the procedures Contractor uses to safeguard and maintain the confidentiality of University Records.

  • Public Posting of Approved Users’ Research Use Statement The PI agrees that information about themselves and the approved research use will be posted publicly on the dbGaP website. The information includes the PI’s name and Requester, project name, Research Use Statement, and a Non-Technical Summary of the Research Use Statement. In addition, and if applicable, this information may include the Cloud Computing Use Statement and name of the CSP or PCS. Citations of publications resulting from the use of controlled-access datasets obtained through this DAR may also be posted on the dbGaP website.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!