Report of Improper Use or Disclosure. Business Associate shall report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI that is not provided for by this Agreement.
Report of Improper Use or Disclosure. Recipient shall immediately report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI or Limited Data Set information that is not permitted by this Agreement or under HIPAA. This report shall identify the nature of the violating use or disclosure, the PHI or Limited Data Set information used or disclosed, who made the violating use or received the disclosure, what corrective action Recipient has or will take to prevent further violations, including any mitigation, and provide any other information as Covered Entity may request.
Report of Improper Use or Disclosure. Business Associate agrees to promptly report to a Covered Entity any use or disclosure of the Covered Entity’s PHI not provided for by this Agreement of which Business Associate becomes aware. Business Associate is also subject to the requirements in Section 7 of the General Terms and Conditions (Breach Notification).
Report of Improper Use or Disclosure. Business Associate agrees to promptly report to Covered Entity any use or disclosure of the Protected Health Information not required to perform administrative duties related to prior authorization requests of commercial insurance plans of members receiving services from Covered Entity and/or this Agreement. Business Associate agrees to report to Covered Entity any Breach within two (2) business days of the first day the Breach is known, or reasonably should have been known, to the Business Associate, including for this purpose known to any employee, officer, or other agent of the Business Associate (other than the individual committing the Breach) (“Breach Notice”). The Breach Notice will include the date of the Breach and the date of discovery of the Breach and, to the extent known to Business Associate at the time in the exercise of reasonable diligence, identification of each Individual whose Unsecured PHI was, or is reasonably believed by the Business Associate to have been, subject to the Breach, and the nature of the PHI that was subject to the Breach and other information required for notification of Individuals of the Breach (collectively, “Breach Information”). Business Associate will notify Covered Entity in writing of any additional Breach Information not included in the Breach Notice or of the circumstances that prevent Business Associate from obtaining such information not later than ten (10) days after the Breach Notice was sent by Business Associate. Business Associate will cooperate with Covered Entity in the further investigation of the Breach, as reasonably required or as requested by Covered Entity. The steps required of Business Associate under this Section 10 shall be at Business Associate’s expense. If Business Associate believes that the facts related to a Breach justify the application of any statutory exceptions specified at Section 13400 of the HITECH Act and to the regulatory exclusions specified at 45 C.F.R. §164.402, Business Associate shall describe those facts in the Breach Notice and the parties shall thereafter discuss the possible application of an exception or an exclusion, provided that any final decision on the availability of an exclusion or exception will be that of the Covered Entity. The parties agree that this Section 10 satisfies any notices necessary by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents for which no additional notice to Covered Entity ...
Report of Improper Use or Disclosure. Business Associate agrees promptly to report to Covered Entity any use or disclosure of the PHI not provided for by this Agreement of which Business Associate becomes aware, including breaches of unsecured protected health information as required by 45 CFR § 164.410, and any security incident of which it becomes aware. Such report shall be in writing and shall be reported to Covered Entity as soon as practicable after the date Business Associate becomes aware of such use or disclosure, but in no event more than five (5) days following such date.
Report of Improper Use or Disclosure. Business Associate shall report, in writing, to Covered Entity within thirty (30) days of discovery any information of which it becomes aware concerning any security incident, use or disclosure of PHI that is not provided for by this Agreement. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of the requirements of the Agreement. Administrative Obligations
Report of Improper Use or Disclosure. Business Associate shall immediately report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI that is not permitted by this Agreement. This report shall identify the nature of the violating use or disclosure, the PHI used or disclosed, who made the violating use or received the disclosure, what corrective action Business Associate has or will take to prevent further violations, including any mitigation, and provide any other information Covered Entity requests. Business Associate will also immediately report to Covered Entity any breaches of unsecured Protected Health Information identified by Business Associate, including the names of the individuals whose Protected Health Information has been breached, as well as any other information about the nature and date of the breach, the types of information involved, what individuals may do to protect themselves, and the steps the Business Associate is taking to mitigate the harm and protect against future breaches, as provided by 42 U.S.C. 17932(b) and 45 C.F.R. 164.410. Business Associate will mitigate, to the extent practicable, any harmful effect that is known to Business Associate of use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
Report of Improper Use or Disclosure. Recipient shall immediately report but no later than five (5) business days to Covered Entity any information of which it becomes aware, including any Limited Data Set information or PHI from the Recipient or other entities, concerning any use or disclosure of PHI or Limited Data Set information that is not permitted by this Agreement or under HIPAA including but not limited to any Breaches of Unsecured Protected Health Information, security incident or any impermissible use or disclosure of PHI or Limited Data Set information in violation of HIPAA. The Recipient will act in good faith with the Covered Entity to mitigate any potential or actual harm due to the improper use or disclosure of PHI or Limited Data Set information. The content of such a report of the Recipient to the Covered Entity shall include, but is not limited to: A brief description of what happened, including the date of the Breach or Security Incident or other inappropriate or impermissible or unlawful use or disclosure of PHI or Limited Data Set, if known; and a description of the types of PHI that were involved (e.g. SSN, name, DOB, home address, account number or disability code). Additionally, this report to the Covered Entity shall identify the nature of the violating use or disclosure, the PHI or Limited Data Set information used or disclosed, who made the violating use or received the disclosure, what corrective action Recipient has or will take to prevent further violations, including any mitigation, and provide any other information as Covered Entity may request.
Report of Improper Use or Disclosure. Sony shall report to Customer any information of which it becomes aware concerning any use or disclosure of PHI that is not permitted by this BAA and any Security Incident affecting PHI of which it becomes aware. The parties acknowledge and agree that this Section constitutes notice by Sony to Customer of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Customer shall be required. “Unsuccessful Security Incidents” means, without limitation, pings and other broadcast attacks on Sony’s firewall, port scans, unsuccessful log-on attempts, denial-of-service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.
Report of Improper Use or Disclosure. Business Associate agrees to report to a Covered Entity within ten (10) business days of discovery any use or disclosure of the Covered Entity’s PHI not provided for by this Agreement of which Business Associate becomes aware.
