Common use of Report of Prohibited Use or Disclosure Clause in Contracts

Report of Prohibited Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE or CRISP Services has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona- fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non- compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section 14.03 will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through the HIE has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with bona- fide attorney–client privilege, CRISP will notify Participant of the event, including a summary of the relevant facts, within two (2) business days of the determination and will cooperate with Participant as to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit C) will govern over any inconsistent or less stringent provisions of this Section 14.03. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an Individual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject Individual or Individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation efforts and in providing required notifications. e. To the extent an External HIE Exchange has specific conditions or obligations relating to prohibited uses or disclosures of Data, Participant is responsible for compliance. Without limiting the foregoing, CRISP may provide those special conditions or obligations in the Policies and Procedures.

Report of Prohibited Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE or CRISP Services HIEin accordance with a Use Case has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona- bona-fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non- non-compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section 14.03 will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through transmittedthrough the HIE in accordance with a Use Case has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with consistentwith bona- fide attorneyattorney –client privilege, CRISP will notify Participant of the event, including a summary of summaryof the relevant facts, within two (2) business days of the determination and will cooperate with Participant as Participantas to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit C) will govern over any inconsistent or less stringent provisions of this Section 14.0314. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in informationin association an Individualindividual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject Individual individual or Individuals individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information (“Security Breach”), CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation inremediation efforts and in providing required notifications. e. To the extent an External HIE Exchange has specific conditions or obligations relating to prohibited uses or disclosures of Data, Participant is responsible for compliance. Without limiting the foregoing, CRISP may provide those special conditions or obligations in the Policies and Procedures.

Report of Prohibited Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE or CRISP Services has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona- withbona- fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non- compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section 14.03 will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through the HIE has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with bona- bona-fide attorney–client privilege, CRISP will notify Participant of the event, including a summary of the relevant facts, within two (2) business days of the determination and will cooperate with Participant as to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit C) will govern over any inconsistent or less stringent provisions of this Section 14.03. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an Individual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject Individual or Individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation efforts and in providing required notifications. e. To the extent an External HIE Exchange has specific conditions or obligations relating to prohibited unpermitted uses or disclosures of Data, Participant is responsible for compliance. Without limiting the foregoing, CRISP may provide those special conditions or obligations in the Policies and Procedures.

Report of Prohibited Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE or CRISP Services in accordance with a Use Case has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona- bona-fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non- non-compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section 14.03 will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through the HIE in accordance with a Use Case has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with bona- fide attorneyattorney –client privilege, CRISP will notify Participant of the event, including a summary of the relevant facts, within two (2) business days of the determination and will cooperate with Participant as to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit C) will govern over any inconsistent or less stringent provisions of this Section 14.0314. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an Individualindividual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject Individual individual or Individuals individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information (“Security Breach”), CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation efforts and in providing required notifications. e. To the extent an External HIE Exchange has specific conditions or obligations relating to prohibited uses or disclosures of Data, Participant is responsible for compliance. Without limiting the foregoing, CRISP may provide those special conditions or obligations in the Policies and Procedures.

Report of Prohibited Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE or CRISP Services HIEin accordance with a Use Case has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona- bona-fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non- non-compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section 14.03 will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through transmittedthrough the HIE in accordance with a Use Case has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with consistentwith bona- fide attorneyattorney –client privilege, CRISP will notify Participant of the event, including a summary of summaryof the relevant facts, within two (2) business days of the determination and will cooperate with Participant as Participantas to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit C) will govern over any inconsistent or less stringent provisions of this Section 14.0314. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an Individual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject Individual or Individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information (“Security Breach”), CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation inremediation efforts and in providing required notifications. e. To the extent an External HIE Exchange has specific conditions or obligations relating to prohibited uses or disclosures of Data, Participant is responsible for compliance. Without limiting the foregoing, CRISP may provide those special conditions or obligations in the Policies and Procedures.