Common use of Report of Unpermitted Data Use or Disclosure Clause in Contracts

Report of Unpermitted Data Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE in accordance with a Use Case has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona-fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non-compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through the HIE in accordance with a Use Case has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with bona-fide attorney –client privilege, CRISP will notify Participant of the event, including a summary of the relevant facts, within two (2) business days of the determination and will cooperate with Participant as to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit F) will govern over any inconsistent or less stringent provisions of this Section 13. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an individual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject individual or individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information (“Security Breach”), CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation efforts and in providing requried notifications.

Report of Unpermitted Data Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE in accordance with a Use Case or Health Data transmitted through the Direct Service has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona-fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non-compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data or the Health Data of Participant transmitted through the HIE in accordance with a Use Case has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with bona-fide attorney attorney–client privilege, CRISP will notify Participant of the event, including a summary of the relevant facts, within two (2) business days of the determination and will cooperate with Participant as to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data or Health Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit FC) will govern over any inconsistent or less stringent provisions of this Section 1315.03. d. In addition to the foregoing, in the event Data or Health Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an individual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject individual or individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information (“Security Breach”), CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation efforts and in providing requried required notifications.

Report of Unpermitted Data Use or Disclosure. a. In the event that Participant determines that the Data transmitted through the HIE in accordance with a Use Case has been requested, used or disclosed by Participant or by a Participant User in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, Participant will, in its reasonable discretion, take appropriate action consistent with the requirements of Applicable Law, and, consistent with bona-fide attorney-client or similar evidentiary privileges, provide notification to CRISP of the non-compliant use or disclosure in sufficient detail to allow CRISP to take remedial steps, including steps directed at preventing a reoccurrence, and cooperate with CRISP in assessing and taking reasonable and appropriate responsive measures. No notification under this Section will be deemed to be an admission of fault or liability by Participant. b. In the event that CRISP determines that the Data of Participant transmitted through the HIE in accordance with a Use Case has been requested, used or disclosed by CRISP in a manner that does not comply with Applicable Law and/or the provisions of the Agreement, consistent with bona-fide attorney –client privilege, CRISP will notify Participant of the event, including a summary of the relevant facts, within two (2) business days of the determination and will cooperate with Participant as to further investigation or responsive action requested or taken by Participant. No notification under this Section will be deemed to be an admission of fault or liability by CRISP. c. Notwithstanding the foregoing, if the Data is Protected Health Information, the provisions of the Business Associate Agreement (Exhibit FC) will govern over any inconsistent or less stringent provisions of this Section 13. d. In addition to the foregoing, in the event Data which is or contains personal information such as a social security numbers, drivers’ license numbers or financial or similar information in association an individual’s first name or initial an last name (“Personal Information”) that is subject to Applicable Law requiring notification of the subject individual or individuals of use or disclosure that does not comply with the requirements of Applicable Law, including the unauthorized acquisition of Data that compromises the security, confidentiality or integrity of the Personal Information (“Security Breach”), CRISP shall promptly notify Participant of the breach and cooperate with Participant in remediation efforts and in providing requried required notifications.