Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. If Business Associate has knowledge of any use or disclosure of PHI not provided for by this Agreement or of any Incident, including breaches of unsecured PHI, then Business Associate will immediately notify Covered Entity in accordance with 45 CFR 164.410. Business Associate will follow the following breach notification requirements:
Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. Contractor will comply with the following obligations in connection with the use or disclosure of Personally Identifiable Information that is not expressly permitted by this Agreement, and that takes place while such information is in the custody or control of Contractor or a Contractor Agent (a “Security Incident”).
Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. Business Associate shall report, in writing, to Covered Entity’s Privacy Officer any security incident or breach after Business Associate discovers the breach and without unreasonable delay. Further, Business Associate shall investigate the breach and provide to Covered Entity as soon as possible, all information Covered Entity may require to make notifications of the breach to individuals, or other persons or entities. Business Associate shall cooperate with Covered Entity in addressing the breach.
Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. If Business Associate has knowledge of any use or disclosure of PHI not provided for by this Agreement, then Business Associate shall promptly notify Covered Entity in accordance with Section 13. Business Associate shall establish and implement procedures and other reasonable efforts for mitigating, to the extent possible, any harmful effects arising from any improper use and/or disclosure of PHI of which it becomes aware. In the event Business Associate becomes aware of a Security Incident involving PHI (“Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system), by itself or any of its agents or subcontractors, Business Associate shall notify Covered Entity in writing within three (3) calendar days, of such Security Incident. Business Associate shall identify the: (i) date of the Security Incident; (ii) scope of the Security Incident; (iii) Business Associate’s response to the Security Incident; and (iv) identification of the party responsible for the Security Incident, if known. Covered Entity and Business Associate agree to act together in good faith to take reasonable steps to investigate and mitigate any harm caused by the Security Incident.
Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. DocuWare will promptly report, upon discovery, in writing and in accordance with Section 11.9 of the Cloud Services Agreement, any Security Incident or Breach (as defined below) by it or any of its employees, directors, officers, agents, subcontractors or representatives concerning the use or disclosure of PHI. For purposes of this Agreement, “
Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. 3.1 Business Associate shall establish and implement procedures and other reasonable efforts to mitigate, to the greatest extent possible, any harmful effects arising from any improper use or disclosure of PHI.
Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures. 6.1 Business Associate will report to the Privacy Officer of Covered Entity, in writing, any acquisition, access, Use or Disclosure of PHI that is not permitted or required by this Agreement, without unreasonable delay, but in no event more than five (5) calendar days after discovery by Business Associate of such unauthorized acquisition, access, Use or Disclosure. This reporting obligation shall include acquisitions, access, Uses or Disclosures by Business Associate, its employees, contractors, Subcontractors, agents, representatives or any third party to which Business Associate disclosed PHI. Without limiting the foregoing, Business Associate shall report the acquisition, access, Use or Disclosure even if it determines that there is a low probability that the PHI has been compromised.
