Reporting Breaches and Certain Security Incidents Sample Clauses

Reporting Breaches and Certain Security Incidents. Without any Business Associate Contract entered into pursuant to Section 10, HIO and Participant shall report to the other any use or disclosure of Patient Data not provided for by these Terms and Conditions of which HIO or Participant becomes aware, any security incident (other than an Unsuccessful Security Incident) concerning electronic Patient Data and any Serious Breach of Privacy or Security. This report shall be made without unreasonable delay and in no case later than [insert number of days].
Sample 1
AutoNDA by SimpleDocs
Reporting Breaches and Certain Security Incidents. Without limiting any Business Associate Contract entered into pursuant to SectionExhibit 10 (Business Associate Contract), , HIO and Participant shall report to the other any use or disclosure of Patient Data not provided for by these Terms and Conditions of which HIO or Participant becomes aware, any security incident 7068 Under Model #1, under which the HIO will not be establishing or applying privacy, security or other standards for health information exchange, 9 (Privacy and Security of Patient Data) will be unnecessary. 7169 Health care providers and other entities covered by HIPAA (and their business associates) and/or CMIA are subject to multiple legal requirements regarding the reporting of data breaches and security incidents. The provisions of Section 9.2 (Reporting of Serious Breaches and Security Incidents) are not required for compliance with applicablethose laws. However, HIOs may find that establishing the reporting mechanisms described in Section 9.2 and Section 9.2.2.1 (Reports to Participants(Reporting of Breaches and Security Incidents) will prove sufficiently valuable in promoting trust among Participants to justify their additional burdens. Further, to the extent an HIO is acting as a business associate to a HIPAA-covered entity, it will be under HIPAA required to make timely notification of a breach of unsecured PHI to that covered entity. See Exhibit X. The obligations described in Section 9.2 (Reporting of Serious Breaches and Security Incidents) to report breaches and security incidents apply only to events involving “Patient Data.” Section 1.5.13 defines “Patient Data” to include only Patient Data exchanged by the HIO’s System or Services. Thus, Section 9.2 (Reporting of Serious Breaches and Security Incidents) requires that Participants only report breaches and security incidents that directly relate to the Patient Data exchanged through the HIO, and does not require Participants to report on other privacy breaches and security incidents that they are not otherwise required to disclose publicly. (other than an Unsuccessful Security Incident) concerning electronic Patient Data and any Serious Breach of Privacy or Security. This report shall be made without unreasonable delay and in no case later than [insert number of days].
Sample 1
Reporting Breaches and Certain Security Incidents. Without limiting Section 9.3 (Reports), if applicable to HIO, HIO and Participant shall report to the other any use or disclosure of Patient Data not provided for by these Terms and Conditions of which HIO or Participant becomes aware, any security incident (other than an Unsuccessful Security Incident) concerning electronic Patient Data and any Serious Breach of Privacy or Security.
Sample 1

Related to Reporting Breaches and Certain Security Incidents

  • Breaches and Security Incidents During the term of the Agreement, CONTRACTOR 27 agrees to implement reasonable systems for the discovery of any Breach of unsecured DHCS PI and PII 28 or security incident. CONTRACTOR agrees to give notification of any beach of unsecured DHCS PI 29 and PII or security incident in accordance with subparagraph F, of the Business Associate Contract, 30 Exhibit B to the Agreement.

  • Reporting Security Incidents The Business Associate will report to the County any Incident of which the Business Associate becomes aware that is:

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.

  • Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

  • Reporting Unsuccessful Security Incidents Business Associate shall provide Covered Entity upon written request a Report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies.

  • Security Incident “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

  • Security Incidents 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.

  • COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).

  • Reporting and Documenting Breaches 6.1 Business Associate shall Report to Covered Entity any Breach of Unsecured PHI as soon as it, or any Person to whom PHI is disclosed under this Agreement, becomes aware of any such Breach, and in no event later than five (5) business days after such awareness, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available.

  • EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE BNPP ENTITIES OR THEIR SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS SECTION 19, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF THE BNPP ENTITIES OR ANY SUPPLIER, AND EVEN IF THE BNPP ENTITIES OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL ANY BNPP ENTITY OR ANY SUPPLIER BE LIABLE FOR ACTS OF GOD, ACTS OF WAR OR TERRORISM, MACHINE OR COMPUTER BREAKDOWN OR MALFUNCTION, INTERRUPTION OR MALFUNCTION OF COMMUNICATION FACILITIES, LABOR DIFFICULTIES OR ANY OTHER SIMILAR OR DISSIMILAR CAUSE BEYOND THEIR REASONABLE CONTROL.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!