Reporting of Breaches, Potential Breaches, and Security Incidents Sample Clauses

Reporting of Breaches, Potential Breaches, and Security Incidents. Business Associate must report to the City any use or disclosure of the PHI not provided for by this Business Associate Agreement of which it becomes aware, as well as any Breach of Unsecured PHI; potential Breach of unsecured PHI; any security incident of which it becomes aware; any attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI; or any attempted or successful interference with Business Associate’s system operations of which Business Associate becomes aware. Business Associate will make the report to the City’s HIPAA Privacy and Security Officers not more than five (5) calendar days after Business Associate discovers such non-permitted use or disclosure, Breach, security incident, or other incident as described above. Business Associate shall provide any reports or notices required by HIPAA as a result of Business Associate’s Breach. On behalf of the City, Business Associate will provide such reports or notices to any party or entity (including but not limited to media, Secretary, and individuals affected by the Breach) entitled by law to receive the reports or notices. Business Associate agrees to pay the costs associated with notifying individuals affected by the Breach, which may include, but are not limited to, paper, printing, and mailing costs. Business Associate is not required to report the following types of unsuccessful security incidents: pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, or disclosure of PHI. If a delay is requested by a law enforcement official in accordance with 45 CFR 164.412, Business Associate may delay notifying City for the time period specified in HIPAA. Business Associate’s report will include the information described in 45 CFR 164.404(c) and such other information as the City may reasonably request.
Sample 1Sample 2Sample 3See All (25)
AutoNDA by SimpleDocs

Related to Reporting of Breaches, Potential Breaches, and Security Incidents

  • Termination for Material Breach If either Party (the “Non-Breaching Party”) believes that the other Party (the “Breaching Party”) has materially breached one or more of its obligations under this Agreement, then the Non-Breaching Party may deliver notice of such material breach to the Breaching Party specifying the nature of the alleged breach in reasonable detail (a “Default Notice”). Thereafter, the Non-Breaching Party shall have the right to terminate this Agreement if the breach asserted in such Default Notice has not been cured within sixty (60) days after such Default Notice. Notwithstanding the foregoing, (i) if such material breach, by its nature, cannot be remedied within such sixty (60) day cure period, but can be remedied over a longer period not expected to exceed one hundred and fifty (150) days, then such sixty (60) day period shall be extended for up to an additional ninety (90) days provided that the Breaching Party provides the Non-Breaching Party with a reasonable written plan for curing such material breach and uses Commercially Reasonable Efforts to cure such material breach in accordance with such written plan and (ii) if such material breach cannot be cured, but the effects of such material breach are not such that the Non-Breaching Party would be deprived of the material benefits the Non-Breaching Party would reasonably be expected to derive from this Agreement in the absence of such material breach, then the Non-Breaching Party shall not be entitled to terminate this Agreement on the basis of such material breach unless the Breaching Party has previously committed a substantially similar material breach of this Agreement. For clarity, a breach of Section 3.2.3 of this Agreement shall not, notwithstanding anything herein, fall within the exception in subpart (ii) of the immediately preceding sentence.

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!