Reporting of Improper Access, Use or Disclosure. Business Associate shall report in writing to Covered Entity any Use or Disclosure of Protected Health Information not provided for by the Underlying Agreement of which it becomes aware, including Breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware without reasonable delay and in no case later than three (3) business days.
Reporting of Improper Access, Use or Disclosure. Vendor will notify Provider in writing of any access to, use or disclosure of Provider PHI not permitted by this BAA, including any Breach of Unsecured Provider PHI and Security Incident, without unreasonable delay (and in no case later than sixty (60) days after discovery of any Breach of Unsecured Provider PHI). Such notifications will include, to the extent known by Vendor at the time of the notification, the following: A description of the impermissible access, use or disclosure of Provider PHI; Identification of each Individual whose Unsecured Provider PHI has been or is reasonably believed by Vendor to have been impermissibly accessed, used or disclosed; The date the incident occurred and the date the incident was discovered; A description of the type(s) and amount of Provider PHI involved in the incident; A description of the investigation process used by Vendor to determine the cause and extent of the incident; A description of the actions Vendor is taking to mitigate and protect against further impermissible uses or disclosures and losses; and A description of any steps individuals should take to protect themselves from potential harm resulting from the impermissible use or disclosure of Provider PHI. Notwithstanding the foregoing, Provider and Vendor acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and Provider acknowledges and agrees that no additional notification to Provider of such unsuccessful Security Incidents is necessary. However, to the extent that Vendor becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, Vendor shall notify Provider of these attempts and provide the name, if available, of said party.
Reporting of Improper Access, Use or Disclosure. BA shall report to CE in writing of any access, use or disclosure of Protected Information not permitted by the Contract and Addendum, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than 60 calendar days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. BUSINESS ASSOCIATE shall report to COUNTY in writing of any access, use or disclosure of Protected Information not permitted by the Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than two (2) business days after discovery [42 U.S.C Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. BA shall, following the discovery of any Breach of Unsecured PHI, Security Incident, as defined in the Security Rule, and/or any actual or suspected access, use or disclosure of Protected Information not permitted by the Agreement and this Addendum or applicable law notify CE in writing of such breach or disclosure without unreasonable delay and in no case later than five business days after discovery. Notwithstanding the foregoing, BA and CE acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and CE acknowledges and agrees that no additional notification to CE of such unsuccessful Security Incidents is required.
Reporting of Improper Access, Use or Disclosure. BA shall, following the discovery of any Breach of Unsecured PHI, Security Incident, as defined in the Security Rule, and/or any actual or suspected access, use or disclosure of Protected Information not permitted by the Contract and Addendum or applicable law notify SJH in writing of such breach or disclosure without unreasonable delay and in no case later than three business days after discovery. Notwithstanding the foregoing, BA and SJH acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and SJH acknowledges and agrees that no additional notification to SJH of such unsuccessful Security Incidents is required. However, to the extent that BA becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, BA shall notify SJH of these attempts and provide the name, if available, of said party. BA shall take prompt corrective action and any action required by applicable state or federal laws and regulations relating to such disclosure. BA agrees to pay the actual costs of SJH to provide required notifications and any associated costs incurred by SJH, such as credit monitoring for affected patients, and including any civil or criminal monetary penalties or fines levied by any federal or state authority having jurisdiction if SJH reasonably determines that the nature of the breach warrants such measures.
Reporting of Improper Access, Use or Disclosure. Business Associate shall report to Covered Entity in writing of any access, use or disclosure of Protected Information not permitted by the Contract and Addendum, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than seven (7) days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. Business Associate agrees to report to Company any impermissible acquisition, access, use or disclosure of Protected Health Information of which it becomes aware as required by 45 C.F.R. § 164.410. Business Associate’s obligation to report under this Section 2(c) is not and will not be construed as an acknowledgement by Business Associate of any fault or liability with respect to any use, disclosure, or Breach.
Reporting of Improper Access, Use or Disclosure. Business Associate shall report to Covered Entity in writing any access, use or disclosure of Protected Information not permitted by the Agreement and BAA, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than 10 calendar days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e) (2) (ii) (C); 45 C.F.R. Section 164.308(b)]. All reports to Covered Entity pursuant to this section shall be sent to the Covered Entity Compliance Officer by facsimile and U.S. mail using the following contact information: Compliance & Privacy Officer Santa Xxxxx Valley Health & Hospital System 0000 Xxxxxx Xxxx, Xxxxx 000 Xxx Xxxx, XX 00000 Facsimile 000.000.0000 Telephone 000.000.0000 The breach notice must contain: (1) a brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known, (2) the location of the breached information; (3) a description of the types of PHI that were involved in the breach,(4) Safeguards in place prior to the breach; (5) Actions taken in response to the breach; (6) any steps individuals should take to protect themselves from potential harm resulting from the breach, (7) a brief description of what the business associate is doing to investigate the breach, to mitigate harm to individuals, and to protect against further breaches, and (8) contact procedures for individuals to ask questions or learn additional information, which shall include a tollどfree telephone number, an eどmail address, website or postal address. [45 C.F.R Section 164.410] Business Associate shall take (i) prompt corrective action to cure any such deficiencies and (ii) any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations.
Reporting of Improper Access, Use or Disclosure. BA shall report to CE in writing of any successful unauthorized access, use, disclosure, modification or destruction of Protected Information not permitted by the Contract and this Agreement of which it becomes aware without unreasonable delay but in no case later than five