Reporting of Improper Access, Use or Disclosure Sample Clauses

Reporting of Improper Access, Use or Disclosure. Business Associate shall report in writing to Covered Entity any Use or Disclosure of Protected Health Information not provided for by the Underlying Agreement of which it becomes aware, including Breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware without reasonable delay and in no case later than three (3) business days.
AutoNDA by SimpleDocs
Reporting of Improper Access, Use or Disclosure. Vendor will notify Provider in writing of any access to, use or disclosure of Provider PHI not permitted by this BAA, including any Breach of Unsecured Provider PHI and Security Incident, without unreasonable delay (and in no case later than sixty (60) days after discovery of any Breach of Unsecured Provider PHI). Such notifications will include, to the extent known by Vendor at the time of the notification, the following:  Identification of each Individual whose Unsecured Provider PHI has been or is reasonably believed by Vendor to have been impermissibly accessed, used or disclosed;  The date the incident occurred and the date the incident was discovered;  A description of the type(s) and amount of Provider PHI involved in the incident;  A description of the investigation process used by Vendor to determine the cause and extent of the incident;  A description of the actions Vendor is taking to mitigate and protect against further impermissible uses or disclosures and losses; and  A description of any steps individuals should take to protect themselves from potential harm resulting from the impermissible use or disclosure of Provider PHI. Notwithstanding the foregoing, Provider and Vendor acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and Provider acknowledges and agrees that no additional notification to Provider of such unsuccessful Security Incidents is necessary. However, to the extent that Vendor becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, Vendor shall notify Provider of these attempts and provide the name, if available, of said party.
Reporting of Improper Access, Use or Disclosure. BA shall report to CE in writing of any access, use or disclosure of Protected Information not permitted by the Contract and Addendum, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than 60 calendar days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. BA shall report to COUNTY in writing of any access, use or disclosure of Protected Information not permitted by the Contract and Addendum, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than 60 calendar days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. BUSINESS ASSOCIATE shall report to COUNTY in writing of any access, use or disclosure of Protected Information not permitted by the Agreement, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than two (2) business days after discovery [42 U.S.C Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. BA shall, following the discovery of any Breach of Unsecured PHI, Security Incident, as defined in the Security Rule, and/or any actual or suspected access, use or disclosure of Protected Information not permitted by the Agreement and this Addendum or applicable law notify CE in writing of such breach or disclosure without unreasonable delay and in no case later than five business days after discovery. Notwithstanding the foregoing, BA and CE acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and CE acknowledges and agrees that no additional notification to CE of such unsuccessful Security Incidents is required.
Reporting of Improper Access, Use or Disclosure. BA shall, following the discovery of any Breach of Unsecured PHI, Security Incident, as defined in the Security Rule, and/or any actual or suspected access, use or disclosure of Protected Information not permitted by the Contract and Addendum or applicable law notify SJH in writing of such breach or disclosure without unreasonable delay and in no case later than three business days after discovery. Notwithstanding the foregoing, BA and SJH acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and SJH acknowledges and agrees that no additional notification to SJH of such unsuccessful Security Incidents is required. However, to the extent that BA becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, BA shall notify SJH of these attempts and provide the name, if available, of said party. BA shall take prompt corrective action and any action required by applicable state or federal laws and regulations relating to such disclosure. BA agrees to pay the actual costs of SJH to provide required notifications and any associated costs incurred by SJH, such as credit monitoring for affected patients, and including any civil or criminal monetary penalties or fines levied by any federal or state authority having jurisdiction if SJH reasonably determines that the nature of the breach warrants such measures.
AutoNDA by SimpleDocs
Reporting of Improper Access, Use or Disclosure. Business Associate shall report to Covered Entity in writing of any access, use or disclosure of Protected Information not permitted by the Contract and Addendum, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than seven (7) days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Reporting of Improper Access, Use or Disclosure. Business Associate shall report to Covered Entity in writing any access, use or disclosure of Protected Information not permitted by the Agreement and BAA, and any Breach of Unsecured PHI of which it becomes aware without unreasonable delay and in no case later than 10 calendar days after discovery [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e) (2) (ii) (C); 45 C.F.R. Section 164.308(b)]. All reports to Covered Entity pursuant to this section shall be sent to the Covered Entity Compliance Officer by facsimile and U.S. mail using the following contact information:
Reporting of Improper Access, Use or Disclosure. Business Associate agrees to report to Company any impermissible acquisition, access, use or disclosure of Protected Health Information of which it becomes aware as required by 45 C.F.R. § 164.410. Business Associate’s obligation to report under this Section 2(c) is not and will not be construed as an acknowledgement by Business Associate of any fault or liability with respect to any use, disclosure, or Breach.
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!