Reporting of Improper Access, Use or Disclosure or Breach Sample Clauses

Reporting of Improper Access, Use or Disclosure or Breach. Every suspected and actual Breach shall be reported immediately, but no later than one (1) business day upon discovery, to CE’s Office of Compliance. Upon discovery of a Breach or suspected Breach, BA shall complete the following actions:
Sample 1
AutoNDA by SimpleDocs
Reporting of Improper Access, Use or Disclosure or Breach. Every suspected and actual Breach must be reported immediately, but no later than one (1) business day upon discovery, to CE’s Office of Compliance and ITD’s CISO, consistent with the regulations under HITECH Act. Upon notification from BA, CE will coordinate notification of the actual or suspected Breach to the County HIPAA Privacy Officer. Upon discovery of a Breach or suspected Breach, BA must complete the following actions: Provide CE’s Office of Compliance and ITD’s CISO with the following information to include but not limited to: Date the Breach or suspected Breach occurred; Date the Breach or suspected Breach was discovered; Number of staff, employees, subcontractors, agents or other third parties and the names and titles of each person allegedly involved; Number of potentially affected Individual(s) with contact information; and Description of how the Breach or suspected Breach allegedly occurred. Conduct and document a risk assessment by investigating without unreasonable delay and in no case later than five (5) calendar days of discovery of the Breach or suspected Breach to determine the following: The nature and extent of the PHI involved, including the types of identifiers and likelihood of re-identification; The unauthorized person who had access to the PHI; Whether the PHI was actually acquired or viewed; and The extent to which the risk to PHI has been mitigated. Provide a completed risk assessment and investigation documentation to CE’s Office of Compliance and ITD’s CISO within ten (10) calendar days of discovery of the Breach or suspected Breach with a determination as to whether a Breach has occurred. At the discretion of CE, additional information may be requested. If BA and CE agree that a Breach has not occurred, notification to Individual(s) is not required. If a Breach has occurred, notification to the Individual(s) is required and BA must provide CE with affected Individual(s) name and contact information so that CE can provide notification. Make available to CE and governing state and federal agencies in a time and manner designated by CE or governing state and federal agencies, any policies, procedures, internal practices and records relating to a Breach or suspected Breach for the purposes of audit or should the CE reserve the right to conduct its own investigation and analysis. Access to PHI To the extent BA maintains a Designated Record Set on behalf of CE, BA must make PHI maintained by BA or its agents or subcontractors in ...
Sample 1
Reporting of Improper Access, Use or Disclosure or Breach. Business Associate shall report to Covered Entity’s Office of Compliance any unauthorized use, access or disclosure of unsecured PHI or any other security incident with respect to PHI no later than one (1) business day upon the discovery of a Breach or suspected Breach consistent with the regulations promulgated under HITECH by the United States Department of Health and Human Services, 45 CFR Part 164, Subpart D. Upon discovery of a Breach or suspected Breach, the Business Associate shall complete the following actions:
Sample 1

Related to Reporting of Improper Access, Use or Disclosure or Breach

  • Prohibition on Unauthorized Use or Disclosure Business Associate will neither use nor disclose Company Protected Health Information, except as permitted or required by this Agreement or as permitted or directed by Company or as Required by Law. This Agreement does not authorize Business Associate to use or disclose Company Protected Health Information in a manner that would violate the Privacy Rule or the HITECH Act if done by Company, except as set forth in Section 1(a)(ii).

  • Unauthorized Use or Disclosure The Contractor shall notify COMMERCE within five (5) working days of any unauthorized use or disclosure of any confidential information, and shall take necessary steps to mitigate the harmful effects of such use or disclosure.

  • Data Disclosure Under Minnesota Statute § 270C.65, Subdivision 3 and other applicable law, the Contractor consents to disclosure of its social security number, federal employer tax identification number, and/or Minnesota tax identification number, already provided to the State, to federal and state agencies and state personnel involved in the payment of state obligations. These identification numbers may be used in the enforcement of federal and state laws which could result in action requiring the Contractor to file state tax returns, pay delinquent state tax liabilities, if any, or pay other state liabilities.

  • Public Posting of Approved Users’ Research Use Statement The PI agrees that information about themselves and the approved research use will be posted publicly on the dbGaP website. The information includes the PI’s name and Requester, project name, Research Use Statement, and a Non-Technical Summary of the Research Use Statement. In addition, and if applicable, this information may include the Cloud Computing Use Statement and name of the CSP or PCS. Citations of publications resulting from the use of controlled-access datasets obtained through this DAR may also be posted on the dbGaP website.

  • Return or Destruction of Confidential Information If an Interconnection Party provides any Confidential Information to another Interconnection Party in the course of an audit or inspection, the providing Interconnection Party may request the other party to return or destroy such Confidential Information after the termination of the audit period and the resolution of all matters relating to that audit. Each Interconnection Party shall make Reasonable Efforts to comply with any such requests for return or destruction within ten days of receiving the request and shall certify in writing to the other Interconnection Party that it has complied with such request.

  • DISCLOSURE OF CUSTOMER INFORMATION XXXXX.xxx will not share or sell information regarding its customers and/or prospective customers, except to its employees, agents, partners, and associates as required in the ordinary course of XXXXX.xxx’s business conducted on behalf of customers, including, but not limited to, XXXXX.xxx’s banking or credit relationships in accordance with XXXXX.xxx’s privacy policy. XXXXX.xxx may also disclose to federal or state regulatory agencies and law enforcement authorities’ information regarding Customer and Customer’s transactions in response to a request for such information or in response to a court order or subpoena. To read XXXXX.xxx’s entire privacy policy, please visit: xxx.xxxxx.xxx/xx-xx/xxxxx-xxx-xxxxxxxx/xxxxxxx-xxxxxx/

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!