Reporting of Improper Use or Disclosure, Security Incident or Breach. AZCOMP will report to Customer any use or disclosure of PHI not provided for by the Agreement of which it becomes aware. AZCOMP will report to Customer any Security Incident of which it becomes aware. AZCOMP will notify Customer of any Breach of Unsecured PHI as soon as practicable, and no later than 30 days after discovery of such Breach. AZCOMP’s notification to Customer of a Breach will include: (a) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by AZCOMP to have been, accessed, acquired or disclosed during the Breach; and
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA or any Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Covered Entity by Business Associate shall be required only upon request. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate’s notification to Covered Entity of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. McKesson will report to Customer any use or disclosure of PHI not provided for by the Agreement of which it becomes aware. McKesson will report to Customer any Security Incident of which it becomes aware. McKesson will notify Customer of any Breach of Unsecured PHI as soon as practicable, and no later than 30 days after discovery of such Breach. McKesson’s notification to Customer of a Breach will include: (a) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by McKesson to have been, accessed, acquired or disclosed during the Breach; and (b) any particulars regarding the Breach that Customer would need to include in its notification, as such particulars are identified in 42 U.S.C. § 17932 and 45 C.F.R. § 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate will report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate’s notification to Covered Entity of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404. A Security Incident, for the purpose of this Section 3.2, does not include attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with Business Associate’s Corporate Information System (“non-PHI Information System”), as defined by Business Associate’s internal policies and procedures.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Alliance will report to Member any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in any event no more than five (5) days following discovery and will provide a further report within a reasonable period of time after the information becomes available using commercially reasonable efforts to do so within ten (10) days following discovery; provided, however, that Member acknowledges and agrees that this Section constitutes notice by Alliance to Member of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Member by Alliance will be required only upon request. “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Alliance’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Alliance’s notification to Member of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Alliance to have been, accessed, acquired or disclosed during the Breach; (ii) any particulars regarding the Breach that a Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404; and (iii) the remedial actions taken by Alliance to mitigate the adverse effects of the Breach.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, immediately and in any event no more than five (5) business days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents. In connection with any improper use or disclosure, Security Incident or Breach, Business Associate shall conduct and document a risk assessment, in accordance with the HIPAA Rules, of such unauthorized use or disclosure and provide Covered Entity with a copy of such risk assessment upon a Covered Entity’s request. Covered Entity, in its sole and absolute discretion, may elect to delegate to Business Associate the requirement under the HIPAA Rules to notify affected Individuals of a Breach of Unsecured Protected Health Information if such Breach results from, or is related to, an act or omission of Business Associate or the agents, subcontractors or representatives of Business Associate. If Covered Entity elects to make such a delegation, Business Associate shall perform such notifications and undertake all related remediation activities that are reasonably required (i) at Business Associate’s sole cost and expense, and (ii) in compliance with all applicable requirements, including the HIPAA Rules. Business Associate shall also provide Covered Entity with the opportunity, in advance, to review and approve of the form and content of any such Breach notification that Business Associate provides to Individuals.
Reporting of Improper Use or Disclosure, Security Incident or Breach. CHC will report to Customer any Use or Disclosure of PHI not permitted under this Addendum, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in no event more than fifteen (15) business days following Discovery; provided, however, that the parties acknowledge and agree that this Section constitutes notice by CHC to Customer of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents. 'Unsuccessful Security Incidents' will include, but not be limited to, pings and other broadcast attacks on CHC's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access to, Use or Disclosure of PHI. CHC's notification to Customer of a Breach will comply with the requirements set forth in 45 C.F.R. 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. MSH will report to the Practice any use or disclosure of PHI not permitted under the Terms and Conditions, Breach of Unsecured PHI or any Security Incident, without unreasonable delay; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by MSH to the Practice of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on MSH’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate will report to Healthcare Provider any use or disclosure of PHI not permitted under this Agreement, Breach of Unsecured PHI or any Security Incident, promptly, but in no case later than fifteen (15) calendar days of becoming aware of its occurrence. The Parties acknowledge and agree that this Section constitutes notice by Business Associate to Healthcare Provider of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate’s notification to Healthcare Provider of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any information regarding the Breach that Healthcare Provider would need to include in its notification, as identified in 45 C.F.R. § 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, without unreasonable delay, and in any event no more than ten (10) business days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents.
