Common use of Reporting of Security Incidents Clause in Contracts

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Xxxxxxxxxxx Xxxxxxxx, XX Xxxxxxx "Xxxxx" Xxxx Xxxx X. Shafer Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Xxxxxx Xxxxxxx Xxxxxx Xxxx Xxxxxx Xxxxxx Xxxxxx Xxxxxx Xxxxx Xxxxxxx Xxxxx Xxxxxxxxx Xxxx Xxxxxxx Xxxxxxxx Xxxxx Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such a summary of the Security Incidents in summary fashion as may be requested by the Covered Entity. The For the purposes of reporting, Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (e.g., port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified identified, but not compromised compromised, the logical network perimeter, perimeter including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, Incident immediately upon becoming aware or upon reasonable suspicion of any unauthorized acquisition acquisition, including but not limited to to, the use, disclosure, modification, or destruction of PHI PHI, by an employee or otherwise authorized or unauthorized user of its system of which it becomes awaresystem. 3.4.1 Business Associate identifies the following key contact persons person(s) for all matters relating to this Agreement: Business Associate shall notify Covered Entity in writing of any change in these the key contacts contact(s) during the term of this Agreement in writing within ten (10) business daysdays of the change.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: 000 Xxxx Xxxxx Xxxxxx Chicago, IL 60661 Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Xxxx XxxxXxxxxx, CEO 0000 Xxxxxxxxxx Xxxxx, XXX 000 Xxxxxxx, XX 00000 901.692.3539 xxxxxxxxxxx@xxxxxxx.xxx Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity, but not less than annually within sixty (60) days of the anniversary of this Agreement. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security IncidentIncident which would constitute a Security Event as defined by this Agreement, including any “breach of the security of the system" under Tenn Code Xxx. § 47-18-2107, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. The Business Associate shall likewise notify the Covered Entity immediately upon becoming aware of the event. 3.4.1 3.5.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.:

Reporting of Security Incidents. The Business Associate shall track all Security Incidents as defined and as required by HIPAA and shall periodically report such Security Incidents in summary fashion as may be requested by the Covered Entity. The Covered Entity shall not consider as Security Incidents, for the purpose of reporting, external activities (port enumeration, etc.) typically associated with the “footprinting” of a computing environment as long as such activities have only identified but not compromised the logical network perimeter, including but not limited to externally facing firewalls and web servers. The Business Associate shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for Business Associate’s operations. However, the Business Associate shall expediently notify the Covered Entity’s Privacy Officer of any related Security Incident, immediately upon becoming aware of any unauthorized acquisition including but not limited to use, disclosure, modification, or destruction of PHI by an employee or otherwise authorized user of its system of which it becomes aware. 3.4.1 Business Associate identifies the following key contact persons for all matters relating to this Agreement: Business Associate shall notify Covered Entity of any change in these key contacts during the term of this Agreement in writing within ten (10) business days.