Reporting of Unauthorized Uses and Disclosures. Business Associate shall promptly report in writing to Covered Entity any use or disclosure of Protected Health Information not provided for under this Agreement, of which Business Associate becomes aware, but in no event later than five business days of first learning of any such use or disclosure. Business Associate agrees that if any of its employees, agents, subcontractors or representatives use or disclose Protected Health Information received from, or created or received on behalf of, Covered Entity, or any derivative De-identified Information in a manner not provided for in this Agreement, Business Associate shall ensure that such employees, agents, subcontractors and representatives shall receive training on Business Associate’s procedures for compliance with the HIPAA Rules, or shall be sanctioned or prevented from accessing any Protected Health Information Business Associate receives from, or creates or receives on behalf of, Covered Entity. Continued use of Protected Health Information in a manner contrary to the terms of this Agreement shall constitute a material breach of this Agreement.
Reporting of Unauthorized Uses and Disclosures. Contractor shall promptly (but in no case later than fifteen (15) days after discovery) notify the applicable OHCA Member(s) in writing upon becoming aware of any use or disclosure of PHI by Contractor, its employees, agents or Subcontractors that is not provided for in this BAA and any Security Incident involving PHI obtained from that OHCA Member(s). For purposes of this paragraph 2.6, “OHCA Member” shall refer to the relevant institution’s Privacy Officer. In addition, in accordance with the requirements of the HIPAA Rules, Contractor shall notify the applicable OHCA Member(s) in writing of all Breaches of Unsecured PHI as soon as feasible after becoming aware of the Breach. Within ten
Reporting of Unauthorized Uses and Disclosures. If Business Associate becomes aware of any use or disclosure of PHI by Business Associate, its employees, or its agents that is not provided for in this Agreement, Business Associate shall report such violation to Covered Entity.
Reporting of Unauthorized Uses and Disclosures. Contractor shall promptly (but in no case later than fifteen (15) days after discovery) notify the applicable OHCA Member(s) in writing upon becoming aware of any use or disclosure of PHI by Contractor, its employees, agents or Subcontractors that is not provided for in this BAA and any Security Incident involving PHI obtained from that OHCA Member(s). For purposes of this paragraph 2.6, “OHCA Member” shall refer to the relevant institution’s Privacy Officer. In addition, in accordance with the requirements of the HIPAA Rules, Contractor shall notify the applicable OHCA Member(s) in writing of all Breaches of Unsecured PHI as soon as feasible after becoming aware of the Breach. Within ten (10) business days after becoming aware of the Breach of Unsecured PHI, Contractor shall provide to the applicable OHCA Member(s) in writing the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Contractor to have been accessed, acquired, or disclosed during such Breach. Such identification shall include a description of the Unsecured PHI involved in the Breach and all demographic information in Contractor’s possession necessary to notify the affected Individuals of the Breach. In the event of an unauthorized use or disclosure of Unsecured PHI resulting from the actions or inactions of Contractor, its agents, Subcontractors or employees, Contractor shall be responsible for, and without regard to any limitation or exclusion of damages provision set forth in any other agreement, reimbursement or direct payment of fines, penalties, and interest imposed by a governmental authority on the OHCA Member(s), and for the costs and expenses incurred by the OHCA Member(s) arising out of or related to the unauthorized use or disclosure of PHI, including but not limited to, for: (a) identifying and notifying patients whose PHI was used or disclosed, including costs related to call center support to provide information to affected individuals, (b) hiring counsel and/or auditors to investigate and report on the nature and extent of the release of Unsecured PHI; and (c) taking other reasonable measures for mitigation of harm to affected individuals, including, but not limited to, providing credit and ID theft monitoring. Without limitation of the foregoing, Contractor shall defend, indemnify and hold harmless the affected OHCA Member(s), and their respective trustees, officers, faculty, employees and students, against any investigations, claims, ...
