Common use of Reporting of Violations Clause in Contracts

Reporting of Violations. Business Associate shall report to Covered Entity any of the following events within two (2) business days of becoming aware of the occurrence of the event: Any Use or Disclosure of PHI not authorized by this Addendum; Any Successful Security Incident; and Any acquisition, access, Use or Disclosure of Unsecured PHI in a manner not permitted by the HIPAA Privacy Rule. Such report shall include the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, Used or Disclosed. As soon as possible thereafter, and to the extent known, Business Associate shall also provide Covered Entity with a description of: What happened, including the date of the acquisition, access, Use or Disclosure and the date of its discovery; The types of Unsecured PHI involved in the acquisition, access, Use or Disclosure; Any steps Individuals should take to protect themselves from potential harm from the acquisition, access, Use or Disclosure; and What Business Associate is doing to investigate the acquisition, access, Use or Disclosure, to mitigate harm to Individuals, and to protect against any further unpermitted acquisition, access, Use or Disclosure of Unsecured PHI.

Reporting of Violations. Business Associate shall report to Covered Entity any of the following events within two (2) business days of becoming aware of the occurrence of the event: Any Use or Disclosure of PHI not authorized by this AddendumAgreement; Any Successful Security Incident; and Any acquisition, access, Use or Disclosure of Unsecured PHI in a manner not permitted by the HIPAA Privacy Rule. Such report shall include the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, Used or Disclosed. As soon as possible thereafter, and to the extent known, Business Associate shall also provide Covered Entity with a description of: What happened, including the date of the acquisition, access, Use or Disclosure and the date of its discovery; The types of Unsecured PHI involved in the acquisition, access, Use or Disclosure; Any steps Individuals should take to protect themselves from potential harm from the acquisition, access, Use or Disclosure; and What Business Associate is doing to investigate the acquisition, access, Use or Disclosure, to mitigate harm to Individuals, and to protect against any further unpermitted acquisition, access, Use or Disclosure of Unsecured PHI.

Reporting of Violations. Business Associate shall report to Covered Entity any of the following events within two (2) business days of becoming aware of the occurrence of the event: • Any Use or Disclosure of PHI not authorized by this AddendumAgreement; • Any Successful Security Incident; and • Any acquisition, access, Use or Disclosure of Unsecured PHI in a manner not permitted by the HIPAA Privacy Rule. Such report shall include the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, Used or Disclosed. As soon as possible thereafter, and to the extent known, Business Associate shall also provide Covered Entity with a description of: o What happened, including the date of the acquisition, access, Use or Disclosure and the date of its discovery; o The types of Unsecured PHI involved in the acquisition, access, Use or Disclosure; o Any steps Individuals should take to protect themselves from potential harm from the acquisition, access, Use or Disclosure; and o What Business Associate is doing to investigate the acquisition, access, Use or Disclosure, to mitigate harm to Individuals, and to protect against any further unpermitted acquisition, access, Use or Disclosure of Unsecured PHI.