Common use of Reporting to Covered Entity Clause in Contracts

Reporting to Covered Entity. Business Associate shall report to the affected Covered Entity without unreasonable delay: (a) any use or disclosure of PHI not provided for by the Agreement of which it becomes aware; (b) any breach of unsecured PHI in accordance with 45 C.F.R. Subpart D of 45 C.F.R. 164 ("Breach Notification Rule"); and (c) any security incident of which it becomes aware. With regard to Security Incidents caused by or occurring to Business Associate, Business Associate shall cooperate with the Covered Entity's investigation, analysis, notification and mitigation activities, and except for Security Incidents caused by Covered Entity, shall be responsible for reasonable costs incurred by the Covered Entity for those activities. Notwithstanding the foregoing, Covered Entity acknowledges and shall be deemed to have received advanced notice from Business Associate that there are routine occurrences of: (i) unsuccessful attempts to penetrate computer networks or services maintained by Business Associate; and (ii) immaterial incidents such as “pinging” or “denial of services” attacks.

Reporting to Covered Entity. Business Associate shall report to the affected Covered Entity without unreasonable delay: (a) any use or disclosure of PHI not provided for by the Agreement of which it becomes aware; (b) any breach of unsecured PHI in accordance with 45 C.F.R. Subpart D of 45 C.F.R. 164 ("Breach Notification Rule"); and (c) any security incident of which it becomes aware. With regard to Security Incidents caused by or occurring to Business Associate, Business Associate shall cooperate with the Covered Entity's investigation, analysis, notification and mitigation activities, and except for Security Incidents caused by Covered Entity, shall be responsible for reasonable costs incurred by the Covered Entity for those activities. Notwithstanding the foregoing, Covered Entity acknowledges and shall be deemed to have received advanced notice from Business Associate that there are routine occurrences of: (i) unsuccessful attempts to penetrate computer networks or services maintained by Business Associate; and (ii) immaterial incidents such as “pinging” or “denial of services” attacks.: