Reporting Unsuccessful Security Incidents. Business Associate shall provide Covered Entity upon written request a Report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies.
Reporting Unsuccessful Security Incidents. The Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents. The foregoing notwithstanding, Business Associate shall, upon Covered Entity’s written request, report to Covered Entity Unsuccessful Security Incidents in accordance with the reporting requirements herein. For Unsuccessful Security Incidents, Business Associate shall provide Covered Entity, upon its written request, a report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies. Cooperation with Violations. Business Associate will cooperate with Covered Entity’s investigation and/or risk assessment with respect to any report made pursuant to Section 2.14, will abide by Covered Entity’s decision with respect to whether such acquisition, access, Use or Disclosure constitutes a Breach of PHI and will follow Covered Entity’s instructions with respect to any event reported to Covered Entity by Business Associate pursuant to Section 2.14. Business Associate shall maintain complete records regarding any event requiring reporting for the period required by 45 C.F.R. 164.530(j) or such longer period as may be required by state law and shall make such records available to Covered Entity promptly upon request but in no event later than within five (5) business days.
Reporting Unsuccessful Security Incidents. The Participant shall annually provide a report to HIO describing in summary form the nature and extent of Unsuccessful Security Incidents concerning Patient Data or the Participant’s access or use of the System or the Services experienced by the Participant during the period covered by that report, as more specifically described in the Policies and Procedures.
Reporting Unsuccessful Security Incidents. Business Associate shall provide Covered Entity upon written request a Report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies. Business Associate shall comply with any reasonable policies and procedures Covered Entity implements to obtain compliance under the Security Rule. Reporting and Documenting Breaches. Business Associate shall Report to Covered Entity any Breach of Unsecured PHI as soon as it, or any Person to whom PHI is disclosed under this Agreement, becomes aware of any such Breach, and in no event later than five (5) business days after such awareness, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available. Following the Report described in 6.1, Business Associate shall conduct a risk assessment and provide it to Covered Entity with a summary of the event. Business Associate shall provide Covered Entity with the names of any Individual whose Unsecured PHI has been, or is reasonably believed to have been, the subject of the Breach and any other available information that is required to be given to the affected Individual, as set forth in 45 CFR § 164.404(c). Upon request by Covered Entity, Business Associate shall provide information necessary for Covered Entity to investigate the impermissible Use or Disclosure. Business Associate shall continue to provide to Covered Entity information concerning the Breach as it becomes available. When Business Associate determines that an impermissible acquisition, Access, Use or Disclosure of PHI for which it is responsible is not a Breach, and therefore does not necessitate notice to the impacted Individual, it shall document its assessment of risk, conducted as set forth in 45 CFR § 402(2). Business Associate shall make its risk assessment available to Covered Entity upon request. It shall include 1) the name of the person making the assessment, 2) a brief summary of the facts, and 3) a brief stat...
Reporting Unsuccessful Security Incidents. The Participant shall annually provide a report to SJCHIE describing in summary form the nature and extent of Unsuccessful Security Incidents concerning Patient Data or the Participant’s access or use of the System or the Services experienced by the Participant during the period covered by that report, as more specifically described in the Policies and Procedures.
Reporting Unsuccessful Security Incidents. The Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents. The foregoing notwithstanding, Business Associate shall, upon Covered Entity’s written request, report to Covered Entity Unsuccessful Security Incidents in accordance with the reporting requirements herein. For Unsuccessful Security Incidents, Business Associate shall provide Covered Entity, upon its written request, a report that: (1) identifies the categories of Unsuccessful Security Incidents; (2) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (3) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies.
