Common use of Reports Related to Potential Breach of Unsecured PHI Clause in Contracts

Reports Related to Potential Breach of Unsecured PHI. i. Following the discovery of a Breach of Unsecured PHI, Business Associate shall notify in writing to the Covered Entity of the Breach. Such notification shall be made without unreasonable delay after discovering the Breach, but no later than ten (10) calendar days after its discovery. ii. Business Associate's notice shall include, to the extent possible, the identification of each Individual whose unsecured PHI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, used, or disclosed during or as a result of the Breach. Business Associate shall also provide Covered Entity with at least the following information: 1. A description of the Breach, including the date of Breach and the date of discovery of the Breach, if known; 2. A description of the types of Unsecured PHI involved in the Breach; 3. Any steps individuals should take to protect themselves from potential harm resulting from the Breach; 4. A brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches; 5. And any other information requested by Covered Entity related to the Breach. 6. Business Associate shall promptly supplement such report in writing with additional information as it becomes available, even if such information becomes available after Individuals have been notified of the Breach. iii. Business Associate agrees to cooperate with Covered Entity in the investigation of a Breach of Unsecured PHI and to cooperate with and participate in, to the extent requested by Covered Entity. iv. The Business Associate will handle the Breach notifications to individuals, the HHS Office for Civil Rights (OCR) and potentially the media and will provide copies of communications to the Covered Entity at the same time the notifications are provided to individuals, the HHS Office for Civil Rights (OCR) and potentially the media. In the event that: 1. A Breach of Unsecured PHI occurs because of the action or inaction of Business Associate, its employees, agents, representatives, or Subcontractors; or 2. A Breach occurs involving Unsecured PHI in Business Associate's possession, or PHI created, maintained, transmitted, or received by Business Associate or its employees, agents, representatives, or Subcontractors, Business Associate agrees that it shall provide such notification as may be required of Covered Entity by 45 CFR §§ 164.404, 164.406, and 164.408. Covered Entity has the right to review, direct, and approve or reject the contents or manner of such notification.

Reports Related to Potential Breach of Unsecured PHI. i. [a] Following the discovery of a Breach of Unsecured PHI, Business Associate shall notify in writing to the Covered Entity of the Breach. Such notification shall be made without unreasonable delay after discovering the Breach, but no later than ten sixty (1060) calendar days after its discovery. ii. [b] Business Associate's notice shall include, to the extent possible, the identification of each Individual whose unsecured Unsecured PHI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, used, or disclosed during or as a result of the Breach. Business Associate shall also provide Covered Entity with at least the following information: 1. A : a description of the Breach, including the date of Breach and the date of discovery of the Breach, if known; 2. A ; a description of the types of Unsecured PHI involved in the Breach; 3. Any ; any steps individuals Individuals should take to protect themselves from potential harm resulting from the Breach; 4. A ; a brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individualsIndividuals, and to protect against any further Breaches; 5. And ; and any other information requested by Covered Entity related to the Breach. 6. Business Associate shall promptly supplement such report in writing notice with additional information as it becomes available, even if such information becomes available after Individuals have been notified of the Breach. iii. [c] Business Associate agrees to cooperate with Covered Entity in the investigation of a Breach of Unsecured PHI and to cooperate with and participate in, to the extent requested by Covered Entity. iv. The Business Associate will handle the Breach notifications to individuals, the HHS Office for Civil Rights (OCR) and potentially the media and will provide copies notification of communications to the Covered Entity at the same time the notifications are provided to individualsIndividuals, the HHS Office for Civil Rights (OCR) media, and potentially the mediaSecretary of any Breach of Unsecured PHI. [d] In the event that: 1. A : (i) a Breach of Unsecured PHI occurs because of the action or inaction of Business Associate, its employees, agents, representatives, or Subcontractors; or 2. A or (ii) a Breach occurs involving Unsecured PHI in Business Associate's possession, or PHI created, maintained, transmitted, or received by Business Associate or its employees, agents, representatives, or Subcontractors, Business Associate agrees that it shall Covered Entity may, in its sole discretion, require Business Associate to provide such notification as may be required of Covered Entity by 45 CFR §§ 164.404, 164.406, and 164.408. Covered Entity has shall have the right to review, direct, and approve or reject the contents or manner of such notification.

Reports Related to Potential Breach of Unsecured PHI. i. Following the discovery of a Breach of Unsecured PHI, Business Associate shall notify in writing to the Covered Entity of the Breach. Such notification shall be made without unreasonable delay after discovering the Breach, but no later than ten (10) calendar days after its discovery. ii. Business Associate's notice shall include, to the extent possible, the identification of each Individual whose unsecured Unsecured PHI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, used, or disclosed during or as a result of the Breach. Business Associate shall also provide Covered Entity with at least the following information: 1. A : a description of the Breach, including the date of Breach and the date of discovery of the Breach, if known; 2. A ; a description of the types of Unsecured PHI involved in the Breach; 3. Any ; any steps individuals Individuals should take to protect themselves from potential harm resulting from the Breach; 4. A ; a brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individualsIndividuals, and to protect against any further Breaches; 5. And ; and any other information requested by Covered Entity related to the Breach. 6. Business Associate shall promptly supplement such report in writing notice with additional information as it becomes available, even if such information becomes available after Individuals have been notified of the Breach. iii. Business Associate agrees to cooperate with Covered Entity in the investigation of a Breach of Unsecured PHI and to cooperate with and participate in, to the extent requested by Covered Entity. iv. The Business Associate will handle the Breach notifications to individuals, the HHS Office for Civil Rights (OCR) and potentially the media and will provide copies notification of communications to the Covered Entity at the same time the notifications are provided to individualsIndividuals, the HHS Office for Civil Rights (OCR) media, and potentially the mediaSecretary of any Breach of Unsecured PHI. In the event that: 1. A : (i) a Breach of Unsecured PHI occurs because of the action or inaction of Business Associate, its employees, agents, representatives, or Subcontractors; or 2. A or (ii) a Breach occurs involving Unsecured PHI in Business Associate's possession, or PHI created, maintained, transmitted, or received by Business Associate or its employees, agents, representatives, or Subcontractors, Business Associate agrees that it shall Covered Entity may, in its sole discretion, require Business Associate to provide such notification as may be required of Covered Entity by 45 CFR §§ 164.404, 164.406, and 164.408. Covered Entity has shall have the right to review, direct, and approve or reject the contents or manner of such notification.