Responsibility for Reporting of Breaches. If the cause of a breach of PHI or PI is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. section 17932 and its implementing regulations, including notification to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction, Business Associate shall notify the Secretary of the breach immediately upon discovery of the breach. If Business Associate has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to DHCS in addition to Business Associate, Business Associate shall notify DHCS, and DHCS and Business Associate may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in subsection 1, above.
Responsibility for Reporting of Breaches. If the cause of a breach of Department PHI is attributable to Contractor or its agents, subcontractors or vendors, Contractor is responsible for all required reporting of the breach as specified in 42 U.S.C. section 17932 and its implementing regulations, including notification to media outlets and to the Secretary (after obtaining prior written approval of DHCS). If a breach of unsecured Department PHI involves more than 500 residents of the State of California or under its jurisdiction, Contractor shall first notify DHCS, then the Secretary of the breach immediately upon discovery of the breach. If a breach involves more than 500 California residents, Contractor shall also provide, after obtaining written prior approval of DHCS, notice to the Attorney General for the State of California, Privacy Enforcement Section. If Contractor has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to the Department in addition to Contractor, Contractor shall notify the Department, and the Department and Contractor may take appropriate action to prevent duplicate reporting.
Responsibility for Reporting of Breaches. If the cause of a breach of Department PI or PII is attributable to Contractor or its agents, subcontractors or vendors, Contractor is responsible for all required reporting of the breach as specified in CIPA, section 1798.29and as may be required under the IEA. Contractor shall bear all costs of required notifications to individuals as well as any costs associated with the breach. The Privacy Officer shall approve the time, manner and content of any such notifications and their review and approval must be obtained before the notifications are made. The Department will provide its review and approval expeditiously and without unreasonable delay.
Responsibility for Reporting of Breaches. If the cause of a breach of DHCS PI or PII is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in CIPA, section 1798.29. Business Associate shall bear all costs of required notifications to individuals as well as any costs associated with the breach. The Privacy Officer shall approve the time, manner and content of any such notifications and their review and approval must be obtained before the notifications are made. Covered Entity or DHCS, as applicable, will provide its review and approval expeditiously and without unreasonable delay.
Responsibility for Reporting of Breaches. If the cause of a breach PHI or PII is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. Section 17932 and its implementing regulations, including notifications to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction and Business Associate has reason to believe that duplicate reporting of the same breach or incident to CCHCS in addition to Business Associate may occur, Business Associate shall notify CCHCS, and CCHCS and Business Associate may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in paragraph J subsection 1, above. CCHCS Contact Information. To direct communications to the above referenced CCHCS staff, the Contractor shall initiate contact as indicated herein. CCHCS reserves the right to make changes to the contact information below by giving written notice to the Contractor. Said changes shall not require an amendment to this Agreement or the Agreement to which it is incorporated. CCHCS Program Contract Manager CCHCS Privacy Officer CCHCS Information Security Officer See the Scope of Work exhibit for Program Contract Manager Information Privacy Officer California Correctional Health Care Services P.O. Box 588500, Bldg. D3, Elk Grove, CA 95758 Email: Xxxxxxx@xxxx.xx.xxx Phone: 0-000-000-0000 Information Security Officer CCHCS Information Technology Services Division P.O. Box 588500, Bldg. C3, Elk Grove, CA 95758 Email: XXXXX-XXX@xxxx.xx.xxx Fax: 000-000-0000 Phone: 000-000-0000 Training Requirement. In accordance with CCHCS policy, all personnel assigned by the Contractor or any of its subcontractors pursuant to the underlying Agreement who access CCHCS systems shall complete Privacy Awareness and Information Security Awareness Training that is required of all individuals who may access PHI or PII before being provided credentials to access such information. Termination of Agreement. In accordance with Section 13404 (b) of the HITECH Act and to the extent required by the HIPAA regulations, if Business Associate knows of a material breach or violation by CCHCS if this Agreement, the Business Associates shall take the following steps: Provide an opportunity for CCHCS to cure the breach or end the violation and termina...
Responsibility for Reporting of Breaches. If the cause of a breach of Department PHI is attributable to Contractor or its agents, subcontractors or vendors, Contractor is responsible for all required reporting of the breach as specified in 42 U.S.C. § 17932and its implementing regulations, including notification to media outlets and to the Secretary. If a breach of unsecured Department PHI involves more than 500 residents of the State of California or its jurisdiction, Contractor shall notify the Secretary of the breach immediately upon discovery of the breach. If Contractor has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to the Department in addition to Contractor, Contractor shall notify the Department, and the Department and Contractor may take appropriate action to prevent duplicate reporting.
Responsibility for Reporting of Breaches. If the cause of a breach of Department PI or PII is attributable to Contractor or its agents, subcontractors or vendors, Contractor is responsible for all required reporting of the breach as specified in CIPA, § 1798.29(a) – (d) and as may be required under the IEA. Contractor shall bear all costs of required notifications to individuals as well as any costs associated with the breach. The Department Program Contract Manager and the Department Information Security Officer and Privacy Officer shall approve the time, manner and content of any such notifications and their review and approval must be obtained before the notifications are made. The Department will provide its review and approval expeditiously and without unreasonable delay. If Contractor has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to the Department in addition to Contractor, Contractor shall notify the Department, and the Department and Contractor may take appropriate action to prevent duplicate reporting.
Responsibility for Reporting of Breaches. If the cause of a breach of PHI or PI is attributable to User or its agents, subcontractors, or vendors, and User is a covered entity as defined under HIPAA and the HIPAA regulations, User is responsible for all required reporting of the breach as specified in 42 U.S.C. § 17932 and its implementing regulations, including notification to media outlets and to the Secretary of the U.S. Department of Health and Human Services. If User has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to DOM in addition to User, User shall notify DOM, and DOM and User may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth above.
Responsibility for Reporting of Breaches. If the cause of a breach of PHI or PI is attributable to User or its agents, subcontractors or vendors, and User is a Covered Entity as defined under HIPAA and the HIPAA regulations, User is responsible for all required reporting of the breach as specified in 42 U.S.C. section 17932 and its implementing regulations, including notification to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or jurisdiction, User shall notify the Secretary and the Attorney General immediately upon discovery of the breach. If User has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to CDCR in addition to User, User shall notify CDCR, and CDCR and User may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in subsection 1, above.
Responsibility for Reporting of Breaches. If the cause of a Breach of PHI is attributable to Business Associate or its agents, subcontractors, or vendors, and Business Associate is a covered entity as defined under HIPAA and the HIPAA regulations, Business Associate is responsible for all required reporting of the Breach as specified in 42 U.S.C. § 17932 and its implementing regulations, including notification to media outlets and to the Secretary of the U.S. Department of Health and Human Services. If Business Associate has reason to believe that duplicate reporting of the same Breach or Security Incident may occur because its subcontractors, agents or vendors may report the Breach or Security Incident to MSDH in addition to Business Associate, Business Associate shall notify MSDH, and MSDH and Business Associate may take appropriate action to prevent duplicate reporting. The Breach reporting requirements of this paragraph are in addition to the reporting requirements set forth above.
