Responsibility for Reporting of Breaches. If the cause of a breach PHI or PII is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. Section 17932 and its implementing regulations, including notifications to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction and Business Associate has reason to believe that duplicate reporting of the same breach or incident to CCHCS in addition to Business Associate may occur, Business Associate shall notify CCHCS, and CCHCS and Business Associate may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in paragraph J subsection 1, above. CCHCS Contact Information. To direct communications to the above referenced CCHCS staff, the Contractor shall initiate contact as indicated herein. CCHCS reserves the right to make changes to the contact information below by giving written notice to the Contractor. Said changes shall not require an amendment to this Agreement or the Agreement to which it is incorporated. See the Scope of Work exhibit for Program Contract Manager Information Privacy Officer California Correctional Health Care Services P.O. Box 588500, Bldg. D3, Elk Grove, CA 95758 Email: Xxxxxxx@xxxx.xx.xxx Phone: 0-000-000-0000 Information Security Officer CCHCS Information Technology Services Division P.O. Box 588500, Bldg. C3, Elk Grove, CA 95758 Email: XXXXX-XXX@xxxx.xx.xxx Fax: 000-000-0000 Phone: 000-000-0000 Training Requirement. In accordance with CCHCS policy, all personnel assigned by the Contractor or any of its subcontractors pursuant to the underlying Agreement who access CCHCS systems shall complete Privacy Awareness and Information Security Awareness Training that is required of all individuals who may access PHI or PII before being provided credentials to access such information. Termination of Agreement. In accordance with Section 13404 (b) of the HITECH Act and to the extent required by the HIPAA regulations, if Business Associate knows of a material breach or violation by CCHCS if this Agreement, the Business Associates shall take the following steps: Provide an opportunity for CCHCS to cure the breach or end the violation and terminate the Agreement if CCHCS does not cure the breach or end the violation within the time specified by Business Associate; or Immediately terminate the Agreement if CCHCS has breached a material term of the Agreement and cure is not possible. Due Diligence. Business Associate shall exercise and shall take reasonable steps to ensure that it remains in compliance with this Agreement and is in compliance with applicable provisions of HIPAA, the HITECH Act, and the HIPAA regulations and that its agents, subcontractors and vendors are in compliance with their obligations as required by this Agreement. Sanctions and/or Penalties. Business Associates understands that a failure to comply with the provisions of HIPAA, the HITECH Act, and the HIPAA regulations that are applicable to Business Associates may result in the imposition of sanctions and/or penalties on Business Associate under HIPAA the HITECH Act and the HIPAA regulations.
Appears in 2 contracts
Responsibility for Reporting of Breaches. If the cause of a breach PHI or PII is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. Section 17932 and its implementing regulations, including notifications to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction and Business Associate has reason to believe that duplicate reporting of the same breach or incident to CCHCS in addition to Business Associate may occur, Business Associate shall notify CCHCS, and CCHCS and Business Associate may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in paragraph J subsection 1, above. CCHCS Contact Information. To direct communications to the above referenced CCHCS staff, the Contractor shall initiate contact as indicated herein. CCHCS reserves the right to make changes to the contact information below by giving written notice to the Contractor. Said changes shall not require an amendment to this Agreement or the Agreement to which it is incorporated. See the Scope of Work exhibit for Program Contract Manager Information Privacy Officer California Correctional Health Care Services P.O. Box 588500X.X. Xxx 000000, BldgXxxx. D3X0, Elk GroveXxx Xxxxx, CA 95758 XX 00000 Email: Xxxxxxx@xxxx.xx.xxx PhoneTelephone: 0-000-000-0000 Information Security Officer CCHCS Information Technology Services Division P.O. Box 588500X.X. Xxx 000000, BldgXxxx. C3X0, Elk GroveXxx Xxxxx, CA 95758 XX 00000 Email: XXXXX-XXX@xxxx.xx.xxx Fax: 000-000-0000 PhoneTelephone: 000-000-0000 Training Requirement. In accordance with CCHCS policy, all personnel assigned by the Contractor or any of its subcontractors pursuant to the underlying Agreement who access CCHCS systems shall complete Privacy Awareness and Information Security Awareness Training that is required of all individuals who may access PHI or PII before being provided credentials to access such information. Termination of Agreement. In accordance with Section 13404 (b) of the HITECH Act and to the extent required by the HIPAA regulations, if Business Associate knows of a material breach or violation by CCHCS if this Agreement, the Business Associates shall take the following steps: Provide an opportunity for CCHCS to cure the breach or end the violation and terminate the Agreement if CCHCS does not cure the breach or end the violation within the time specified by Business Associate; or Immediately terminate the Agreement if CCHCS has breached a material term of the Agreement and cure is not possible. Due Diligence. Business Associate shall exercise and shall take reasonable steps to ensure that it remains in compliance with this Agreement and is in compliance with applicable provisions of HIPAA, the HITECH Act, and the HIPAA regulations and that its agents, subcontractors and vendors are in compliance with their obligations as required by this Agreement. Sanctions and/or Penalties. Business Associates understands that a failure to comply with the provisions of HIPAA, the HITECH Act, and the HIPAA regulations that are applicable to Business Associates may result in the imposition of sanctions and/or penalties on Business Associate under HIPAA the HITECH Act and the HIPAA regulations.
Appears in 1 contract
Samples: Hipaa Business Associate Agreement
Responsibility for Reporting of Breaches. If the cause of a breach PHI or PII is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. Section 17932 and its implementing regulations, including notifications to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction and Business Associate has reason to believe that duplicate reporting of the same breach or incident to CCHCS in addition to Business Associate may occur, Business Associate shall notify CCHCS, and CCHCS and Business Associate may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in paragraph J subsection 1, above. CCHCS Contact Information. To direct communications to the above referenced CCHCS staff, the Contractor shall initiate contact as indicated herein. CCHCS reserves the right to make changes to the contact information below by giving written notice to the Contractor. Said changes shall not require an amendment to this Agreement or the Agreement to which it is incorporated. See the Scope of Work exhibit for Program Contract Manager Information Privacy Officer California Correctional Health Care Services P.O. Box 588500, Bldg. D3, Elk Grove, CA 95758 Email: Xxxxxxx@xxxx.xx.xxx PhoneTelephone: 0-000-000-0000 Information Security Officer CCHCS Information Technology Services Division P.O. Box 588500, Bldg. C3, Elk Grove, CA 95758 Email: XXXXX-XXX@xxxx.xx.xxx Fax: 000-000-0000 PhoneTelephone: 000-000-0000 Training Requirement. In accordance with CCHCS policy, all personnel assigned by the Contractor or any of its subcontractors pursuant to the underlying Agreement who access CCHCS systems shall complete Privacy Awareness and Information Security Awareness Training that is required of all individuals who may access PHI or PII before being provided credentials to access such information. Termination of Agreement. In accordance with Section 13404 (b) of the HITECH Act and to the extent required by the HIPAA regulations, if Business Associate knows of a material breach or violation by CCHCS if of this Agreement, the Business Associates shall take the following steps: Provide an opportunity for CCHCS to cure the breach or end the violation and terminate the Agreement if CCHCS does not cure the breach or end the violation within the time specified by Business Associate; or Immediately terminate the Agreement if CCHCS has breached a material term of the Agreement and cure is not possible. Due Diligence. Business Associate shall exercise and shall take reasonable steps to ensure that it remains in compliance with this Agreement and is in compliance with applicable provisions of HIPAA, the HITECH Act, and the HIPAA regulations and that its agents, subcontractors and vendors are in compliance with their obligations as required by this Agreement. Sanctions and/or Penalties. Business Associates understands that a failure to comply with the provisions of HIPAA, the HITECH Act, and the HIPAA regulations that are applicable to Business Associates may result in the imposition of sanctions and/or penalties on Business Associate under HIPAA the HITECH Act and the HIPAA regulations.
Appears in 1 contract
Samples: Master Service Agreement
Responsibility for Reporting of Breaches. If the cause of a breach PHI or PII is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. Section 17932 and its implementing regulations, including notifications to media outlets and to the Secretary. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction and Business Associate has reason to believe that duplicate reporting of the same breach or incident to CCHCS in addition to Business Associate may occur, Business Associate shall notify CCHCS, and CCHCS and Business Associate may take appropriate action to prevent duplicate reporting. The breach reporting requirements of this paragraph are in addition to the reporting requirements set forth in paragraph J subsection 1above subsections a and b of this section, aboveBreaches and Security Incidents. CCHCS Contact Information. To direct communications to the above referenced CCHCS staff, the Contractor shall initiate contact as indicated herein. CCHCS reserves the right to make changes to the contact information below by giving written notice to the Contractor. Said changes shall not require an amendment to this Agreement or the Agreement to which it is incorporated. See the Scope of Work exhibit for Program Contract Manager Information Privacy Officer California Correctional Health Care Services P.O. Box 588500X.X. Xxx 000000, Bldg. D3Xxxx., Elk GroveX0 Xxx Xxxxx, CA 95758 XX 00000 Email: Xxxxxxx@xxxx.xx.xxx PhoneTelephone: 0-000-000-0000 Information Security Officer CCHCS Information Technology Services Division P.O. Box 588500X.X. Xxx 000000, Bldg. C3Xxxx., Elk GroveX0 Xxx Xxxxx, CA 95758 XX 00000 Email: XXXXX-XXX@xxxx.xx.xxx Fax: 000-000-0000 Phone: 000Telephone:000-000-0000 Training Requirement. In accordance with CCHCS policy, all personnel assigned by the Contractor or any of its subcontractors pursuant to the underlying Agreement who access CCHCS systems shall complete Privacy Awareness and Information Security Awareness Training that is required of all individuals who may access PHI or PII before being provided credentials to access such information. Termination of Agreement. In accordance with Section 13404 (b) of the HITECH Act and to the extent required by the HIPAA regulations, if Business Associate knows of a material breach or violation by CCHCS if this Agreement, the Business Associates shall take the following steps: Provide an opportunity for CCHCS to cure the breach or end the violation and terminate the Agreement if CCHCS does not cure the breach or end the violation within the time specified by Business Associate; or Immediately terminate the Agreement if CCHCS has breached a material term of the Agreement and cure is not possible. Due Diligence. Business Associate shall exercise and shall take reasonable steps to ensure that it remains in compliance with this Agreement and is in compliance with applicable provisions of HIPAA, the HITECH Act, and the HIPAA regulations and that its agents, subcontractors and vendors are in compliance with their obligations as required by this Agreement. Sanctions and/or Penalties. Business Associates understands that a failure to comply with the provisions of HIPAA, the HITECH Act, and the HIPAA regulations that are applicable to Business Associates may result in the imposition of sanctions and/or penalties on Business Associate under HIPAA the HITECH Act and the HIPAA regulations. CCHCS agrees: Notice of Privacy Practices. To provide Business Associate with the Notice of Privacy Practices that CCHCS produces in accordance with 45 CFR section 164.520, as well as any changes to such notice. The most current CCHCS Notice of Privacy Practices is attached to this Agreement as Attachment 2 to this Agreement. Permission by Individuals for Use and Disclosure of PHI. To provide the Business Associate with any changes in, or revocation of, permission by an individual to use or disclose PHI, if such changes affect the Business Associate’s permitted or required uses and disclosures. Notification of Restrictions. To notify the Business Associate of any restriction to the use or disclosure of PHI that CCHCS has agreed to in accordance with 45 CFR section 164.522, to the extent that such restriction may affect the Business Associate’s use or disclosure of PHI. Requests Conflicting with HIPAA Rules. Not request the Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA regulations if done by CCHCS. Inspection. From time to time, CCHCS may inspect the facilities, systems, books and records of Business Associate to monitor compliance with this Agreement. Business Associate shall promptly remedy any violation of any provisions of this Agreement and shall certify the same to the CCHCS Privacy Officer in writing. The fact that CCHCS inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities, systems and procedures does not relieve Business Associate of its responsibility to comply with this Agreement, nor does CCHCS’ failure to detect or failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory practices constitute acceptance of such practice or a waiver of CCHCS enforcement rights under this Agreement.
Appears in 1 contract
Samples: Hipaa Business Associate Agreement