Security Incident Notification. i) The Business Associate will, upon learning of a successful unauthorized access, use, or disclosure of ePHI, report this type of security incident to Covered Entity in accordance Section 7(a) above if such security incident caused a privacy breach and in accordance with Section 7(b) above if such security incident caused a security breach. ii) The Business Associate will, upon learning of a successful unauthorized modification or destruction of ePHI or interference with system operations in TECHNOLOGY TOOL(S)' information systems, report this type of security incident to Covered Entity within 10 days after the Business Associate learns of such successful security incident. iii) The Business Associate will record any attempted, but unsuccessful unauthorized access, use, disclosure, modification, or destruction of ePHI or interference with system operations in the Business Associate’s information systems of which the Business Associate is aware. The Business Associate’s will retain such records for at least 12 calendar months following the recording of each such attempted, but unsuccessful security incident and will make such records available to Covered Entity within 10 days of receipt of Covered Entity's request for them.
Appears in 3 contracts
Samples: Network Participation Agreement, Network Participation Agreement, Network Participation Agreement
Security Incident Notification. i) The Business Associate will, upon learning of a successful unauthorized access, use, use or disclosure of ePHI, report this type of security incident to Covered Entity Physician in accordance with Section 7(a) above above, if such the security incident caused a privacy breach Security Breach, and in accordance with Section 7(b) above above, if such the security incident caused a security privacy breach.
ii) The Business Associate will, upon learning of a successful unauthorized modification or destruction of ePHI or interference with system operations in TECHNOLOGY TOOL(S)' Business Associate’s information systems, report this type of security incident to Covered Entity within Physician not later than 10 days after the Business Associate learns of such the successful security incident.
iii) The Business Associate will record any attempted, but unsuccessful unauthorized access, use, disclosure, modification, modification or destruction of ePHI or interference with system operations in the Business Associate’s information systems of which the Business Associate is aware. The Business Associate’s Associate will retain such these records for at least 12 calendar months following the recording of each such of these attempted, but unsuccessful security incident incidents and will make such these records available to Covered Entity Physician within 10 days of following receipt of Covered Entity's Physician’s written request for them.
Appears in 2 contracts
Samples: Master Membership Agreement, Master Membership Agreement