COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
ACCESS TO SECURITY LOGS AND REPORTS Upon request, the Contractor shall provide access to security logs and reports to the State or Authorized User in a format as specified in the Authorized User Agreement.
Implementation of and Reporting on the Project A. The Grantee shall implement and complete the Project in accordance with Exhibit A and with the plans and specifications contained in its Grant Application, which is on file with the State and is incorporated by reference. Modification of the Project shall require prior written approval of the State. B. The Grantee shall submit to the State written progress reports until the completion of the Project. These reports shall be submitted upon request by the State and shall contain such detail of progress or performance on the Project as is requested by the State.
Monitoring and Reporting The Programme Operator shall monitor, record and report on progress towards the programme’s outcomes in accordance with the provisions contained in the legal framework. The Programme Operator shall ensure that suitable and sufficient monitoring and reporting arrangements are made with the project promoters in order to enable the Programme Operator and the National Focal Point to meet its obligations to the Donors. When reporting on progress achieved in Annual and Final Programme Reports, the Programme Operator shall disaggregate results achieved as appropriate and in accordance with instructions received from the FMO.
Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor’s Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: ● SAO Toll Free Hotline: 1-800-TX-AUDIT ● SAO website: xxxx://xxx.xxxxx.xxxxx.xx.xx/ All reports made to the OIG must be made through one of the following avenues: ● OIG Toll Free Hotline 0-000-000-0000 ● OIG Website: XxxxxxXxxxxXxxxx.xxx ● Internal Affairs Email: XxxxxxxxXxxxxxxXxxxxxxx@xxxx.xxxxx.xx.xx ● OIG Hotline Email: XXXXxxxxXxxxxxx@xxxx.xxxxx.xx.xx. ● OIG Mailing Address: Office of Inspector General Attn: Fraud Hotline MC 1300 P.O. Box 85200 Austin, Texas 78708-5200
Documenting and Reporting Breaches 6.1 Business Associate shall report to Covered Entity any Breach of Unsecured PHI, including Breaches reported to it by a Subcontractor, as soon as it (or any of its employees or agents) becomes aware of any such Breach, and in no case later than two (2) business days after it (or any of its employees or agents) becomes aware of the Breach, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. 6.2 Business Associate shall provide Covered Entity with the names of the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of the Breach and any other available information that is required to be given to the affected individuals, as set forth in 45 CFR § 164.404(c), and, if requested by Covered Entity, information necessary for Covered Entity to investigate the impermissible use or disclosure. Business Associate shall continue to provide to Covered Entity information concerning the Breach as it becomes available to it. Business Associate shall require its Subcontractor(s) to agree to these same terms and conditions. 6.3 When Business Associate determines that an impermissible acquisition, use or disclosure of PHI by a member of its workforce is not a Breach, as that term is defined in 45 CFR § 164.402, and therefore does not necessitate notice to the impacted individual(s), it shall document its assessment of risk, conducted as set forth in 45 CFR § 402(2). When requested by Covered Entity, Business Associate shall make its risk assessments available to Covered Entity. It shall also provide Covered Entity with 1) the name of the person(s) making the assessment, 2) a brief summary of the facts, and 3) a brief statement of the reasons supporting the determination of low probability that the PHI had been compromised. When a breach is the responsibility of a member of its Subcontractor’s workforce, Business Associate shall either 1) conduct its own risk assessment and draft a summary of the event and assessment or 2) require its Subcontractor to conduct the assessment and draft a summary of the event. In either case, Business Associate shall make these assessments and reports available to Covered Entity. 6.4 Business Associate shall require, by contract, a Subcontractor to report to Business Associate and Covered Entity any Breach of which the Subcontractor becomes aware, no later than two (2) business days after becomes aware of the Breach.
Data Collection and Reporting 1. Grantee shall develop and use a local reporting unit that will provide an assigned location for all clients served within the Hospital. This information shall also be entered into Client Assignment and Registration (CARE)when reporting on beds utilized at the Hospital. 2. Grantee shall budget and report expenditure data on the CARE Report III, incorporated by reference and posted at: xxxxx://xxx.xxx.xxxxx.xxx/doing-business-hhs/provider- portals/behavioral-health-services-providers/behavioral-health-provider- resources/community-mental-health-contracts, within the Community Hospital strategy C.2.1.1 using line 764 - Project Private Beds. 3. Grantee shall ensure that patient registration, diagnostics, admission and discharge data is reported by using the CARE screens and action codes listed below: a. Screen: Campus-Based Assignments (Add/Change/Delete), Action Code: 305; b. Screen: Campus-Based Discharge/Community Placement (Add/Change/Delete), Action Code: 310; c. Screen: Joint Community Support Plan (Add/Change/Delete), Action Code: 312; d. Screen: Register Client, Action Code: 325; e. Screen: Diagnostics (Add/Change/Delete), Action Code: 330; f. Screen: Voluntary Admission and Commitment (Add/Change/Delete), Action Code 332; g. Screen: Campus-Based Residential Xxxx/Dorm (Add/Change/Delete), Action Code 615; and h. Screen: MH Bed Allocation Exception (Add/Change/Delete), Action Code 345. For details related to the use of these screens and action codes, Grantee can refer to the CARE Reference Manual which can be found under the CARE (WebCARE) section on the portal at: xxxxx://xxxxxxxxx.xxx.xxxxx.xx.xx/helpGuide/Content/16_CARE/CAREWebCARE%20Refere nce%20Manual.htm
Safeguards Monitoring and Reporting The Borrower shall do the following or cause the Project Executing Agency to do the following:
Basic Financial Information and Reporting (a) The Company will maintain true books and records of account in which full and correct entries will be made of all its business transactions pursuant to a system of accounting established and administered in accordance with generally accepted accounting principles consistently applied, and will set aside on its books all such proper accruals and reserves as shall be required under generally accepted accounting principles consistently applied. (b) As soon as practicable after the end of each fiscal year of the Company, and in any event within one hundred twenty (120) days thereafter, the Company will furnish each Investor a balance sheet of the Company, as at the end of such fiscal year, and a statement of income and a statement of cash flows of the Company, for such year, all prepared in accordance with generally accepted accounting principles consistently applied and setting forth in each case in comparative form the figures for the previous fiscal year, all in reasonable detail. Such financial statements shall be accompanied by a report and opinion thereon by independent public accountants of national standing selected by the Company's Board of Directors. (c) The Company will furnish each Investor, as soon as practicable after the end of the first, second and third quarterly accounting periods in each fiscal year of the Company, and in any event within forty-five (45) days thereafter, a balance sheet of the Company as of the end of each such quarterly period, and a statement of income and a statement of cash flows of the Company for such period and for the current fiscal year to date, prepared in accordance with generally accepted accounting principles, with the exception that no notes need be attached to such statements and year-end audit adjustments may not have been made. (d) So long as an Investor (with its Affiliates) shall own not less than five hundred thousand (500,000) shares of Registrable Securities (as adjusted for stock splits and combinations) (a "MAJOR INVESTOR"), the Company will furnish each such Major Investor (i) at least thirty (30) days prior to the beginning of each fiscal year an annual budget and operating plans for such fiscal year (and as soon as available, any subsequent revisions thereto); and (ii) as soon as practicable after the end of each month, and in any event within twenty (20) days thereafter, a balance sheet of the Company as of the end of each such month, and a statement of income and a statement of cash flows of the Company for such month and for the current fiscal year to date, including a comparison to plan figures for such period, prepared in accordance with generally accepted accounting principles consistently applied, with the exception that no notes need be attached to such statements and year-end audit adjustments may not have been made. (e) So long as any Series B Investor (with its Affiliates) owns any shares of Registrable Securities, the Company will furnish to three (3) Investors appointed by Atlas (as designated in writing to the Company) (i) at least thirty (30) days prior to the beginning of each fiscal year an annual budget and operating plans for such fiscal year (and as soon as available, any subsequent revisions thereto); and (ii) as soon as practicable after the end of each month, and in any event within twenty (20) days thereafter, a balance sheet of the Company as of the end of each such month, and a statement of income and a statement of cash flows of the Company for such month and for the current fiscal year to date, including a comparison to plan figures for such period, prepared in accordance with generally accepted accounting principles consistently applied, with the exception that no notes need be attached to such statements and year end audit adjustments may not have been made; provided, however, that after the termination of that certain Consulting Agreement (the "Consulting Agreement") between the Company and Atlas, dated as of April 19, 1999, Investors who are holders of Registrable Securities issued or issuable upon conversion of Series B Stock, or upon exercise of the Warrants, shall only be furnished with balance sheets and statements of income pursuant to this subsection (e).