Standard Reporting. The Non-Exchange Entity must implement Breach and Incident handling procedures that are consistent with CMS’ Incident and Breach Notification Procedures1 and memorialized in the Non-Exchange Entity’s own written policies and procedures. Such policies and procedures would: i. Identify the Non-Exchange Entity’s Designated Privacy Official, if applicable, and/or identify other personnel authorized to access PII and responsible for reporting and managing Incidents or Breaches to CMS. ii. Provide details regarding the identification, response, recovery, and follow-up of Incidents and Breaches, which should include information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes; and iii. Require reporting any Incident or Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within required time frames.
Appears in 4 contracts
Samples: Service Agreement, Contractor Agreement, Contractor Agreement
Standard Reporting. The Non-Exchange Entity must implement Breach and Incident handling procedures that are consistent with CMS’ Incident and Breach Notification Procedures1 and memorialized in the Non-Exchange Entity’s own written policies and procedures. Such policies and procedures would:
i. Identify the Non-Exchange Entity’s Designated Privacy Official, if applicable, and/or identify other personnel authorized to access PII and responsible for reporting and managing Incidents or Breaches to CMS.
ii. Provide details regarding the identification, response, recovery, and follow-follow- up of Incidents and Breaches, which should include information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes; and
iii. Require reporting any Incident or Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within required time framesone hour of discovery.
Appears in 2 contracts
Samples: Agent or Broker Agreement, Agent or Broker Agreement
Standard Reporting. The Non-Exchange Entity must implement Breach and Incident handling procedures that are consistent with CMS’ Incident and Breach Notification Procedures1 and memorialized in the Non-Exchange Entity’s own written policies and procedures. Such policies and procedures would:
i. Identify the Non-Exchange Entity’s Designated Privacy Official, if applicable, and/or identify other personnel authorized to access PII and responsible for reporting and managing Incidents or Breaches to CMS.
ii. Provide details regarding the identification, response, recovery, and follow-up of Incidents and Breaches, which should include information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes; and
iii. Require reporting any Incident or Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within required time framesone hour of discovery.
Appears in 1 contract
Samples: Agreement Between Agent or Broker and the Centers for Medicare & Medicaid Services
