State Law Breach Notification Sample Clauses

State Law Breach Notification. In addition to the requirements of Section 3.14, Business Associate shall implement reasonable systems for the discovery and prompt reporting of any misuse, disclosure, loss, or theft of Protected Health Information, or any other information provided to Business Associate by Customer that, if misused, disclosed, lost, or stolen, would trigger an obligation under one or more state data breach notification laws to notify the Individuals who are the subject of the information (“State Breach”). In the event of a State Breach, Business Associate shall: (a) immediately notify Customer that the State Breach has occurred; (b) cooperate and assist Customer with any investigation into any State Breach or alleged State Breach; (c) comply with Customer’s determinations regarding Customer’s and Business Associate’s obligations to mitigate, to the extent practicable, any potential harm to the Individuals impacted by the State Breach; and (d) assist with the implementation of any decision by the Customer or any state agency or official, including, but not limited to, any State Attorney General or State Consumer Affairs Department, to notify Individuals impacted or potentially impacted by a State Breach.
AutoNDA by SimpleDocs
State Law Breach Notification. While complying with the HIPAA Breach Notification Rule, ACO shall simultaneously comply with applicable requirements set forth in State Law Breach Notification Rules and shall, following the discovery of a State Law Breach, notify Covered Entity of such State Law Breach as required by the State Law Breach Notification Rules. The financial responsibilities and obligations set forth herein shall apply to processing the State Law Breach simultaneously with the HIPAA Breach.

Related to State Law Breach Notification

  • Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law. b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions). c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent. d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI: (1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information; (2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information; (3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and (4) DSHS will take appropriate remedial measures up to termination of this Contract.

  • Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include: a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.

  • COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).

  • Labor Law Acknowledgment This provision supplements Sections 2(g) and 7 of the Agreement: By accepting the RSUs, you consent to participation in the Plan and acknowledge that you have received a copy of the Plan document. You understand and agree that, as a condition of the grant of the RSUs, except as provided for in Section 2 of the Agreement, your termination of employment for any reason (including for the reasons listed below) will automatically result in the forfeiture of any RSUs that have not vested on the date of your termination. In particular, you understand and agree that, unless otherwise provided in the Agreement, the RSUs will be forfeited without entitlement to the underlying shares of Common Stock or to any amount as indemnification in the event of a termination of your employment prior to vesting by reason of, including, but not limited to: resignation, disciplinary dismissal adjudged to be with cause, disciplinary dismissal adjudged or recognized to be without good cause (i.e., subject to a “despido improcedente”), individual or collective layoff on objective grounds, whether adjudged to be with cause or adjudged or recognized to be without cause, material modification of the terms of employment under Article 41 of the Workers’ Statute, relocation under Article 40 of the Workers’ Statute, Article 50 of the Workers’ Statute, unilateral withdrawal by the Employer, and under Article 10.3 of Royal Decree 1382/1985. Furthermore, you understand that the Company has unilaterally, gratuitously and discretionally decided to grant RSUs under the Plan to individuals who may be employees of the Company or a subsidiary. The decision is a limited decision that is entered into upon the express assumption and condition that any grant will not economically or otherwise bind the Company or any subsidiary on an ongoing basis, other than as expressly set forth in the Agreement. Consequently, you understand that the RSUs are granted on the assumption and condition that the RSUs and the shares of Common Stock underlying the RSUs shall not become a part of any employment or service contract (either with the Company, the Employer or any subsidiary) and shall not be considered a mandatory benefit, salary for any purposes (including severance compensation) or any other right whatsoever. In addition, you understand that the RSUs would not be granted to you but for the assumptions and conditions referred to above; thus, you acknowledge and freely accept that, should any or all of the assumptions be mistaken or should any of the conditions not be met for any reason, then any Award of RSUs shall be null and void.

  • Notification of Layoff Except in an instance beyond the control of the Employer, the Employer agrees to give three (3) weeks’ advance notification of layoff and, if possible, to state in the notification the anticipated duration of the layoff. Recall

  • CERTIFICATION REGARDING DRUG-FREE WORKPLACE REQUIREMENTS 1. The Contractor certifies that it will provide a drug-free workplace by: a. Publishing a statement notifying employees that the unlawful manufacture, distribution, dispensing, possession or use of a controlled substance is prohibited in the Contractor’s workplace and specifying the actions that will be taken against employees for violation of such prohibition;

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!