Common use of Unauthorized Use or Disclosure of PHI Clause in Contracts

Unauthorized Use or Disclosure of PHI. Business Associate agrees to mitigate, to the greatest extent possible, any harm that results from the breach, security incident, or unauthorized access, use or disclosure of PHI by Business Associate or its employees, officers, subcontractors, agents or other representatives. Following a breach, security incident, or any unauthorized access, use or disclosure of PHI, Business Associate agrees to take any and all corrective action necessary to prevent recurrence, to document any such action, and to make this documentation available to Covered Entity. Except as required by law, Business Associate agrees that it will not inform any third party of a breach or unauthorized access, use or disclosure of PHI without obtaining the Covered Entity’s prior written consent. Covered Entity hereby reserves the sole right to determine whether and how such notice is to be provided to any individuals, regulatory agencies, or other as may be require by law. When applicable law requires the breach be reported to a federal or state agency or that notice be given to media outlets, Business Associate shall cooperate with and coordinate with Covered Entity to ensure such reporting is in compliance with applicable law and to prevent duplicate reporting, and to determine responsibilities for reporting. The Business Associate shall report to the Covered Entity any use or disclosure of the PHI not authorized in the Agreement or required by law of which it becomes aware, including any breach as required in Section 164.410 or security incident. In such report, the Business Associate shall: A. Identify the nature of the unauthorized use or disclosure; B. Identify the PHI used or disclosed; C. Identify who made the unauthorized use or received the unauthorized disclosure; D. Identify what the Business Associate has done or will do to mitigate any negative effects of the unauthorized use or disclosure; E. Identify what corrective action the Business Associate has taken or shall take to prevent future similar unauthorized use or disclosure; and F. Provide such other information, including a written report, as reasonably requested by the Covered Entity.

Appears in 6 contracts

Samples: Services Agreement, Services Agreement, Services Agreement

AutoNDA by SimpleDocs
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!