Unauthorized Use or Disclosure of PHI. Business Associate agrees to mitigate, to the greatest extent possible, any harm that results from the breach, security incident, or unauthorized access, use or disclosure of PHI by Business Associate or its employees, officers, subcontractors, agents or other representatives. Following a breach, security incident, or any unauthorized access, use or disclosure of PHI, Business Associate agrees to take any and all corrective action necessary to prevent recurrence, to document any such action, and to make this documentation available to Covered Entity. Except as required by law, Business Associate agrees that it will not inform any third party of a breach or unauthorized access, use or disclosure of PHI without obtaining the Covered Entity’s prior written consent. Covered Entity hereby reserves the sole right to determine whether and how such notice is to be provided to any individuals, regulatory agencies, or other as may be require by law. When applicable law requires the breach be reported to a federal or state agency or that notice be given to media outlets, Business Associate shall cooperate with and coordinate with Covered Entity to ensure such reporting is in compliance with applicable law and to prevent duplicate reporting, and to determine responsibilities for reporting. The Business Associate shall report to the Covered Entity any use or disclosure of the PHI not authorized in the Agreement or required by law of which it becomes aware, including any breach as required in Section 164.410 or security incident. In such report, the Business Associate shall:
Appears in 6 contracts
Samples: Services Agreement, Services Agreement, Services Agreement
