Breach Notification Requirements Sample Clauses

Breach Notification Requirements. If the Covered Entity determines a breach of unsecured protected health information by the Business Associate, or its agents or subcontractors has occurred, the Business Associate will be responsible for notifying the individuals whose unsecured protected health information was breached in accordance with HIPAA Regulations. The Business Associate must provide evidence to the Covered Entity that appropriate notifications to individuals and/or media, when necessary, as specified in HIPAA Regulations has occurred. The Business Associate is responsible for all costs associated with notification to individuals, the media or others as well as costs associated with mitigating future breaches. The Business Associate must notify the Secretary of all breaches in accordance with HIPAA Regulations and must provide the Covered Entity with a copy of all notifications made to the Secretary.
AutoNDA by SimpleDocs
Breach Notification Requirements i. In addition to requirements in 5.a above, in the event of a breach or other impermissible use or disclosure by Business Associate of PHI or unsecured PHI, the Business Associate shall be required to notify in writing all affected individuals to include,
Breach Notification Requirements. If the Covered Entity determines a breach of unsecured protected health information by the Business Associate has occurred, the Business Associate will be responsible for notifying the individuals whose unsecured protected health information was breached in accordance with 42 USC 17932 and 45 CFR 164.404 through 164.406. The Business Associate must provide evidence to the Covered Entity that appropriate notifications to individuals and/or media, when necessary, as specified in 45 CFR 164.404 and 45 CFR 164.406 has occurred. The Business Associate is responsible for all costs associated with notification to individuals, the media or others as well as costs associated with mitigating future breaches. The Business Associate must notify the Secretary of all breaches in accordance with 45 CFR 164.408 and must provide the Covered Entity with a copy of all notifications made to the Secretary.
Breach Notification Requirements. 5.1 With respect to any Breach, the Covered Entity shall notify each individual whose Unsecured PHI has been, or is reasonably believed by the Covered Entity to have been, accessed, acquired, used, or disclosed as a result of such Breach, except when law enforcement requires a delay pursuant to 45 CFR §164.412. This notice shall be:
Breach Notification Requirements. 5.1 With respect to any Breach, the Covered Entity shall notify each individual whose Unsecured Protected Health Information has been, or is reasonably believed by the Covered Entity to have been, accessed, acquired, used, or disclosed as a result of such Breach, except when law enforcement requires a delay pursuant to 45 CFR §164.412:
Breach Notification Requirements. If a breach affects 500 individuals, the covered entities must notify the Secretary without unreasonable delay and in o case later than 60 days following a breach. If a breach affects fewer than 500, individuals, the covered entity may notify the Secretary annually. Other uses and disclosures in certain special circumstances.  Public Health Risks - (i.e. vital statistics, child abuse/neglect, exposure to communicable diseases, reporting reactions to drugs or problems with products or devices.)
Breach Notification Requirements. The MRTCs Draft 2 requires that QHINs, Participants, and Participant Members comply with the Breach notification requirements pursuant to the HIPAA Breach Notification Rule at 45 CFR §164.400-414, regardless of whether or not they are a Covered Entity or Business Associate. Further, each QHIN shall notify the RCE, as well as other QHINs, Participants, Participant Members, and Individual Users who may have been affected by the Breach without unreasonable delay and in accordance with Applicable Law. Where applicable, actors in the Common Agreement may be subject to the Federal Trade Commission Health Breach Notification Rule, which applies to a vendor of personal health records (PHRs), a PHR- related entity, or a third-party service provider for a vendor of PHRs or a PHR-related entity. The Breach notification requirements of the Common Agreement do not supplant any HIPAA or FTC breach reporting requirements or responsibilities. Minimum Security Requirements The MRTCs Draft 2 requires that QHINs comply with the HIPAA Privacy and Security Rules as it pertains to EHI. Also, QHINs must evaluate their security program for the protection of Controlled Unclassified Information (CUI), and develop and implement an action plan to comply with the security requirements of the most recently published version of the NIST Special Publication 800-171 (Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations). A CUI category includes EHI. This Publication provides principle guidelines to federal government-wide requirements for CUI, and entities which handle EHI are required to demonstrate the security controls and be compliant with the NIST 800-171 requirements of the most recent publication. In addition, as part of its ongoing security risk analysis and risk management program, QHINs shall review the most recently published version of the HIPAA Security Rule Crosswalk to the NIST Cybersecurity Framework. The NIST Cybersecurity Framework is guidance that was developed with industry for organizations to better manage and reduce cybersecurity risks. Additionally, it was designed to xxxxxx risk and cybersecurity management communications among both internal and external organizational stakeholders. The NIST Cybersecurity Framework is based on existing standards, guidelines, and practices. To the extent the QHIN’s risk analysis identifies any risks, vulnerabilities, or gaps in the QHIN’s compliance with the HIPAA Privacy and Security ...
AutoNDA by SimpleDocs
Breach Notification Requirements. The MRTCs Draft 2 requires that QHINs, Participants, and Participant Members comply with the Breach notification requirements pursuant to the HIPAA Breach Notification Rule at 45 CFR §164.400-414, regardless of whether or not they are a Covered Entity or Business Associate. Further, each QHIN shall notify the RCE, as well as other QHINs, Participants, Participant Members, and Individual Users who may have been affected by the Breach without unreasonable delay and in accordance with Applicable Law. Where applicable, actors in the Common Agreement may be subject to the Federal Trade Commission Health Breach Notification Rule, which applies to a vendor of personal health records (PHRs), a PHR- related entity, or a third-party service provider for a vendor of PHRs or a PHR-related entity. The Breach notification requirements of the Common Agreement do not supplant any HIPAA or FTC breach reporting requirements or responsibilities.
Breach Notification Requirements. 5.1 With respect to any Breach by the Business Associate as provided in Section 2.4 above, the Business Associate shall notify each individual whose Unsecured Protected Health Information has been, or is reasonably believed by the Covered Entity to have been, accessed, acquired, used, or disclosed as a result of such Breach, except when law enforcement requires a delay pursuant to 45 CFR §164.412:
Breach Notification Requirements. (a) For purposes of this Section 5, Business Associate shall have the responsibility, following a suspected Breach by Business Associate, to determine if such Breach constitutes a Breach of Unsecured PHI in accordance with the Breach Notification Rule. Business Associate shall notify the Covered Entity, in writing, within ten (10) business days following Business Associate’s discovery of a Breach of Unsecured PHI.
Time is Money Join Law Insider Premium to draft better contracts faster.