Common use of Breach Notification Clause in Contracts

Breach Notification. a. Each Participant agrees that within one (1) hour of discovering information that leads the Participant to reasonably believe that a Breach may have occurred, it shall alert other Participants whose Message Content may have been Breached and the Coordinating Committee to such information. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Participant shall provide a Notification to all Participants likely impacted by the Breach and the Coordinating Committee of such Breach. The Notification should include sufficient information for the Coordinating Committee to understand the nature of the Breach. For instance, such Notification could include, to the extent available at the time of the Notification, the following information: • One or two sentence description of the Breach • Description of the roles of the people involved in the Breach (e.g. employees, Participant Users, service providers, unauthorized persons, etc.) • The type of Message Content Breached • Participants likely impacted by the Breach • Number of individuals or records impacted/estimated to be impacted by the Breach • Actions taken by the Participant to mitigate the Breach • Current Status of the Breach (under investigation or resolved) • Corrective action taken and steps planned to be taken to prevent a similar Breach. The Participant shall supplement the information contained in the Notification as it becomes available and cooperate with other Participants and the Coordinating Committee in accordance with Section 20(e) of this Agreement. The Notification required by this Section 14.03 shall not include any PHI. If, on the basis of the Notification, a Participant desires to stop Transacting Message Content with the Participant that reported a Breach, it shall stop Transacting Message Content in accordance with Section 12.01(b) of this Agreement. If, on the basis of the notification, the Coordinating Committee determines that (i) the other Participants that have not been notified of the Breach would benefit from a summary of the Notification or (ii) a summary of the Notification to the other Participants would enhance the security of the Performance and Service Specifications, it may provide, in a timely manner, a summary to such Participants that does not identify any of the Participants or individuals involved in the Breach.

Breach Notification. a. Each Participant agrees that within one (1) hour of discovering information that leads the Participant to reasonably believe that a Breach may have occurred, it shall alert other Participants whose Message Content may have been Breached and the Coordinating Committee to such information. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Participant shall provide a Notification to all Participants likely impacted by the Breach and the Coordinating Committee of such Breach. The Notification should include sufficient information for the Coordinating Committee to understand the nature of the Breach. For instance, such Notification could include, to the extent available at the time of the Notification, the following information: •  One or two sentence description of the Breach •  Description of the roles of the people involved in the Breach (e.g. employees, Participant Users, service providers, unauthorized persons, etc.) •  The type of Message Content Breached •  Participants likely impacted by the Breach •  Number of individuals or records impacted/estimated to be impacted by the Breach •  Actions taken by the Participant to mitigate the Breach •  Current Status of the Breach (under investigation or resolved) •  Corrective action taken and steps planned to be taken to prevent a similar Breach. The Participant shall supplement the information contained in the Notification as it becomes available and cooperate with other Participants and the Coordinating Committee in accordance with Section 20(e) of this Agreement. The Notification required by this Section 14.03 shall not include any PHI. If, on the basis of the Notification, a Participant desires to stop Transacting Message Content with the Participant that reported a Breach, it shall stop Transacting Message Content in accordance with Section 12.01(b) of this Agreement. If, on the basis of the notification, the Coordinating Committee determines that (i) the other Participants that have not been notified of the Breach would benefit from a summary of the Notification or (ii) a summary of the Notification to the other Participants would enhance the security of the Performance and Service Specifications, it may provide, in a timely manner, a summary to such Participants that does not identify any of the Participants or individuals involved in the Breach.

Breach Notification. a. Each Participant agrees that within one (1) hour of discovering information that leads the Participant to reasonably believe that a Breach may have occurred, it shall will alert other Participants whose Message Content may have been Breached and the NHIN Coordinating Committee to such information. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Participant shall provide a Notification to will notify all Participants likely impacted by the Breach and the NHIN Coordinating Committee or its designee of such Breach. The Notification notification should include sufficient information for the NHIN Coordinating Committee to understand the nature of the Breach. For instance, such Notification notification could include, to the extent available at the time of the Notificationnotification, the following information: • One or two sentence description of the Breach • Description of the roles of the people involved in the Breach (e.g. employees, Participant Users, service providers, unauthorized persons, etc.) • The type of Message Content Breached • Participants likely impacted by the Breach Xxxxxx • Number of individuals or records impacted/estimated to be impacted by the Breach • Actions taken by the Participant to mitigate the Breach • Current Status of the Breach (under investigation or resolved) • Corrective action taken and steps planned to be taken to prevent a similar Breach. The Participant shall have a duty to supplement the information contained in the Notification notification as it becomes available and cooperate with other Participants and the NHIN Coordinating Committee or its designee in accordance with Section 20(e22(e) of this Agreement. The Notification notification required by this Section 14.03 16.03 shall not include any PHI. If, on the basis of the Notificationnotification, a Participant desires to stop Transacting exchanging Message Content with the Participant that reported a Breach, it shall stop Transacting exchanging Message Content in accordance with Section 12.01(b13.01(b) of this Agreement. If, on the basis of the notification, the NHIN Coordinating Committee or its designee determines that (i) the other Participants that have not been notified of the Breach would benefit from a summary of the Notification or (ii) a summary of the Notification to the other Participants would enhance the security of the Performance and Service Specifications, it may provide, in a timely manner, a summary to such Participants that does not identify any of the Participants or individuals involved in the Breach.notification or

Breach Notification. a. Each Participant agrees that within one (1) hour of discovering information that leads the Participant to reasonably believe that a Breach may have occurred, it shall willshall alert other Participants whose Message Content may have been Breached and the NHIN Coordinating Committee to such information. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Participant shall will notifyshall provide a Notification to all Participants likely impacted by the Breach and the NHIN Coordinating Committee or its designee of such Breach. The Notification notificationNotification should include sufficient information for the NHIN Coordinating Committee to understand the nature of the Breach. For instance, such Notification notificationNotification could include, to the extent available at the time of the NotificationnotificationNotification, the following information: •  One or two sentence description of the Breach •  Description of the roles of the people involved in the Breach (e.g. employees, Participant Users, service providers, unauthorized persons, etc.) •  The type of Message Content Breached •  Participants likely impacted by the Breach •  Number of individuals or records impacted/estimated to be impacted by the Breach •  Actions taken by the Participant to mitigate the Breach •  Current Status of the Breach (under investigation or resolved) •  Corrective action taken and steps planned to be taken to prevent a similar Breach. The Participant shall have a duty to supplement the information contained in the Notification notificationNotification as it becomes available and cooperate with other Participants and the NHIN Coordinating Committee or its designee in accordance with Section 20(e2220(e) of this Agreement. The Notification notificationNotification required by this Section 14.03 16.0314.03 shall not include any PHI. If, on the basis of the NotificationnotificationNotification, a Participant desires to stop Transacting exchangingTransacting Message Content with the Participant that reported a Breach, it shall stop Transacting exchangingTransacting Message Content in accordance with Section 12.01(b13.0112.01(b) of this Agreement. If, on the basis of the notification, the NHIN Coordinating Committee or its designee determines that (i) the other Participants that have not been notified of the Breach would benefit from a summary of the Notification notificationNotification or (ii) a summary of the Notification notificationNotification to the other Participants would enhance the security of the Performance NHINPerformance and Service Specifications, it may provide, in a timely manner, a summary to such Participants that does not identify any of the Participants or individuals involved in the Breach.

Breach Notification. a. Each Participant agrees that within one (1) hour of discovering information that leads the Participant to reasonably believe that a Breach may have occurred, it shall willshall alert other Participants whose Message Content may have been Breached and the NHIN Coordinating Committee to such information. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Participant shall will notifyshall provide a Notification to all Participants likely impacted by the Breach and the NHIN Coordinating Committee or its designee of such Breach. The Notification notificationNotification should include sufficient information for the NHIN Coordinating Committee to understand the nature of the Breach. For instance, such Notification notificationNotification could include, to the extent available at the time of the NotificationnotificationNotification, the following information: • One or two sentence description of the Breach • Description of the roles of the people involved in the Breach (e.g. employees, Participant Users, service providers, unauthorized persons, etc.) • The type of Message Content Breached • Participants likely impacted by the Breach • Number of individuals or records impacted/estimated to be impacted by the Breach • Actions taken by the Participant to mitigate the Breach • Current Status of the Breach (under investigation or resolved) • Corrective action taken and steps planned to be taken to prevent a similar Breach. The Participant shall have a duty to supplement the information contained in the Notification notificationNotification as it becomes available and cooperate with other Participants and the NHIN Coordinating Committee or its designee in accordance with Section 20(e2220(e) of this Agreement. The Notification notificationNotification required by this Section 14.03 16.0314.03 shall not include any PHI. If, on the basis of the NotificationnotificationNotification, a Participant desires to stop Transacting exchangingTransacting Message Content with the Participant that reported a Breach, it shall stop Transacting exchangingTransacting Message Content in accordance with Section 12.01(b13.0112.01(b) of this Agreement. If, on the basis of the notification, the NHIN Coordinating Committee or its designee determines that (i) the other Participants that have not been notified of the Breach would benefit from a summary of the Notification notificationNotification or (ii) a summary of the Notification notificationNotification to the other Participants would enhance the security of the Performance NHINPerformance and Service Specifications, it may provide, in a timely manner, a summary to such Participants that does not identify any of the Participants or individuals involved in the Breach.