{"component": "clause", "props": {"groups": [{"size": 34, "snippet_links": [{"key": "hipaa-breach", "type": "definition", "offset": [41, 53]}, {"key": "security-breach", "type": "clause", "offset": [60, 75]}, {"key": "in-section-2", "type": "clause", "offset": [87, 99]}, {"key": "the-term", "type": "definition", "offset": [138, 146]}, {"key": "to-the-extent", "type": "clause", "offset": [215, 228]}, {"key": "submitted-by", "type": "definition", "offset": [250, 262]}, {"key": "the-parties-agree-that", "type": "clause", "offset": [287, 309]}, {"key": "the-party", "type": "clause", "offset": [368, 377]}, {"key": "other-party", "type": "definition", "offset": [452, 463]}, {"key": "provide-a", "type": "definition", "offset": [603, 612]}, {"key": "notification-to", "type": "clause", "offset": [613, 628]}, {"key": "sufficient-information", "type": "definition", "offset": [678, 700]}, {"key": "nature-of-the", "type": "clause", "offset": [739, 752]}, {"key": "time-of-the", "type": "clause", "offset": [839, 850]}, {"key": "description-of-the", "type": "definition", "offset": [915, 933]}, {"key": "the-people", "type": "definition", "offset": [972, 982]}, {"key": "authorized-users", "type": "definition", "offset": [1023, 1039]}, {"key": "service-providers", "type": "definition", "offset": [1041, 1058]}, {"key": "unauthorized-persons", "type": "clause", "offset": [1060, 1080]}, {"key": "type-of-data", "type": "clause", "offset": [1095, 1107]}, {"key": "number-of", "type": "definition", "offset": [1164, 1173]}, {"key": "actions-taken", "type": "clause", "offset": [1248, 1261]}, {"key": "to-mitigate", "type": "definition", "offset": [1279, 1290]}, {"key": "status-of-the", "type": "clause", "offset": [1313, 1326]}, {"key": "under-investigation", "type": "definition", "offset": [1335, 1354]}, {"key": "action-taken", "type": "definition", "offset": [1382, 1394]}, {"key": "the-information", "type": "clause", "offset": [1505, 1520]}, {"key": "contained-in", "type": "definition", "offset": [1521, 1533]}, {"key": "cooperate-with", "type": "clause", "offset": [1579, 1593]}, {"key": "in-accordance-with", "type": "definition", "offset": [1610, 1628]}, {"key": "this-agreement", "type": "clause", "offset": [1642, 1656]}, {"key": "required-by", "type": "definition", "offset": [1675, 1686]}, {"key": "basis-of", "type": "clause", "offset": [1744, 1752]}, {"key": "summary-of-the", "type": "clause", "offset": [1879, 1893]}, {"key": "security-of", "type": "clause", "offset": [1987, 1998]}, {"key": "in-a-timely-manner", "type": "definition", "offset": [2032, 2050]}, {"key": "individuals-involved", "type": "clause", "offset": [2115, 2135]}, {"key": "by-either-party", "type": "clause", "offset": [2175, 2190]}, {"key": "confidential-information", "type": "definition", "offset": [2237, 2261]}, {"key": "section-12", "type": "clause", "offset": [2332, 2342]}], "samples": [{"hash": "jWQdPWfnEEe", "uri": "/contracts/jWQdPWfnEEe#breach-notification", "label": "Nc Hiea Participation Agreement", "score": 26.1704311371, "published": true}, {"hash": "czzwgukO9Z", "uri": "/contracts/czzwgukO9Z#breach-notification", "label": "Nc Hiea Participation Agreement", "score": 26.1704311371, "published": true}, {"hash": "h7vstfvmhBw", "uri": "/contracts/h7vstfvmhBw#breach-notification", "label": "Nc Hiea Participation Agreement", "score": 24.74127388, "published": true}], "snippet": "The following provisions apply to both a HIPAA Breach and a Security Breach as defined in Section 2 (Definitions). For this Section only, the term \u201cBreach\u201d refers to either a HIPAA Breach or a Security Breach, each to the extent they affect HIE Data submitted by Submitter hereunder.\na. The Parties agree that within one (1) hour of discovering information that leads the Party to reasonably believe that a Breach may have occurred, it shall alert the other Party. As soon as reasonably practicable, but no later than twenty-four (24) hours after determining that a Breach has occurred, the Party shall provide a Notification to the other Party. The Notification should include sufficient information for the other Party to understand the nature of the Breach. For instance, such Notification could include, to the extent available at the time of the Notification, the following information:\n1. One or two sentence description of the Breach\n2. Description of the roles of the people involved in the Breach (e.g. employees, Authorized Users, service providers, unauthorized persons, etc.)\n3. The type of data Breached\n4. Submitters likely impacted by the Breach\n5. Number of individuals or records impacted/estimated to be impacted by the Breach\n6. Actions taken by the Submitter to mitigate the Breach\n7. Current Status of the Breach (under investigation or resolved)\n8. Corrective action taken and steps planned to be taken to prevent a similar Breach.\nb. The Party reporting the Breach shall supplement the information contained in the Notification as it becomes available and cooperate with the other Party in accordance with Section 1 of this Agreement. The Notification required by this Section 10.02 shall not include any PHI. If, on the basis of the Notification, NC HIEA determines that (i) other Submitters that have not been notified of the Breach would benefit from a summary of the Notification or (ii) a summary of the Notification to the other Submitters would enhance the security of NC HealthConnex, it may provide, in a timely manner, a summary to such Submitters that does not identify any of the individuals involved in the Breach.\nc. Information provided by either Party in accordance with this Section 10.02 may be \u201cConfidential Information.\u201d Such \u201cConfidential Information\u201d shall be treated in accordance with Section 12.", "hash": "3ffafd12a395bcef0e8e02b1605c6011", "id": 3}, {"size": 86, "snippet_links": [{"key": "breach-of-unsecured-phi", "type": "definition", "offset": [21, 44]}, {"key": "security-of-phi", "type": "clause", "offset": [91, 106]}, {"key": "business-associate", "type": "clause", "offset": [153, 171]}, {"key": "state-or-federal-law", "type": "definition", "offset": [207, 227]}, {"key": "business-day", "type": "definition", "offset": [283, 295]}, {"key": "by-telephone", "type": "definition", "offset": [296, 308]}, {"key": "in-writing", "type": "definition", "offset": [313, 323]}, {"key": "use-or-disclosure-of-phi", "type": "clause", "offset": [352, 376]}, {"key": "not-allowed", "type": "clause", "offset": [377, 388]}, {"key": "the-provisions-of-this", "type": "clause", "offset": [392, 414]}, {"key": "authorized-by", "type": "definition", "offset": [431, 444]}, {"key": "hipaa-rules", "type": "definition", "offset": [445, 456]}, {"key": "required-by-law", "type": "clause", "offset": [460, 475]}, {"key": "the-security", "type": "clause", "offset": [532, 544]}, {"key": "protected-health-information", "type": "clause", "offset": [563, 591]}, {"key": "notify-the", "type": "clause", "offset": [663, 673]}, {"key": "dshs-contact", "type": "definition", "offset": [674, 686]}, {"key": "page-of", "type": "clause", "offset": [706, 713]}, {"key": "breach-of-security", "type": "clause", "offset": [796, 814]}, {"key": "privacy-of-phi", "type": "clause", "offset": [818, 832]}, {"key": "the-business", "type": "clause", "offset": [836, 848]}, {"key": "written-explanation", "type": "clause", "offset": [978, 997]}, {"key": "date-and-time-of-the-breach", "type": "clause", "offset": [1039, 1066]}, {"key": "nature-of-the", "type": "clause", "offset": [1109, 1122]}, {"key": "type-of", "type": "definition", "offset": [1128, 1135]}, {"key": "associated-with", "type": "definition", "offset": [1218, 1233]}, {"key": "description-of-the", "type": "definition", "offset": [1255, 1273]}, {"key": "telephone-number", "type": "definition", "offset": [1335, 1351]}, {"key": "fax-number", "type": "definition", "offset": [1353, 1363]}, {"key": "the-individual", "type": "clause", "offset": [1379, 1393]}, {"key": "primary-point-of-contact", "type": "definition", "offset": [1420, 1444]}, {"key": "cooperate-with", "type": "clause", "offset": [1553, 1567]}, {"key": "a-copy-of", "type": "clause", "offset": [1584, 1593]}, {"key": "requested-by", "type": "clause", "offset": [1634, 1646]}, {"key": "copies-of", "type": "clause", "offset": [1671, 1680]}, {"key": "notifications-required", "type": "clause", "offset": [1685, 1707]}, {"key": "responsible-for", "type": "clause", "offset": [1885, 1900]}, {"key": "notification-of-individuals", "type": "clause", "offset": [1942, 1969]}, {"key": "notification-to-individuals", "type": "clause", "offset": [1994, 2021]}, {"key": "responsibility-and-costs", "type": "clause", "offset": [2053, 2077]}, {"key": "affected-individuals", "type": "definition", "offset": [2096, 2116]}, {"key": "requests-for-additional-information", "type": "clause", "offset": [2181, 2216]}, {"key": "the-media", "type": "clause", "offset": [2248, 2257]}, {"key": "to-media", "type": "clause", "offset": [2417, 2425]}, {"key": "the-us", "type": "clause", "offset": [2506, 2513]}, {"key": "department-of-health-and-human-services", "type": "definition", "offset": [2515, 2554]}, {"key": "notification-to-the-secretary", "type": "clause", "offset": [2589, 2618]}, {"key": "responding-to-the", "type": "clause", "offset": [2721, 2738]}, {"key": "remedial-measures", "type": "definition", "offset": [2836, 2853]}, {"key": "termination-of-this-contract", "type": "clause", "offset": [2860, 2888]}], "samples": [{"hash": "PpA8DTrRdV", "uri": "/contracts/PpA8DTrRdV#breach-notification", "label": "Services Contract", "score": 35.3527908325, "published": true}, {"hash": "8dEzVBevAs1", "uri": "/contracts/8dEzVBevAs1#breach-notification", "label": "Services Agreement", "score": 35.0084152222, "published": true}, {"hash": "5TxI27rCPcv", "uri": "/contracts/5TxI27rCPcv#breach-notification", "label": "It Services Contract", "score": 34.7602767944, "published": true}], "snippet": "a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.\nb. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).\nc. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.\nd. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:\n(1) requiring notification of Individuals under 45 CFR \u00a7 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals\u2019 questions or requests for additional information;\n(2) requiring notification of the media under 45 CFR \u00a7 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;\n(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR \u00a7 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary\u2019s questions or requests for additional information; and\n(4) DSHS will take appropriate remedial measures up to termination of this Contract.", "hash": "1758c509f6e0e7ba38ed32886b33a4b8", "id": 1}, {"size": 19, "snippet_links": [{"key": "personal-data-breach", "type": "definition", "offset": [26, 46]}, {"key": "licensor-will", "type": "clause", "offset": [48, 61]}, {"key": "without-undue-delay", "type": "definition", "offset": [75, 94]}, {"key": "nature-of-the-data", "type": "clause", "offset": [107, 125]}, {"key": "categories-of-data-subjects", "type": "clause", "offset": [153, 180]}, {"key": "data-records", "type": "definition", "offset": [185, 197]}, {"key": "contact-details", "type": "definition", "offset": [229, 244]}, {"key": "the-relevant", "type": "clause", "offset": [249, 261]}, {"key": "contact-person", "type": "clause", "offset": [262, 276]}], "samples": [{"hash": "kTXnCSphMMp", "uri": "/contracts/kTXnCSphMMp#breach-notification", "label": "Standard Contract for Aws Marketplace", "score": 33.1330299377, "published": true}, {"hash": "7A9fUVWlkHj", "uri": "/contracts/7A9fUVWlkHj#breach-notification", "label": "Saas Services Agreement", "score": 31.8875274658, "published": true}, {"hash": "1vosHAg8dHw", "uri": "/contracts/1vosHAg8dHw#breach-notification", "label": "Managed Services Contract", "score": 31.5392436981, "published": true}], "snippet": "After becoming aware of a Personal Data breach, Licensor will notify Buyer without undue delay of: (a) the nature of the data breach; (b) the number and categories of data subjects and data records affected; and (c) the name and contact details for the relevant contact person at Licensor.", "hash": "2d86e8c41a9c06bf1b0ee45a18e6c2b3", "id": 6}, {"size": 23, "snippet_links": [{"key": "in-the-event-of", "type": "definition", "offset": [0, 15]}, {"key": "disclosure-of", "type": "clause", "offset": [40, 53]}, {"key": "part-2", "type": "clause", "offset": [54, 60]}, {"key": "protected-information", "type": "clause", "offset": [61, 82]}, {"key": "business-associate", "type": "clause", "offset": [84, 102]}, {"key": "comply-with", "type": "definition", "offset": [108, 119]}, {"key": "this-addendum", "type": "definition", "offset": [139, 152]}], "samples": [{"hash": "A8Z2DruOfA", "uri": "/contracts/A8Z2DruOfA#breach-notification", "label": "Agreement for Special Services", "score": 36.5167694092, "published": true}, {"hash": "g35dmch1iEF", "uri": "/contracts/g35dmch1iEF#breach-notification", "label": "Agreement for Special Services", "score": 36.4552307129, "published": true}, {"hash": "hOOj5zXQ3av", "uri": "/contracts/hOOj5zXQ3av#breach-notification", "label": "Contract No. 2020243", "score": 36.4019546509, "published": true}], "snippet": "In the event of any unauthorized use or disclosure of Part 2 protected information, Business Associate will comply with section II.2.J. of this Addendum.", "hash": "a6f85fb0a172718c1268ee7f82c72c0c", "id": 5}, {"size": 19, "snippet_links": [{"key": "contractor-shall", "type": "clause", "offset": [5, 21]}, {"key": "the-county", "type": "clause", "offset": [29, 39]}, {"key": "contract-administrator", "type": "clause", "offset": [42, 64]}, {"key": "county-data", "type": "clause", "offset": [90, 101]}, {"key": "data-incident", "type": "definition", "offset": [109, 122]}, {"key": "security-of", "type": "clause", "offset": [164, 175]}, {"key": "data-systems", "type": "definition", "offset": [183, 195]}, {"key": "hours-of", "type": "clause", "offset": [225, 233]}, {"key": "in-accordance-with", "type": "definition", "offset": [258, 276]}, {"key": "department-of-social-services", "type": "definition", "offset": [292, 321]}, {"key": "providing-services", "type": "clause", "offset": [346, 364]}, {"key": "the-requirements", "type": "clause", "offset": [413, 429]}, {"key": "manual-of-policies-and-procedures", "type": "definition", "offset": [438, 471]}, {"key": "this-agreement", "type": "clause", "offset": [520, 534]}, {"key": "all-requirements", "type": "clause", "offset": [560, 576]}, {"key": "develop-and-implement", "type": "clause", "offset": [697, 718]}, {"key": "as-required-by", "type": "clause", "offset": [827, 841]}, {"key": "not-limited", "type": "clause", "offset": [881, 892]}, {"key": "other-disabilities", "type": "definition", "offset": [975, 993]}, {"key": "language-services", "type": "clause", "offset": [1007, 1024]}, {"key": "services-and", "type": "clause", "offset": [1080, 1092]}, {"key": "written-information", "type": "definition", "offset": [1097, 1116]}, {"key": "contractor-staff-training", "type": "clause", "offset": [1223, 1248]}, {"key": "cultural-awareness", "type": "definition", "offset": [1273, 1291]}, {"key": "title-vi-of-the-civil-rights-act-of-1964", "type": "clause", "offset": [1435, 1475]}, {"key": "as-amended", "type": "definition", "offset": [1477, 1487]}, {"key": "section-504-of-the-rehabilitation-act-of-1973", "type": "clause", "offset": [1489, 1534]}, {"key": "the-age-discrimination-act-of-1975", "type": "clause", "offset": [1548, 1582]}, {"key": "act-of-1977", "type": "definition", "offset": [1611, 1622]}, {"key": "in-particular", "type": "clause", "offset": [1640, 1653]}, {"key": "title-ii", "type": "definition", "offset": [1669, 1677]}, {"key": "americans-with-disabilities-act-of-1990", "type": "definition", "offset": [1685, 1724]}, {"key": "california-civil-code", "type": "clause", "offset": [1726, 1747]}, {"key": "government-code", "type": "clause", "offset": [1792, 1807]}, {"key": "the-\u2587", "type": "clause", "offset": [1976, 1981]}, {"key": "services-act", "type": "definition", "offset": [2008, 2020]}, {"key": "section-1808", "type": "clause", "offset": [2022, 2034]}, {"key": "removal-of-barriers", "type": "clause", "offset": [2042, 2061]}, {"key": "act-of-1996", "type": "definition", "offset": [2087, 2098]}, {"key": "applicable-federal-and-state-laws", "type": "clause", "offset": [2110, 2143]}, {"key": "implementing-regulations", "type": "definition", "offset": [2162, 2186]}, {"key": "code-of-federal-regulations", "type": "definition", "offset": [2201, 2228]}, {"key": "cfr-part", "type": "clause", "offset": [2259, 2267]}, {"key": "employment-practices", "type": "clause", "offset": [2310, 2330]}, {"key": "administration-of", "type": "clause", "offset": [2339, 2356]}, {"key": "public-assistance-and-social-services-programs", "type": "definition", "offset": [2357, 2403]}, {"key": "no-person-shall", "type": "clause", "offset": [2446, 2461]}, {"key": "national-origin", "type": "definition", "offset": [2502, 2517]}, {"key": "marital-status", "type": "clause", "offset": [2525, 2539]}, {"key": "benefits-of", "type": "clause", "offset": [2626, 2637]}, {"key": "subject-to", "type": "definition", "offset": [2655, 2665]}, {"key": "program-or-activity", "type": "definition", "offset": [2691, 2710]}, {"key": "state-financial-assistance", "type": "clause", "offset": [2732, 2758]}, {"key": "in-consideration-of", "type": "clause", "offset": [2894, 2913]}, {"key": "for-the-purpose-of", "type": "definition", "offset": [2918, 2936]}, {"key": "and-the-contractor", "type": "clause", "offset": [2989, 3007]}, {"key": "effect-of", "type": "clause", "offset": [3085, 3094]}, {"key": "objectives-of-the", "type": "clause", "offset": [3153, 3170]}, {"key": "by-accepting", "type": "clause", "offset": [3291, 3303]}, {"key": "contractor-agrees-to", "type": "clause", "offset": [3324, 3344]}, {"key": "maintain-records", "type": "definition", "offset": [3359, 3375]}, {"key": "enforcement-of", "type": "clause", "offset": [3428, 3442]}, {"key": "rules-and-regulations", "type": "definition", "offset": [3468, 3489]}, {"key": "government-personnel", "type": "clause", "offset": [3532, 3552]}, {"key": "during-normal-working-hours", "type": "clause", "offset": [3554, 3581]}, {"key": "books-and-accounts", "type": "clause", "offset": [3607, 3625]}, {"key": "as-needed", "type": "clause", "offset": [3626, 3635]}, {"key": "right-to-invoke", "type": "clause", "offset": [3728, 3743]}, {"key": "other-legal-remedies", "type": "clause", "offset": [3764, 3784]}, {"key": "code-section", "type": "definition", "offset": [3829, 3841]}, {"key": "other-laws", "type": "clause", "offset": [3898, 3908]}, {"key": "the-issue", "type": "clause", "offset": [3913, 3922]}, {"key": "federal-agency", "type": "clause", "offset": [3958, 3972]}, {"key": "compliance-action", "type": "definition", "offset": [3985, 4002]}, {"key": "and-enforcement", "type": "clause", "offset": [4003, 4018]}, {"key": "provider-services", "type": "definition", "offset": [4130, 4147]}, {"key": "federal-or-state-assistance", "type": "clause", "offset": [4172, 4199]}], "samples": [{"hash": "99XHjUN5jTS", "uri": "/contracts/99XHjUN5jTS#breach-notification", "label": "Contract for Services", "score": 34.1938400269, "published": true}, {"hash": "gbv1f6ixjS1", "uri": "/contracts/gbv1f6ixjS1#breach-notification", "label": "Contract for Services", "score": 34.1562805176, "published": true}, {"hash": "1OlWtbATCiU", "uri": "/contracts/1OlWtbATCiU#breach-notification", "label": "Contract for Services", "score": 33.912147522, "published": true}], "snippet": "5.1. CONTRACTOR shall notify the COUNTY\u2019s contract administrator concerning any breach of COUNTY data or any data incident involving CONTRACTOR\u2019s data in which the security of COUNTY data systems may be compromised within 24 hours of the breach or incident. In accordance with the California Department of Social Services (CDSS), all contractors providing services funded through CDSS are required to comply with the requirements of CDSS Manual of Policies and Procedures, Division 21. CONTRACTOR shall, concurrent with this Agreement, execute and comply with all requirements contained herein. CONTRACTOR and CONTRACT ADMINISTRATOR shall, with oversight from the COUNTY Civil Rights Coordinator, develop and implement a plan to allow COUNTY to monitor CONTRACTOR\u2019S non-discrimination and civil rights policies and procedures, as required by CDSS. Monitoring shall include, but is not limited to: accommodation of individuals with hearing impairments, visual impairments and other disabilities; appropriate language services, including bilingual interpreters available to provide services and how written information is effectively communicated to non- English-speaking and limited-English-proficient individuals; adequate CONTRACTOR staff training in the civil rights and cultural awareness requirements of Division 21; and procedures on informing participants of their civil rights. CONTRACTOR hereby agrees that it will comply with Title VI of the Civil Rights Act of 1964, as amended; Section 504 of the Rehabilitation Act of 1973, as amended; the Age Discrimination Act of 1975, as amended; the Food Stamp Act of 1977, as amended, and in particular Section 272.6; Title II of the Americans with Disabilities Act of 1990; California Civil Code, Section 51 et seq., as amended; California Government Code, Section 11135-11139.5, as amended; California Government Code, Section 12940(c), (h)(1), (i), and (j); California Government Code, Section 4450; 2 CCR \u00a711140 \u2013 11200; the \u2587\u2587\u2587\u2587\u2587\u2587\u2587- \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587 Bilingual Services Act; Section 1808 of the Removal of Barriers to Inter Ethnic Adoption Act of 1996, and other applicable federal and state laws, as well as their implementing regulations [including 45 Code of Federal Regulations (CFR) Parts 80, 84, and 91; 7 CFR Part 15; and 28 CFR Part 35], by ensuring that employment practices and the administration of public assistance and social services programs are nondiscriminatory, to the effect that no person shall because of age, sex, color, disability, national origin, race, marital status, religion or political affiliation be excluded from participation in or be denied the benefits of, or be otherwise subject to discrimination under any program or activity receiving federal or state financial assistance; and hereby gives assurance that it will immediately take any measures necessary to effectuate this Agreement. This assurance is given in consideration of and for the purpose of obtaining any and all federal and state assistance; and the CONTRACTOR hereby gives assurance that administrative methods/procedures which have the effect of subjecting individuals to discrimination or defeating the objectives of the California Department of Social Services (CDSS) Manual of Policies and Procedures (MPP) Chapter 21, will be prohibited. By accepting this assurance, the CONTRACTOR agrees to compile data, maintain records and submit reports as required, to permit effective enforcement of the aforementioned laws, rules and regulations and permit authorized CDSS and/or federal government personnel, during normal working hours, to review such records, books and accounts as needed to ascertain compliance. If there are any violations of this assurance, CDSS shall have the right to invoke fiscal sanctions or other legal remedies in accordance with Welfare and Institutions Code Section 10605, or Government Code Section 11135-11139.5, or any other laws, or the issue may be referred to the appropriate federal agency for further compliance action and enforcement of this assurance. This assurance is binding on the CONTRACTOR directly or through contract, license, or other provider services, as long as it receives federal or state assistance.", "hash": "9442d3a12d6816e5b519da2e958f6689", "id": 7}, {"size": 15, "snippet_links": [{"key": "issued-by", "type": "definition", "offset": [80, 89]}, {"key": "the-agency", "type": "clause", "offset": [98, 108]}, {"key": "risk-of-harm", "type": "definition", "offset": [157, 169]}, {"key": "notification-to", "type": "clause", "offset": [179, 194]}, {"key": "affected-individuals", "type": "definition", "offset": [195, 215]}, {"key": "other-remedies", "type": "clause", "offset": [219, 233]}, {"key": "agency-will", "type": "clause", "offset": [240, 251]}, {"key": "other-agency", "type": "definition", "offset": [297, 309]}], "samples": [{"hash": "7FjtWPuyZt1", "uri": "/contracts/7FjtWPuyZt1#breach-notification", "label": "Computer Matching Agreement", "score": 28.6163730621, "published": true}, {"hash": "gkI0pdeG9Lo", "uri": "/contracts/gkI0pdeG9Lo#breach-notification", "label": "Computer Matching Agreement", "score": 26.6191101074, "published": true}, {"hash": "aBG2aXJ0PQ4", "uri": "/contracts/aBG2aXJ0PQ4#breach-notification", "label": "Computer Matching Agreement", "score": 26.6191101074, "published": true}], "snippet": "SSA and OPM will follow PII breach notification policies and related procedures issued by OMB. If the agency that experienced the breach determines that the risk of harm requires notification to affected individuals or other remedies, that agency will carry out these remedies without cost to the other agency.", "hash": "7bbc87a1374183210855a45d920691a3", "id": 9}, {"size": 25, "snippet_links": [{"key": "business-associate-agrees-to", "type": "clause", "offset": [0, 28]}, {"key": "the-requirements", "type": "clause", "offset": [128, 144]}, {"key": "the-hitech-act", "type": "definition", "offset": [174, 188]}, {"key": "the-regulations", "type": "clause", "offset": [193, 208]}, {"key": "part-164", "type": "clause", "offset": [262, 270]}, {"key": "title-45", "type": "definition", "offset": [274, 282]}, {"key": "code-of-federal-regulations", "type": "definition", "offset": [290, 317]}, {"key": "access-to-information-systems", "type": "clause", "offset": [384, 413]}, {"key": "to-mitigate", "type": "definition", "offset": [471, 482]}, {"key": "use-or-disclosure-of-phi-by-business-associate", "type": "clause", "offset": [516, 562]}, {"key": "notify-covered-entity", "type": "clause", "offset": [596, 617]}, {"key": "suspected-breach", "type": "definition", "offset": [663, 679]}, {"key": "related-to", "type": "clause", "offset": [696, 706]}, {"key": "electronic-systems", "type": "definition", "offset": [747, 765]}, {"key": "without-limitation", "type": "clause", "offset": [806, 824]}, {"key": "security-incident", "type": "clause", "offset": [830, 847]}, {"key": "terms-of-this-agreement", "type": "clause", "offset": [966, 989]}, {"key": "reason-to-suspect", "type": "definition", "offset": [1030, 1047]}, {"key": "prior-to", "type": "clause", "offset": [1098, 1106]}, {"key": "the-process", "type": "clause", "offset": [1117, 1128]}, {"key": "the-scope", "type": "clause", "offset": [1187, 1196]}, {"key": "risk-of-harm", "type": "definition", "offset": [1251, 1263]}, {"key": "in-this-agreement", "type": "definition", "offset": [1362, 1379]}, {"key": "discovery-of-a-breach", "type": "definition", "offset": [1386, 1407]}, {"key": "business-associate-shall", "type": "definition", "offset": [1431, 1455]}, {"key": "prompt-corrective-action", "type": "clause", "offset": [1465, 1489]}, {"key": "operating-environment", "type": "clause", "offset": [1567, 1588]}, {"key": "any-action", "type": "definition", "offset": [1598, 1608]}, {"key": "pertaining-to", "type": "definition", "offset": [1609, 1622]}, {"key": "required-by", "type": "definition", "offset": [1652, 1663]}, {"key": "federal-and-state-laws-and-regulations", "type": "clause", "offset": [1675, 1713]}, {"key": "in-the-event-of", "type": "definition", "offset": [1718, 1733]}, {"key": "to-covered-entity", "type": "clause", "offset": [1794, 1811]}, {"key": "in-writing", "type": "definition", "offset": [1813, 1823]}, {"key": "concerning-the", "type": "clause", "offset": [1838, 1852]}, {"key": "cooperate-with", "type": "clause", "offset": [1903, 1917]}, {"key": "law-enforcement", "type": "clause", "offset": [1953, 1968]}, {"key": "to-assist", "type": "clause", "offset": [1969, 1978]}, {"key": "possession-of", "type": "clause", "offset": [1992, 2005]}, {"key": "unauthorized-use", "type": "definition", "offset": [2049, 2065]}, {"key": "remedial-actions", "type": "clause", "offset": [2090, 2106]}, {"key": "by-covered-entity", "type": "clause", "offset": [2126, 2143]}, {"key": "further-incidents", "type": "clause", "offset": [2164, 2181]}, {"key": "obligations-under-this-agreement", "type": "clause", "offset": [2348, 2380]}, {"key": "direct-and-indirect-costs", "type": "clause", "offset": [2427, 2452]}, {"key": "associated-with", "type": "definition", "offset": [2453, 2468]}, {"key": "such-determination", "type": "definition", "offset": [2469, 2487]}, {"key": "affected-individuals", "type": "definition", "offset": [2575, 2595]}, {"key": "fraud-monitoring", "type": "clause", "offset": [2607, 2623]}, {"key": "other-services", "type": "definition", "offset": [2627, 2641]}, {"key": "forensic-analysis", "type": "definition", "offset": [2674, 2691]}, {"key": "determine-the", "type": "clause", "offset": [2704, 2717]}, {"key": "scope-of-the", "type": "clause", "offset": [2718, 2730]}, {"key": "notice-provided", "type": "clause", "offset": [2797, 2812]}, {"key": "incident-to", "type": "definition", "offset": [2877, 2888]}, {"key": "to-the-extent", "type": "clause", "offset": [2898, 2911]}, {"key": "as-soon-as-possible", "type": "definition", "offset": [2925, 2944]}, {"key": "cooperation-with", "type": "clause", "offset": [2956, 2972]}, {"key": "the-individual", "type": "clause", "offset": [3268, 3282]}, {"key": "pursuant-to", "type": "clause", "offset": [3283, 3294]}, {"key": "brief-description", "type": "clause", "offset": [3323, 3340]}, {"key": "date-of-discovery", "type": "definition", "offset": [3402, 3419]}, {"key": "description-of-the", "type": "definition", "offset": [3453, 3471]}, {"key": "types-of", "type": "clause", "offset": [3472, 3480]}, {"key": "social-security-number", "type": "definition", "offset": [3536, 3558]}, {"key": "date-of-birth", "type": "definition", "offset": [3571, 3584]}, {"key": "potential-harm", "type": "definition", "offset": [3676, 3690]}, {"key": "resulting-from-the", "type": "clause", "offset": [3691, 3709]}, {"key": "contact-procedures", "type": "clause", "offset": [3858, 3876]}, {"key": "for-individuals", "type": "clause", "offset": [3877, 3892]}, {"key": "ask-questions", "type": "clause", "offset": [3896, 3909]}, {"key": "information-which", "type": "clause", "offset": [3930, 3947]}, {"key": "an-e", "type": "clause", "offset": [3982, 3986]}, {"key": "mail-address", "type": "definition", "offset": [3987, 3999]}, {"key": "web-site", "type": "clause", "offset": [4001, 4009]}, {"key": "postal-address", "type": "definition", "offset": [4014, 4028]}, {"key": "to-establish", "type": "clause", "offset": [4131, 4143]}, {"key": "at-the-time", "type": "definition", "offset": [4244, 4255]}, {"key": "the-information", "type": "clause", "offset": [4256, 4271]}, {"key": "available-to", "type": "definition", "offset": [4280, 4292]}, {"key": "responsible-for", "type": "clause", "offset": [4450, 4465]}, {"key": "reporting-of", "type": "clause", "offset": [4479, 4491]}, {"key": "as-specified", "type": "clause", "offset": [4503, 4515]}, {"key": "implementing-regulations", "type": "definition", "offset": [4551, 4575]}, {"key": "notification-to-media", "type": "clause", "offset": [4608, 4629]}, {"key": "the-secretary", "type": "clause", "offset": [4645, 4658]}, {"key": "department-of-health", "type": "definition", "offset": [4666, 4686]}, {"key": "human-services", "type": "definition", "offset": [4689, 4703]}, {"key": "breach-of-unsecured-phi", "type": "definition", "offset": [4710, 4733]}, {"key": "the-state-of-california", "type": "clause", "offset": [4770, 4793]}, {"key": "notify-the", "type": "clause", "offset": [4840, 4850]}, {"key": "immediately-upon-discovery", "type": "clause", "offset": [4875, 4901]}, {"key": "reason-to-believe", "type": "definition", "offset": [4943, 4960]}, {"key": "in-addition-to", "type": "clause", "offset": [5125, 5139]}, {"key": "covered-entity-and-business-associate", "type": "clause", "offset": [5212, 5249]}, {"key": "appropriate-action", "type": "definition", "offset": [5259, 5277]}], "samples": [{"hash": "zfad9olbBX", "uri": "/contracts/zfad9olbBX#breach-notification", "label": "Administration of the Small Business Health Options Program (Shop)", "score": 23.824962616, "published": true}, {"hash": "l0Q6HgBv8oZ", "uri": "/contracts/l0Q6HgBv8oZ#breach-notification", "label": "Administration Agreement", "score": 23.7658309937, "published": true}, {"hash": "brSkAZb1E62", "uri": "/contracts/brSkAZb1E62#breach-notification", "label": "Model Contract", "score": 23.0667133331, "published": true}], "snippet": "Business Associate agrees to implement response programs and record-keeping systems to enable Business Associate to comply with the requirements of this Section and 13402 of the HITECH Act and the regulations implementing such provisions, currently Subpart D of Part 164 of Title 45 of the Code of Federal Regulations, when Business Associate detects or becomes aware of unauthorized access to information systems or documents that contain PHI. Business Associate agrees to mitigate any effects of the inappropriate use or disclosure of PHI by Business Associate.\na) Business Associate agrees to notify Covered Entity, by facsimile or telephone, of any breach or suspected breach of its security related to areas, locations, systems, documents or electronic systems which contain unsecured PHI, including, without limitation, any Security Incident, instance of theft, fraud, deception, malfeasance, or use, access or disclosure of PHI which is inconsistent with the terms of this Agreement (an \"Incident\") immediately upon having reason to suspect that an Incident may have occurred, and typically prior to beginning the process of verifying that an Incident has occurred or determining the scope of any such Incident, and regardless of the potential risk of harm posed by the Incident. Notice shall be provided to the Covered Entity\u2019s representative designated in this Agreement. Upon discovery of a breach or suspected Incident, Business Associate shall take:\ni. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment; and\nii. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations.\nb) In the event of any such Incident, Business Associate shall further provide to Covered Entity, in writing, such details concerning the Incident as Covered Entity may request, and shall cooperate with Covered Entity, its regulators and law enforcement to assist in regaining possession of such unsecured PHI and prevent its further unauthorized use, and take any necessary remedial actions as may be required by Covered Entity to prevent other or further Incidents.\nc) If Covered Entity determines that it may need to notify any Individual(s) as a result of such Incident that is attributable to Business Associate's breach of its obligations under this Agreement, Business Associate shall bear all reasonable direct and indirect costs associated with such determination including, without limitation, the costs associated with providing notification to the affected Individuals, providing fraud monitoring or other services to affected Individuals and any forensic analysis required to determine the scope of the Incident.\nd) In addition, Business Associate agrees to update the notice provided to Covered Entity under Section 12(a) of this Agreement of such Incident to include, to the extent possible and as soon as possible working in cooperation with Covered Entity, the identification of each Individual whose unsecured PHI has been, or is reasonably believed by Business Associate to have been accessed, acquired, used or disclosed during the Incident and any of the following information Covered Entity is required to include in its notice to the Individual pursuant to 45 C.F.R. \u00a7164.404(c):\ni. A brief description of what happened, including the date of the Incident and the date of discovery of the Incident, if known;\nii. A description of the types of unsecured PHI that were involved in the Incident (e.g. Social Security number, full name, date of birth, address, diagnosis);\niii. Any steps the Individual should take to protect themselves from potential harm resulting from the Incident;\niv. A brief description of what is being done to investigate the Incident, mitigate the harm and protect against future Incidents; and\nv. Contact procedures for Individuals to ask questions or learn additional information which shall include a toll-free number, an e-mail address, Web site, or postal address (provided, Subsection v is only applicable if Covered Entity specifically requests Business Associate to establish contact procedures).\ne) Such additional information must be submitted to Covered Entity immediately at the time the information becomes available to Business Associate.\nf) If the cause of a breach of PHI is attributable to Business Associate or its agents, subcontractors or vendors, Business Associate is responsible for all required reporting of the breach as specified in 42 U.S.C. section 17932 and its implementing regulations, including, without limitation, notification to media outlets and to the Secretary of the Department of Health & Human Services. If a breach of unsecured PHI involves more than 500 residents of the State of California or its jurisdiction, Business Associate shall notify the Secretary of the breach immediately upon discovery of the breach. If Business Associate has reason to believe that duplicate reporting of the same breach or incident may occur because its subcontractors, agents or vendors may report the breach or incident to Covered Entity in addition to Business Associate, Business Associate shall notify Covered Entity, and Covered Entity and Business Associate may take appropriate action to prevent duplicate reporting.", "hash": "47bb084dfb450333068d2a1c2f1d986c", "id": 4}, {"size": 73, "snippet_links": [{"key": "contractor-shall", "type": "clause", "offset": [5, 21]}, {"key": "the-county", "type": "clause", "offset": [29, 39]}, {"key": "contract-administrator", "type": "clause", "offset": [42, 64]}, {"key": "county-data", "type": "clause", "offset": [90, 101]}, {"key": "data-incident", "type": "definition", "offset": [109, 122]}, {"key": "security-of", "type": "clause", "offset": [164, 175]}, {"key": "data-systems", "type": "definition", "offset": [183, 195]}, {"key": "hours-of", "type": "clause", "offset": [225, 233]}], "samples": [{"hash": "67pLdvYp3BD", "uri": "/contracts/67pLdvYp3BD#breach-notification", "label": "Contract for Services", "score": 35.2479972839, "published": true}, {"hash": "3veeROKsNhz", "uri": "/contracts/3veeROKsNhz#breach-notification", "label": "Contract for Services", "score": 35.0196456909, "published": true}, {"hash": "aaGZTl6mvpH", "uri": "/contracts/aaGZTl6mvpH#breach-notification", "label": "Contract for Services", "score": 34.7935943604, "published": true}], "snippet": "5.1. CONTRACTOR shall notify the COUNTY\u2019s contract administrator concerning any breach of COUNTY data or any data incident involving CONTRACTOR\u2019s data in which the security of COUNTY data systems may be compromised within 24 hours of the breach or incident.", "hash": "026380ec1f0b81c6f4ecf4f3fa38d34c", "id": 2}, {"size": 14, "snippet_links": [{"key": "contractor-shall", "type": "clause", "offset": [5, 21]}, {"key": "the-county", "type": "clause", "offset": [29, 39]}, {"key": "contract-administrator", "type": "clause", "offset": [42, 64]}, {"key": "county-data", "type": "clause", "offset": [90, 101]}, {"key": "data-incident", "type": "definition", "offset": [109, 122]}, {"key": "security-of", "type": "clause", "offset": [164, 175]}, {"key": "data-systems", "type": "definition", "offset": [183, 195]}, {"key": "hours-of", "type": "clause", "offset": [225, 233]}], "samples": [{"hash": "1Wf2hHGsiCM", "uri": "/contracts/1Wf2hHGsiCM#breach-notification", "label": "Contract for Services", "score": 36.4538040161, "published": true}, {"hash": "lAW4ZqpPy49", "uri": "/contracts/lAW4ZqpPy49#breach-notification", "label": "Contract for Services", "score": 36.4455909729, "published": true}, {"hash": "1G9jWaZAVzJ", "uri": "/contracts/1G9jWaZAVzJ#breach-notification", "label": "Contract for Services", "score": 36.3458938599, "published": true}], "snippet": "5.1. CONTRACTOR shall notify the COUNTY\u2019s Contract Administrator concerning any breach of COUNTY data or any data incident involving CONTRACTOR\u2019S data in which the security of COUNTY data systems may be compromised within 24 hours of the breach or incident.", "hash": "aa2f72c1f3002fbdaa48a5e420bb38d2", "id": 10}, {"size": 17, "snippet_links": [{"key": "contractor-shall", "type": "clause", "offset": [3, 19]}, {"key": "report-to", "type": "definition", "offset": [20, 29]}, {"key": "covered-california", "type": "clause", "offset": [30, 48]}, {"key": "security-incident", "type": "clause", "offset": [63, 80]}, {"key": "breach-of", "type": "definition", "offset": [120, 129]}, {"key": "in-connection-with", "type": "clause", "offset": [161, 179]}, {"key": "in-accordance-with", "type": "definition", "offset": [220, 238]}, {"key": "the-provisions", "type": "clause", "offset": [239, 253]}, {"key": "for-purposes-of-this", "type": "clause", "offset": [272, 292]}, {"key": "hipaa-breach-notification-rule", "type": "definition", "offset": [349, 379]}, {"key": "disclosure-of", "type": "clause", "offset": [411, 424]}, {"key": "custody-or-control", "type": "definition", "offset": [456, 474]}, {"key": "the-security", "type": "clause", "offset": [520, 532]}, {"key": "the-hipaa-security-rule", "type": "definition", "offset": [675, 698]}, {"key": "unauthorized-access", "type": "definition", "offset": [733, 752]}, {"key": "destruction-of-information", "type": "definition", "offset": [788, 814]}, {"key": "system-operations", "type": "definition", "offset": [840, 857]}, {"key": "information-system", "type": "definition", "offset": [864, 882]}], "samples": [{"hash": "gep8d2RVcBv", "uri": "/contracts/gep8d2RVcBv#breach-notification", "label": "Qualified Health Plan Issuer Contract", "score": 33.7982025146, "published": true}, {"hash": "lXLATCsSKXv", "uri": "/contracts/lXLATCsSKXv#breach-notification", "label": "Qualified Health Plan Issuer Contract", "score": 33.5875740051, "published": true}, {"hash": "g0SNHpKzRJe", "uri": "/contracts/g0SNHpKzRJe#breach-notification", "label": "Qualified Health Plan Issuer Contract", "score": 33.5771331787, "published": true}], "snippet": "i. Contractor shall report to Covered California any Breach or Security Incident reasonably calculated to result in the Breach of PII or PHI created or received in connection with Contractor Covered California Functions in accordance with the provisions set forth herein. For purposes of this Paragraph (e), a \u201cBreach\u201d shall, in accordance with the HIPAA Breach Notification Rule, mean the impermissible use or disclosure of PII or PHI within Contractor\u2019s custody or control which is reasonably calculated to compromise the security or privacy of any such PII or PHI [45 CFR \u00a7 164.400-414]. For purposes of this Paragraph (e), a \u201cSecurity Incident\u201d shall, in accordance with the HIPAA Security Rule, mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or the interference with system operations in an information system [45 CFR \u00a7 164.304].", "hash": "7ca49b1f469d05d6445e502aab629d73", "id": 8}], "next_curs": "ClwSVmoVc35sYXdpbnNpZGVyY29udHJhY3RzcjgLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhxicmVhY2gtbm90aWZpY2F0aW9uIzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"size": 1303, "parents": [["signatures", "SIGNATURES"], ["software-security", "SOFTWARE SECURITY"], ["notification-of-data-security-incident", "Notification of Data Security Incident"], ["obligations-and-activities-of-business-associate", "Obligations and Activities of Business Associate"], ["miscellaneous-provisions", "Miscellaneous Provisions"]], "title": "Breach Notification", "children": [["", ""], ["access-to-specialty-mental-health-services", "ACCESS TO SPECIALTY MENTAL HEALTH SERVICES"], ["cultural-competence", "CULTURAL COMPETENCE"], ["mental-health-requirements", "MENTAL HEALTH REQUIREMENTS"], ["services-to-be-performed", "SERVICES TO BE PERFORMED"]], "id": "breach-notification", "related": [["data-breach-notification", "Data Breach Notification", "Data <strong>Breach Notification</strong>"], ["security-breach-notification", "Security Breach Notification", "Security <strong>Breach Notification</strong>"], ["personal-data-breach-notification", "Personal Data Breach Notification", "Personal Data <strong>Breach Notification</strong>"], ["security-breach-notice-and-reporting", "Security Breach Notice and Reporting", "Security Breach Notice and Reporting"], ["compliance-with-breach-notification-and-data-security-laws", "COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS", "COMPLIANCE WITH <strong>BREACH NOTIFICATION</strong> AND DATA SECURITY LAWS"]], "related_snippets": [], "updated": "2026-02-20T05:50:57+00:00"}, "json": true, "cursor": ""}}