Breaches of Unsecured PHI. CA-CIB will report in writing to CHS Entity any Breach of Unsecured Protected Health Information, as defined in the Breach Notification Rule, within five (5) business days of the date CA-CIB learns of the incident giving rise to the Breach. CA-CIB will provide such information to CHS Entity as required in the Breach Notification Rule.
Breaches of Unsecured PHI. Business Associate will report in writing to Covered Entity any Breach of Unsecured Protected Health Information, as defined in the Breach Notification Rule, as soon as practicable, but no later than 10 business days from the date Business Associate learns of the incident giving rise to the Breach. Business Associate will provide such information to Covered Entity as required in the Breach Notification Rule. Business Associate will reimburse Covered Entity for any reasonable expenses Covered Entity incurs in notifying Individuals of a Breach caused by Business Associate or Business Associate’s subcontractors or agents, and for reasonable expenses Covered Entity incurs in mitigating harm to those Individuals.
Breaches of Unsecured PHI. Business Associate will report in writing to Covered Entity any Breach of Unsecured Protected Health Information, as defined in the Breach Notification Rule, within five (5) business days of the date Business Associate learns of the incident giving rise to the Breach. Business Associate will provide such information to Covered Entity as required in the Breach Notification Rule. Business Associate will reimburse Covered Entity for any reasonable expenses Covered Entity incurs in notifying Individuals of a Breach caused by Business Associate or Business Associate’s subcontractors or agents, and for reasonable expenses Covered Entity incurs in mitigating harm to those Individuals. Business Associate also will defend, hold harmless and indemnify Covered Entity and its employees, agents, officers, directors, shareholders, members, contractors, parents, and subsidiary and affiliate entities, from and against any claims, losses, damages, liabilities, costs, expenses, penalties or obligations (including attorneys’ fees), which the Covered Entity may incur due to a Breach caused by Business Associate or Business Associate’s Subcontractors or agents.
Breaches of Unsecured PHI. Business Associate will report to Covered Entity any Breach of Unsecured PHI by Business Associate or any of its officers, directors, employees, Subcontractors or agents. All notifications of Breach of Unsecured PHI will be made by Business Associate to the Covered Entity official designated in Section VIII(c) of this Agreement. All notifications required under this Section will be made by Business Associate without unreasonable delay and in no event later than five (5) days of discovery. Business Associate will use the standard at 45 C.F.R. § 164.410(a) to determine when the Breach is treated as discovered. All notifications will comply with Business Associate’s obligations under, and include the information specified in, 45 C.F.R. § 164.410 and include any other available information that Covered Entity is required to include in its notification to individuals pursuant to 45 C.F.R. § 164.404(c). In the event of a Breach that is caused by the acts or omissions of Business Associate, its Subcontractors, officers, directors, employees or agents, Business Associate will cooperate with Covered Entity to notify, (i) individuals whose Unsecured PHI has been, or is reasonably believed by Business Associate or Covered Entity to have been, accessed, acquired, used or disclosed, and (ii) the media, as required pursuant to 45 C.F.R. § 164.406, if the legal requirements for media notification are triggered by the circumstances of such Breach. Business Associate will cooperate in Covered Entity’s Breach analysis process and procedures, if requested. Covered Entity will at all times have the final decision about the content of any notification required to be given under the Regulations and will be responsible for providing final notice including all costs of such final notice.
Breaches of Unsecured PHI. Business Associate will report in writing to Covered Entity any Breach of Unsecured Protected Health Information, as defined in the Breach Notification Regulations, within 10 business days of the date Business Associate learns of the incident giving rise to the Breach. Business Associate will provide such information to Covered Entity as required in the Breach Notification Regulations.
Breaches of Unsecured PHI. SurveyMonkey shall, to the extent permitted by applicable law following the discovery of any Breach of Unsecured PHI that is Protected Information, notify CE in writing of such Breach without unreasonable delay and in no case later than 60 days after discovery. CE shall be solely responsible for determining whether to notify impacted Individuals, determining if regulatory bodies, such as the Secretary of the Department of U.S. Health and Human Services, or other enforcement commissions applicable to CE need to be notified, and for providing any such notices.
Breaches of Unsecured PHI. Without limiting the generality of the reporting requirements set forth in Section 2.4(a), BA also shall, following the discovery of any Breach of Unsecured PHI, notify CE in writing of such Breach without unreasonable delay and in no case later than sixty (60) days after discovery. The notice shall include the following information if known (or can be reasonably obtained) by BA: (i) contact information for the individuals who were or who may have been impacted by the Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the Breach, including the date of the Breach and date of discovery (as defined in 42 U.S.C. § 17932(c)); (iii) a description of the types of Unsecured PHI involved in the Breach (e.g., names, social security numbers, date of birth, addresses, account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what the BA has done or is doing to investigate the Breach, mitigate harm to the individuals impacted by the Breach.
Breaches of Unsecured PHI. Without limiting the generality of the reporting requirements set forth in Section 2.4(a), SurveyMonkey also shall, to the extent permitted by applicable law following the discovery of any Breach of Unsecured PHI that is Protected Information, notify CE in writing of such Breach without unreasonable delay and in no case later than 60 days after discovery. The notice shall include the following information if known (or can be reasonably obtained) by SurveyMonkey: (i) contact information for the individuals who were or who may have been impacted by the Breach (e.g., first and last name, mailing address, email address); (ii) a brief description of the circumstances of the Breach, including the date of the Breach and date of discovery (as defined in 42 U.S.C. § 17932(c)); (iii) a description of the types of Unsecured PHI involved in the Breach (e.g., names, social security numbers, date of birth, addresses, account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); and (iv) a brief description of what the SurveyMonkey has done or is doing to investigate the Breach and to mitigate harm to the individuals impacted by the Breach.
Breaches of Unsecured PHI. Business Associate will report in writing to Covered Entity any Breach of Unsecured Protected Health Information, as defined in the Breach Notification Regulations, 45 C.F.R. Section 164.400 et seq. (each a “HIPAA Breach”), within fifteen (15) days of the date Business Associate Discovers the Breach, and shall provide Covered Entity with all information required by 45 C.F.R. Section 164.410 that Business Associate has or may obtain without unreasonable difficulty. Business Associate will provide such information to Covered Entity in the manner required by the Breach Notification Regulations, and as promptly as is possible.
Breaches of Unsecured PHI. Business Associate will report to Covered Entity any Breach of Unsecured PHI by Business Associate or any of its officers, directors, employees, Subcontractors or agents. [GPM Note: if CE wants breach notification to go to someone at CE who is not the official designated to receive general notice under this BAA (i.e., if CE wants notice to go to its Privacy Officer but less pressing contract issues to go to the contracting department), CE can designate a specific contact to receive breach notification from BA. Otherwise notice can go to the general notice point for contracting issues]. [Option A] [All notifications of Breach of Unsecured PHI will be made by Business Associate to ________________ at Covered Entity.] [Option B] All notifications of Breach of Unsecured PHI will be made by Business Associate to the Covered Entity official designated in Section VIII(c) of this Agreement]. [GPM Note: CE has discretion to require a specific notice period and should make decision about appropriate timeframe within context of HIPAA breach notification standard of providing notice to individuals as soon as possible, but no later than 60 days after discovering breach. We would not generally recommend that the BA have longer than 5 days to provide this notice.] All notifications required under this Section will be made by Business Associate without unreasonable delay and in no event later than [two (2) days] [three (3) days] [five (5) days] of discovery. Business Associate will use the standard at 45 C.F.R. § 164.410(a) to determine when the Breach is treated as discovered. All notifications will comply with Business Associate’s obligations under, and include the information specified in, 45 C.F.R. § 164.410 and include any other available information that Covered Entity is required to include in its notification to individuals pursuant to 45 C.F.R. § 164.404(c). In the event of a Breach that is caused by the acts or omissions of Business Associate, its Subcontractors, officers, directors, employees or agents, Business Associate will cooperate with Covered Entity to notify, [GPM Note: CE should consider whether to require BA to cover costs of notification due to a breach caused by BA] [at Business Associate’s expense], (i) individuals whose Unsecured PHI has been, or is reasonably believed by Business Associate or Covered Entity to have been, accessed, acquired, used or disclosed, and (ii) the media, as required pursuant to 45 C.F.R. § 164.406, if the legal requiremen...
