Data Breach Notification and Mitigation Under Other Laws. In addition to the requirements of Section 9.1, Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any breach of individually identifiable information (including but not limited to PHI, and referred to hereinafter as “Individually Identifiable Information”) that, if misused, disclosed, lost or stolen, Covered Entity believes would trigger an obligation under one or more State data breach notification laws (each a “State Breach”) to notify the individuals who are the subject of the information. Business Associate agrees that in the event any Individually Identifiable Information is lost, stolen, used or disclosed in violation of one or more State data breach notification laws, Business Associate shall promptly: (i) cooperate and assist Covered Entity with any investigation into any State Breach or alleged State Breach; (ii) cooperate and assist Covered Entity with any investigation into any State Breach or alleged State Breach conducted by any State Attorney General or State Consumer Affairs Department (or their respective agents); (iii) comply with Covered Entity’s determinations regarding Covered Entity’s and Business Associate’s obligations to mitigate to the extent practicable any potential harm to the individuals impacted by the State Breach; and
Appears in 6 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
Data Breach Notification and Mitigation Under Other Laws. In addition to the requirements of Section 9.1, Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any breach of individually identifiable information (including but not limited to PHI, and referred to hereinafter as “Individually Identifiable Information”) that, if misused, disclosed, lost or stolen, Covered Entity believes would trigger an obligation under one or more State data breach notification laws (each a “State Breach”) to notify the individuals who are the subject of the information. Business Associate agrees that in the event any Individually Identifiable Information is lost, stolen, used or disclosed in violation of one or more State data breach notification laws, Business Associate shall promptly: (i) cooperate and assist Covered Entity with any investigation into any State Breach or alleged State Breach; (ii) cooperate and assist Covered Entity with any investigation into any State Breach or alleged State Breach conducted by any State Attorney General or State Consumer Affairs Department (or their respective agents); (iii) comply with Covered Entity’s determinations regarding Covered Entity’s and Business Associate’s obligations to mitigate to the extent practicable any potential harm to the individuals impacted by the State Breach; andand (iv) assist with the implementation of any decision by Covered Entity or any State agency, including any State Attorney General or State Consumer Affairs Department (or their respective agents), to notify individuals impacted or potentially impacted by a State Breach.
Appears in 1 contract
Samples: Piggyback Agreement
Data Breach Notification and Mitigation Under Other Laws. In addition to the requirements of Section 9.1, Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any breach of individually identifiable information (including but not limited to PHI, and referred to hereinafter as “Individually Identifiable Information”) that, if misused, disclosed, lost or stolen, Covered Entity Xxxxxxxx believes would trigger an obligation under one or more State data breach notification laws (each a “State Breach”) to notify the individuals who are the subject of the information. Business Associate agrees that in the event any Individually Identifiable Information is lost, stolen, used or disclosed in violation of one or more State data breach notification laws, Business Associate shall promptly: (i) cooperate and assist Covered Entity Facility with any investigation into any State Breach or alleged State Breach; (ii) cooperate and assist Covered Entity Facility with any investigation into any State Breach or alleged State Breach conducted by any State Attorney General or State Consumer Affairs Department (or their respective agents); (iii) comply with Covered EntityFacility’s determinations regarding Covered EntityFacility’s and Business Associate’s obligations to mitigate to the extent practicable any potential harm to the individuals impacted by the State Breach; andand (iv) assist with the implementation of any decision by Facility or any State agency, including any State Attorney General or State Consumer Affairs Department (or their respective agents), to notify individuals impacted or potentially impacted by a State Breach.
Appears in 1 contract
Samples: Business Associate Agreement
Data Breach Notification and Mitigation Under Other Laws. In addition to the requirements of Section 9.1above-cited requirements, Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any breach of individually identifiable information (including but not limited to PHI, and referred to hereinafter as “Individually Identifiable identifiable Information”) that, if misused, disclosed, lost or stolen, Covered Entity Company believes would trigger an obligation under one or more State data breach notification laws (each a as “State Breach”) to notify the individuals who are the subject of the information. Business Associate agrees that in the event any Individually Identifiable Information is lost, stolen, used or disclosed in violation of one or more State data breach notification laws, Business Associate shall promptly: ; (i) cooperate and assist Covered Entity Company with any investigation into any State Breach or alleged State Breach; (ii) cooperate and assist Covered Entity Company with any investigation into any State Breach or alleged State Breach conducted by any State Attorney General or State Consumer Affairs Department (or their respective agents); (iii) comply with Covered EntityCompany’s determinations regarding Covered EntityCompany’s and Business Associate’s obligations to mitigate to the extent practicable any potential harm to the individuals impacted by the State Breach; andand (iv) assist with the implementation of any decision by Company or any State agency, including any State Attorney General or State Consumer Affairs Department (or their respective agents), to notify individuals impacted or potentially impacted by a State Breach.
Appears in 1 contract
Samples: Business Associate Agreement