Data Breach Notification and Obligations Sample Clauses

Data Breach Notification and Obligations. 10.1 The Data Breach or potential compromise of Data shared under this Contract must be reported to the HCA Privacy Officer at ▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇.▇▇.▇▇▇ within one (1) business day of discovery. 10.2 If the Data Breach or potential compromise of Data includes PHI, and the Contractor does not have full details, it will report what information it has and provide full details within fifteen (15) Business Days of discovery. To the extent possible, these reports must include the following: A. The identification of each individual whose PHI has been or may have been improperly accessed, acquired, used, or disclosed. B. The nature of the unauthorized use or disclosure, including a brief description of what happened, the date of the event(s), and the date of discovery. C. A description of the types of PHI involved; D. The investigative and remedial actions the Contractor or its Subcontractor took or will take to prevent and mitigate harmful effects and protect against recurrence. E. Any details necessary for a determination of the potential harm to Clients whose PHI is believed to have been used or disclosed and the steps those Clients should take to protect themselves; and F. Any other information HCA reasonably requests. 10.3 The Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements imposed by law or HCA including but not limited to 45 C.F.R. Part 164 Subpart D; RCW 42.56.590; RCW 19.255.010; or WAC ▇▇▇-▇▇-▇▇▇. 10.4 If notification must, in the sole judgement of HCA, must be made Contractor will further cooperate and facilitate notification to necessary individuals, to the U.S. Department of Health and Human Services (DHHS) Secretary, and to the media. At HCA’s discretion, Contractor may be required to directly perform notification requirements, or if HCA elects to perform the notifications, Contractor must reimburse HCA for all costs associated with notification(s). 10.5 Contractor is responsible for all costs incurred in connection with a security incident, Data Breach, or potential compromise of Data, including: A. The reasonable costs of notification to individuals, media, and governmental agencies and of other actions HCA reasonably considers appropriate to protect HCA clients. B. Computer forensics assistance to assess the impact of a Data Breach, determine root cause, and help determine whether and the extent to which notification must be provided to comply with Data Breach notification laws....