Common use of Documentation Requirement Clause in Contracts

Documentation Requirement. Business Associate shall maintain written records relating to (i) each Breach of Unsecured PHI and (ii) each suspected Breach which is later determined to not constitute a Breach of Unsecured PHI for a period of the lesser of six (6) years or the duration of this Agreement. Business Associate shall maintain records relating to actual or suspected Breaches (even if it is determined that no notice is required under the Breach Notification Rules), including all risk assessments for determining risk of harm to affected individuals and all analyses of whether the Breach Notification Rules are implicated by an actual or suspected Breach. Business Associate shall also maintain all records relating to actions taken in response to a Breach of Unsecured PHI, including all notices provided in accordance with the Breach Notification Rule, all steps to mitigate harm caused by the Breach and all corrective action steps taken to prevent a future similar Breach. Upon termination of the Agreement, Business Associate shall provide to Covered Entity all such documentation for the previous six (6) year period (or for the period in which this section is in effect, if shorter).