Common use of Loss Reporting Clause in Contracts

Loss Reporting. ENTITY shall immediately notify DHHS Information Security and Program Manager, via the email addresses provided in this Agreement, of any information security events, Incidents, or Breaches this includes a confidential information breach, or suspected breach, which affects or includes any State of New Hampshire systems that connect to the State of New Hampshire network. ENTITY shall further handle and report incidents and breaches involving PHI in accordance with the agency’s documented incident handling and breach notification procedures and in accordance with HIPAA, and 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, ENTITY’s compliance with all applicable obligations and procedures. ENTITY’s procedures shall also address how ENTITY shall: Identify Incidents; Determine if personally identifiable information is involved in any Incidents; Report suspected or confirmed Incidents as required by this Agreement and in the EUA; Identify and convene a core response group within ENTITY’s organization to determine the risk level of Incidents and determine risk-based mitigation and responses to Incidents; Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures; and Address and report Incidents, and or breaches that implicate personal information to DHHS in accordance with timing provisions of NH RSA 359-C:20 and this Agreement. If a suspected or known incident, breach involves Social Security Administration (SSA) provided data, Internal Revenue Services (IRS) provided data, or Federal Tax Information (FTI), then ENTITY shall notify DHHS Information Security without delay. In the event of any security breach, ENTITY shall make efforts to investigate the causes of the breach, promptly take measures to prevent future breach, and minimize any damage or loss resulting from the breach. The State shall recover from ENTITY all costs of response and recovery from the breach, including but not limited to: credit monitoring services, mailing costs and costs associated with website and telephone call center services necessary due to the breach.

Loss Reporting. ENTITY shall immediately notify DHHS Information Security and Program Manager, via the email addresses provided in this Agreement, of any information security events, Incidents, or Breaches this includes a confidential information breach, or suspected breach, which affects or includes any State of New Hampshire systems that connect to the State of New Hampshire network. ENTITY shall further handle and report incidents and breaches involving PHI in accordance with the agency’s documented incident handling and breach notification procedures and in accordance with HIPAA, and 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, ENTITY’s compliance with all applicable obligations and procedures. ENTITY’s procedures shall also address how ENTITY shall: Identify Incidents; Determine ▇▇▇▇▇▇▇▇▇ if personally identifiable information is involved in any Incidents; Report suspected or confirmed Incidents as required by this Agreement and in the EUA; Identify and convene a core response group within ENTITY’s organization to determine the risk level of Incidents and determine risk-based mitigation and responses to Incidents; Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures; and Address and report Incidents, and or breaches that implicate personal information to DHHS in accordance with timing provisions of NH RSA 359-C:20 and this Agreement. If a suspected or known incident, breach involves Social Security Administration (SSA) provided data, Internal Revenue Services (IRS) provided data, or Federal Tax Information (FTI), then ENTITY shall notify DHHS Information Security without delay. In the event of any security breach, ENTITY shall make efforts to investigate the causes of the breach, promptly take measures to prevent future breach, and minimize any damage or loss resulting from the breach. The State shall recover from ENTITY all costs of response and recovery from the breach, including but not limited to: credit monitoring services, mailing costs and costs associated with website and telephone call center services necessary due to the breach.

Loss Reporting. ENTITY shall immediately notify DHHS Information Security and Program Manager, via the email addresses provided in this Agreement, of any information security events, Incidents, or Breaches this includes a confidential information breach, or suspected breach, which affects or includes any State of New Hampshire systems that connect to the State of New Hampshire network. ENTITY shall further handle and report incidents and breaches involving PHI in accordance with the agency’s documented incident handling and breach notification procedures and in accordance with HIPAA, and 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, ENTITY’s compliance with all applicable obligations and procedures. ENTITY’s procedures shall also address how ENTITY shall: : 1. Identify Incidents; ; 2. Determine if personally identifiable information is involved in any Incidents; ; 3. Report suspected or confirmed Incidents as required by this Agreement and in the EUA; ; 4. Identify and convene a core response group within ENTITY’s organization to determine the risk level of Incidents and determine risk-based mitigation and responses to Incidents; ; 5. Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures; and and 6. Address and report Incidents, and or breaches that implicate personal information to DHHS in accordance with timing provisions of NH RSA 359-C:20 and this Agreement. If a suspected or known incident, breach involves Social Security Administration (SSA) provided data, Internal Revenue Services (IRS) provided data, or Federal Tax Information (FTI), then ENTITY shall notify DHHS Information Security without delay. In the event of any security breach, ENTITY shall make efforts to investigate the causes of the breach, promptly take measures to prevent future breach, and minimize any damage or loss resulting from the breach. The State shall recover from ENTITY all costs of response and recovery from the breach, including but not limited to: credit monitoring services, mailing costs and costs associated with website and telephone call center services necessary due to the breach.