Notify Covered Entity Sample Clauses

Notify Covered Entity. Provider Partner shall promptly notify Covered Entity of any Security Incident or Breach in writing in the most expedient time possible, and not to exceed twenty-four (24) hours in the event of a Breach, following Provider Partner’s initial awareness of such Security Incident or Breach. Notwithstanding any notice provisions in this Agreement, such notice shall be made to Nutrition Factors by email to ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. Provider Partner shall cooperate in good faith with Covered Entity in the investigation of any Breach or Security Incident.

Notify Covered Entity upon acquiring actual knowledge of a Security Incident or breach of Unsecured PHI, or by the exercise of reasonable diligence should have acquired knowledge of a Security Incident or breach of Unsecured PHI, without undue delay. To the extent possible, Business Associate’s notification shall include at the time of the notice or promptly thereafter as the information becomes available, a brief description of what happened, the types of Unsecured PHI involved, and any remedial actions taken. Notwithstanding the foregoing, this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but unsuccessful Security Incidents, for which no additional notice to Covered Entity shall be required, including but not limited to, pings and other broadcast attacks on Business Associate’s network security groups, port scans, unsuccessful log-in attempts, denial-of-service attacks, malware (e.g. worms, viruses) that is detected and neutralized by Business Associate’s defensive software and tools intended for such purposes, interception of encrypted information where the key is not comprised and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of Unsecured PHI. Notwithstanding the foregoing, Covered Entity acknowledges that because Business Associate personnel do not have visibility to the content of Customer Data, it will be unlikely that Business Associate can provide information as to the type of data that may be affected or the identities of Individuals whose data may be affected by a breach or Security Incident. Communications by or on behalf of Business Associate with Covered Entity in connection with this Section shall not be construed as an acknowledgment by Business Associate of any fault or liability with respect to the incident.

Notify Covered Entity. Business Associate shall notify Covered Entity of any use or disclosure of PHI that is not permitted by this Agreement, including any successful Security Incident or Breach of Unsecured PHI, in writing as soon as practicable, but not to exceed thirty (30) calendar days following Business Associate’s Discovery unless (i) required by applicable law to provide notice within a shorter time period, in which case Business Associate shall notify Covered Entity within the time period required by such applicable law, or (ii) law enforcement requests a delay in such notice as permitted under 45 C.F.R. 164.412. Covered Entity and Business Associate acknowledge and agree that unsuccessful Security Incidents include but are not limited to: (i) unsuccessful attempts to penetrate computer networks or services maintained by Business Associate; (ii) immaterial incidents such as

Notify Covered Entity. Business Associate shall notify Covered Entity of any use or disclosure of PHI that is not permitted by this Agreement, including any successful Security Incident or Breach of Unsecured PHI, in writing as soon as practicable, but not to exceed sixty (60) calendar days following Business Associate’s Discovery unless law enforcement requests a delay in such notice as permitted under 45 C.F.R. 164.412. Covered Entity and Business Associate acknowledge and agree that unsuccessful Security Incidents include but are not limited to: (i) unsuccessful attempts to penetrate computer networks or services maintained by Business Associate; (ii) immaterial incidents such as

Notify Covered Entity. Business Associate shall promptly notify Covered Entity by telephone and by email of any Security Incident, Breach, or California Breach in writing in the most expedient time possible, and not to exceed five (5) calendar days in the event of a Security Incident, Breach or California Breach, following Business Associate’s initial awareness of such Security Incident, Breach, or California Breach. Notwithstanding any notice provisions in the Agreement, such notice shall be made to CommonSpirit Health’s Chief Privacy Officer, at both the phone number and email below. Without limitation, Security Incidents shall include ransomware attacks and Business Associate’s knowledge of other types of infectious malware on Business Associate’s computer systems. However, this Section constitutes advance and ongoing notice of Unsuccessful Security Incidents, for which no further notice is necessary. Business Associate shall cooperate in good faith with Covered Entity in the investigation of any Breach, California Breach, or Security Incident. Any notice required under this BAA to be given to a Party shall be made to: If to Covered Entity: If to Business Associate: Saint ▇▇▇▇▇▇ Health System, Inc. LFUCG Division of Police, SVU ▇ ▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇ ▇. ▇▇▇▇ ▇▇▇▇▇▇ Lexington, Ky 40504 Lexington, Ky. 40507 Attn: ▇▇▇▇ ▇▇▇▇, Chief Privacy Officer Attn: ▇▇▇▇▇▇ ▇▇▇▇▇▇▇ Telephone No.: ▇▇▇-▇▇▇-▇▇▇▇ Telephone No.: ▇▇▇-▇▇▇-▇▇▇▇ Email: ▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ Email: ▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇▇