Common use of Privacy or Security Breach Clause in Contracts

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum of which it becomes aware, including breaches of Unsecured Protected Health Information as required by 45 CFR 164.40, and any Security Incident of which it becomes aware. The Business Associate will make the report to the Covered Entity’s Privacy Official not more than fifteen (15) calendar days after the Business Associate becomes aware of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum Agreement along with any Breach of which it becomes aware, including breaches of the Covered Entity’s Unsecured Protected Health Information Information. The Business Associate will treat the Breach as required by being discovered in accordance with 45 CFR 164.40, and any Security Incident of which it becomes aware§164.410. The Business Associate will make the report to the Covered Entity’s Privacy Official not more than fifteen fifty (1550) calendar days after the Business Associate becomes aware learns of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum BA Contract along with any Breach of which it becomes aware, including breaches of Covered Entity’s Unsecured Protected Health Information Information. Business Associate will treat the Breach as required by being discovered in accordance with 45 CFR 164.40, and any Security Incident of which it becomes aware§ 164.410. The Business Associate will make the report to the Covered Entityentity’s Privacy Official not more than fifteen (15) or other corporate contract within 60 calendar days after the Business Associate becomes aware learns of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §§ 164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum Agreement of which it becomes aware, including breaches of Unsecured Protected Health Information as required by 45 CFR 164.40, and any Security Incident of which it becomes aware. The Business Associate will make the report to the Covered Entity’s Privacy Official not more than fifteen fifty (1550) calendar days after the Business Associate becomes aware of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum Agreement of which it becomes aware, including breaches of Unsecured Protected Health Information as required by 45 CFR 164.40, and any Security Incident of which it becomes aware. The Business Associate will make the report to the Covered Entity’s Privacy Official not more than fifteen thirty (1530) calendar days after the Business Associate becomes aware of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum Agreement along with any Breach of which it becomes aware, including breaches of Covered Entity’s Unsecured Protected Health Information Information. Business Associate will treat the Breach as required by being discovered in accordance with 45 CFR 164.40, and any Security Incident of which it becomes aware§164.410. The Business Associate will make the report to the Covered Entity’s Privacy Official Entity not more than fifteen (15) 5 calendar days after the Business Associate becomes aware learns of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum Agreement along with any Breach of which it becomes aware, including breaches of Covered Entity’s Unsecured Protected Health Information Information. Business Associate will treat the Breach as required by being discovered in accordance with 45 CFR 164.40, and any Security Incident of which it becomes aware§ 164.410. The Business Associate will make the report to the Covered Entity’s Privacy Official not more than fifteen (15) 20 calendar days after the Business Associate becomes aware learns of such non-non permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §§ 164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least:

Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity’s Protected Health Information not permitted by this Addendum BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required by 45 CFR 164.40, and any Security Incident of which it becomes aware. The Business Associate will make the report to the Covered Entity’s Privacy Official not more than fifteen twenty-five (1525) calendar days after the Business Associate becomes aware of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate’s report will at least: