Common use of Providing Notice of Breaches Clause in Contracts

Providing Notice of Breaches. If Covered Entity determines that a Breach of PHI for which Business Associate was responsible, and if requested by Covered Entity, Business Associate shall provide notice to the Individual whose PHI has been the subject of the Breach. When so requested, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. Business Associate shall be responsible for the cost of notice and related remedies. The notice to affected Individuals shall be provided as soon as reasonably possible and in no case later than sixty (60) calendar days after Business Associate reported the Breach to Covered Entity. The notice to affected Individuals shall be written in plain language and shall include, to the extent possible: 1) a brief description of what happened; 2) a description of the types of Unsecured PHI that were involved in the Breach; 3) any steps Individuals can take to protect themselves from potential harm resulting from the Breach; 4) a brief description of what the Business Associate is doing to investigate the Breach to mitigate harm to Individuals and to protect against further Breaches; and 5) contact procedures for Individuals to ask questions or obtain additional information, as set forth in 45 CFR § 164.404(c). Business Associate shall notify Individuals of Breaches as specified in 45 CFR § 164.404(d) (methods of Individual notice). In addition, when a Breach involves more than 500 residents of Vermont, Business Associate shall, if requested by Covered Entity, notify prominent media outlets serving Vermont, following the requirements set forth in 45 CFR § 164.406.

Providing Notice of Breaches. If Covered Entity determines that a Breach of PHI for which Business Associate was responsible, and if requested by Covered Entity, Business Associate shall provide notice to the Individual whose PHI has been the subject of the Breach. When so requested, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. Business Associate shall be responsible for the cost of notice and related remedies. The notice to affected Individuals shall be provided as soon as reasonably possible and in no case later than sixty (60) 60 calendar days after Business Associate reported the Breach to Covered Entity. The notice to affected Individuals shall be written in plain language and shall include, to the extent possible: , 1) a brief description of what happened; , 2) a description of the types of Unsecured PHI that were involved in the Breach; , 3) any steps Individuals can take to protect themselves from potential harm resulting from the Breach; , 4) a brief description of what the Business Associate is doing to investigate the Breach to mitigate harm to Individuals and to protect against further Breaches; , and 5) contact procedures for Individuals to ask questions or obtain additional information, as set forth in 45 CFR § 164.404(c). Business Associate shall notify Individuals of Breaches as specified in 45 CFR § 164.404(d) (methods of Individual notice). In addition, when a Breach involves more than 500 residents of Vermont, Business Associate shall, if requested by Covered Entity, notify prominent media outlets serving Vermont, following the requirements set forth in 45 CFR § 164.406.

Providing Notice of Breaches. If Covered Entity determines that a Breach an impermissible acquisition, access, use or disclosure of PHI for which one of Business Associate Associate’s employees or agents was responsibleresponsible constitutes a Breach as defined in 45 CFR § 164.402, and if requested by Covered Entity, Business Associate shall provide notice to the Individual individual(s) whose PHI has been the subject of the Breach. When so requestedrequested to provide notice, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. Business Associate shall be responsible for the The cost of notice and related remediesremedies shall be borne by Business Associate. If Covered Entity or Business Associate determines that an impermissible acquisition, access, use or disclosure of PHI by a Subcontractor of Business Associate constitutes a Breach as defined in 45 CFR § 164.402, and if requested by Covered Entity or Business Associate, Subcontractor shall provide notice to the individual(s) whose PHI has been the subject of the Breach. When Covered Entity requests that Business Associate or its Subcontractor provide notice, Business Associate shall either 1) consult with Covered Entity about the specifics of the notice as set forth in section 8.1, above, or 2) require, by contract, its Subcontractor to consult with Covered Entity about the specifics of the notice as set forth in section 8.1 The notice to affected Individuals individuals shall be provided as soon as reasonably possible and in no case later than sixty (60) 60 calendar days after Business Associate reported the Breach to Covered Entity. The notice to affected Individuals individuals shall be written in plain language and shall include, to the extent possible: , 1) a brief description of what happened; , 2) a description of the types of Unsecured PHI that were involved in the Breach; , 3) any steps Individuals individuals can take to protect themselves from potential harm resulting from the Breach; , 4) a brief description of what the Business Associate is doing to investigate the Breach Breach, to mitigate harm to Individuals individuals and to protect against further Breaches; , and 5) contact procedures for Individuals individuals to ask questions or obtain additional information, as set forth in 45 CFR § 164.404(c). Business Associate shall notify Individuals individuals of Breaches as specified in 45 CFR § 164.404(d) (methods of Individual individual notice). In addition, when a Breach involves more than 500 residents of Vermont, Business Associate shall, if requested by Covered Entity, notify prominent media outlets serving Vermont, following the requirements set forth in 45 CFR § 164.406.