Report of Improper Use or Disclosure. Business Associate shall report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI that is not provided for by this Agreement.
Report of Improper Use or Disclosure. Recipient shall immediately report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI or Limited Data Set information that is not permitted by this Agreement or under HIPAA. This report shall identify the nature of the violating use or disclosure, the PHI or Limited Data Set information used or disclosed, who made the violating use or received the disclosure, what corrective action Recipient has or will take to prevent further violations, including any mitigation, and provide any other information as Covered Entity may request.
Report of Improper Use or Disclosure. Business Associate agrees to promptly report to a Covered Entity any use or disclosure of the Covered Entity’s PHI not provided for by this Agreement of which Business Associate becomes aware. Business Associate is also subject to the requirements in Section 7 of the General Terms and Conditions (Breach Notification).
Report of Improper Use or Disclosure. Incident" means (i) any successful Security Incident, (ii) Breach of Unsecured PHI, or (iii) any loss, destruction, alteration or other event in which PHI cannot be accounted for. Successful Security Incidents shall not include pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate agrees to notify Covered Entity, in writing immediately upon discovery, but not later than one business day from the day of discovery of any Incident (by Business Associate or by a Subcontractor) involving the acquisition, access, use or disclosure of the PHI not provided for by this Agreement of which Business Associate becomes aware. As soon as reasonably possible thereafter, in no case more than five (5) calendar days following discovery of the Incident, Business Associate shall provide Covered Entity with a written report which shall include but not be limited to: i) a description of the circumstances under which the Incident occurred; ii) the date of the Incident and the date that the Incident was discovered; iii) a description of the types of PHI involved in the Incident; iv) the identification of each Individual whose PHI is known or is reasonably believed by the Business Associate to have been affected; and v) any recommendations that the Business Associate may have, if any, regarding the steps that Individuals may take to protect themselves from harm. To the extent that Covered Entity reasonably determines that such Incident necessitates the notification of Individuals by Covered Entity under HITECH, Business Associate agrees that it shall immediately reimburse Covered Entity for the reasonable expenses of such notification process. Business Associate shall cooperate with any investigation (and/or risk assessment) of such Incident conducted by Covered Entity in connection with any report made pursuant to this Section. Business Associate shall make itself and any subcontractors and agents assisting Business Associate in the performance of its obligations available to Covered Entity to testify as witnesses, or otherwise, in the event of an Incident.
Report of Improper Use or Disclosure. Business Associate agrees promptly to report to Covered Entity any use or disclosure of the PHI not provided for by this Agreement of which Business Associate becomes aware, including breaches of unsecured protected health information as required by 45 CFR § 164.410, and any security incident of which it becomes aware. Such report shall be in writing and shall be reported to Covered Entity as soon as practicable after the date Business Associate becomes aware of such use or disclosure, but in no event more than five (5) days following such date.
Report of Improper Use or Disclosure. Business Associate shall report to Covered Entity within thirty (30) days of discovery any information of which it becomes aware concerning any use or disclosure of PHI that is not provided for by this Agreement. See also section 2.8 herein.
Report of Improper Use or Disclosure. Business Associate shall immediately report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI that is not permitted by this Agreement. This report shall identify the nature of the violating use or disclosure, the PHI used or disclosed, who made the violating use or received the disclosure, what corrective action Business Associate has or will take to prevent further violations, including any mitigation, and provide any other information Covered Entity requests. Business Associate will also immediately report to Covered Entity any breaches of unsecured Protected Health Information identified by Business Associate, including the names of the individuals whose Protected Health Information has been breached, as well as any other information about the nature and date of the breach, the types of information involved, what individuals may do to protect themselves, and the steps the Business Associate is taking to mitigate the harm and protect against future breaches, as provided by 42 U.S.C. 17932(b) and 45 C.F.R. 164.410. Business Associate will mitigate, to the extent practicable, any harmful effect that is known to Business Associate of use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.
Report of Improper Use or Disclosure. Sony shall report to Customer any information of which it becomes aware concerning any use or disclosure of PHI that is not permitted by this BAA and any Security Incident affecting PHI of which it becomes aware. The parties acknowledge and agree that this Section constitutes notice by Sony to Customer of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Customer shall be required. “Unsuccessful Security Incidents” means, without limitation, pings and other broadcast attacks on Sony’s firewall, port scans, unsuccessful log-on attempts, denial-of-service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.
Report of Improper Use or Disclosure. Recipient shall immediately report but no later than five (5) business days to Covered Entity any information of which it becomes aware, including any Limited Data Set information or PHI from the Recipient or other entities, concerning any use or disclosure of PHI or Limited Data Set information that is not permitted by this Agreement or under HIPAA including but not limited to any Breaches of Unsecured Protected Health Information, security incident or any impermissible use or disclosure of PHI or Limited Data Set information in violation of HIPAA. The Recipient will act in good faith with the Covered Entity to mitigate any potential or actual harm due to the improper use or disclosure of PHI or Limited Data Set information. The content of such a report of the Recipient to the Covered Entity shall include, but is not limited to: A brief description of what happened, including the date of the Breach or Security Incident or other inappropriate or impermissible or unlawful use or disclosure of PHI or Limited Data Set, if known; and a description of the types of PHI that were involved (e.g. SSN, name, DOB, home address, account number or disability code). Additionally, this report to the Covered Entity shall identify the nature of the violating use or disclosure, the PHI or Limited Data Set information used or disclosed, who made the violating use or received the disclosure, what corrective action Recipient has or will take to prevent further violations, including any mitigation, and provide any other information as Covered Entity may request.
Report of Improper Use or Disclosure. Business Associate agrees to report to a Covered Entity within ten (10) business days of discovery any use or disclosure of the Covered Entity’s PHI not provided for by this Agreement of which Business Associate becomes aware.
