Common use of Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches Clause in Contracts

Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or any Security Incident of which Business Associate becomes aware, except that this section shall hereby serve as notice, and no additional reporting shall be required, of the regular occurrence of unsuccessful attempts at unauthorized access, use, disclosure, modification, or destruction of ePHI or interference with system operations in an information system containing ePHI. After discovery of an impermissible Use, Disclosure or Security Incident, Business Associate shall report such incident to the Covered Entity promptly without unreasonable delay. In the event that such use or disclosure or Security Incident constitutes a Breach of Unsecured Protected Health Information, such notice shall include the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been accessed, acquired, used, or disclosed in connection with such Breach and any additional information set forth at 45 CFR § 164.410, to the extent possible. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for the purpose of investigating and responding to the Breach. Notification of Breach, or potential Breach, under this Agreement shall be made to Covered Entity as indicated in (X)(d).

Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or any Security Incident of which Business Associate becomes aware, except that this section shall hereby serve as notice, and no additional reporting shall be required, of the regular occurrence of unsuccessful attempts at unauthorized access, use, disclosure, modification, or destruction of ePHI or interference with system operations in an information system containing ePHI. After discovery of an impermissible Use, Disclosure or Security Incident, Business Associate shall report such incident to the Covered Entity promptly without unreasonable delay. In the event that such use or disclosure or Security Incident constitutes a Breach of Unsecured Protected Health Information, such notice shall include the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been accessed, acquired, used, or disclosed in connection with such Breach and any additional information set forth at 45 CFR § 164.410, to the extent possible. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for the purpose of investigating and responding to the Breach. Notification of Breach, or potential Breach, under this Agreement shall be made to Covered Entity as indicated in Section (X)(d)X)(c) below.

Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches. Business Associate agrees to report to Covered Entity any use Use or disclosure of Disclosure oF PHI not provided for For by this Agreement or any Security Incident of oF which Business Associate becomes aware, except that this section shall hereby serve as notice, and no additional reporting shall be required, of oF the regular occurrence of unsuccessful oF unsuccessFul attempts at unauthorized access, useUse, disclosureDisclosure, modificationmodiFication, or destruction of oF ePHI or interference interFerence with system operations in an information inFormation system containing ePHI. After discovery of AFter Discovery oF an impermissible Use, Disclosure or Security Incident, Business Associate shall report such incident to the Covered Entity promptly without unreasonable delaydelay and in no event more than thirty (30) days Following Business Associate’s Discovery oF the incident. In the event that such use Use or disclosure Disclosure or Security Incident constitutes a Breach of oF Unsecured Protected Health InformationInFormation, such notice shall include the identification of identity oF each individual Individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been accessed, acquired, usedUsed, or disclosed Disclosed in connection with such Breach and any additional information inFormation set forth Forth at 45 CFR § 164.410, to the extent possibleavailable. In addition, Business Associate shall provide any additional information inFormation reasonably requested by Covered Entity for For the purpose of oF investigating and responding to the Breach. Notification of Breach, or potential Breach, under this Agreement shall be made to Covered Entity as indicated in (X)(d).

Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or any Security Incident of which Business Associate becomes aware, except that this section shall hereby serve as notice, and no additional reporting shall be required, of the regular occurrence of unsuccessful attempts at unauthorized access, use, disclosure, modificationmodification, or destruction of ePHI or interference with system operations in an information system containing ePHI. After discovery of an impermissible Use, Disclosure or Security Incident, Business Associate shall report such incident to the Covered Entity promptly without unreasonable delay. In the event that such use or disclosure or Security Incident constitutes a Breach of Unsecured Protected Health Information, such notice shall include the identification identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been accessed, acquired, used, or disclosed in connection with such Breach and any additional information set forth at 45 CFR § 164.410, to the extent possible. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for the purpose of investigating and responding to the Breach. Notification Notification of Breach, or potential Breach, under this Agreement shall be made to Covered Entity as indicated in (X)(d).

Reporting of Impermissible Uses and Disclosures, Security Incidents, and Breaches. Business Associate agrees to report to Covered Entity any use Use or disclosure Disclosure of PHI not provided for by this Agreement or any Security Incident of which Business Associate becomes aware, except that this section shall hereby serve as notice, and no additional reporting shall be required, of the regular occurrence of unsuccessful attempts at unauthorized access, useUse, disclosureDisclosure, modification, or destruction of ePHI or interference with system operations in an information system containing ePHI. After discovery Discovery of an impermissible Use, Disclosure or Security Incident, Business Associate shall report such incident to the Covered Entity promptly without unreasonable delaydelay and in no event more than thirty (30) days following Business Associate’s Discovery of the incident. In the event that such use Use or disclosure Disclosure or Security Incident constitutes a Breach of Unsecured Protected Health Information, such notice shall include the identification identity of each individual Individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been accessed, acquired, usedUsed, or disclosed Disclosed in connection with such Breach and any additional information set forth at 45 CFR § 164.410, to the extent possibleavailable. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for the purpose of investigating and responding to the Breach. Notification of Breach, or potential Breach, under this Agreement shall be made to Covered Entity as indicated in (X)(d).