Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate will report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate’s notification to Covered Entity of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404. A Security Incident, for the purpose of this Section 3.2, does not include attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with Business Associate’s Corporate Information System (“non-PHI Information System”), as defined by Business Associate’s internal policies and procedures.
Reporting of Improper Use or Disclosure, Security Incident or Breach. AZCOMP will report to Customer any use or disclosure of PHI not provided for by the Agreement of which it becomes aware. AZCOMP will report to Customer any Security Incident of which it becomes aware. AZCOMP will notify Customer of any Breach of Unsecured PHI as soon as practicable, and no later than 30 days after discovery of such Breach. AZCOMP’s notification to Customer of a Breach will include: (a) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by AZCOMP to have been, accessed, acquired or disclosed during the Breach; and
Reporting of Improper Use or Disclosure, Security Incident or Breach. McKesson will report to Customer any use or disclosure of PHI not provided for by the Agreement of which it becomes aware. McKesson will report to Customer any Security Incident of which it becomes aware. McKesson will notify Customer of any Breach of Unsecured PHI as soon as practicable, and no later than 30 days after discovery of such Breach. McKesson’s notification to Customer of a Breach will include: (a) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by McKesson to have been, accessed, acquired or disclosed during the Breach; and (b) any particulars regarding the Breach that Customer would need to include in its notification, as such particulars are identified in 42 U.S.C. § 17932 and 45 C.F.R. § 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. FDI shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by FDI to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Covered Entity by FDI shall be required only upon request. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on FDI’s firewall, port scans, unsuccessful log‐on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. FDI’s notification to Covered Entity of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by FDI to have been, accessed, acquired or disclosed during the Breach; and
Reporting of Improper Use or Disclosure, Security Incident or Breach. PointCare will report to Customer any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, that becomes known to PointCare, within ten (10) days following discovery, and will provide a further report within a reasonable period of time after the information becomes available using commercially reasonable efforts to do so; provided, however, that Customer acknowledges and agrees that this Section constitutes notice by PointCare to Customer of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Customer by PointCare will be required only upon request. “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on PointCare’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. PointCare’s notification to Customer of a Breach will include, where commercially reasonable, information to determine: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by PointCare to have been, accessed, acquired or disclosed during the Breach; (ii) any particulars regarding the Breach that a Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404; and (iii) any remedial actions taken by PointCare to mitigate the adverse effects of the Breach.
Reporting of Improper Use or Disclosure, Security Incident or Breach. MSH will report to the Practice any use or disclosure of PHI not permitted under the Terms and Conditions, Breach of Unsecured PHI or any Security Incident, without unreasonable delay; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by MSH to the Practice of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on MSH’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate will report to Healthcare Provider any use or disclosure of PHI not permitted under this Agreement, Breach of Unsecured PHI or any Security Incident, promptly, but in no case later than fifteen (15) calendar days of becoming aware of its occurrence. The Parties acknowledge and agree that this Section constitutes notice by Business Associate to Healthcare Provider of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate’s notification to Healthcare Provider of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any information regarding the Breach that Healthcare Provider would need to include in its notification, as identified in 45 C.F.R. § 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. CHC will report to Customer any Use or Disclosure of PHI not permitted under this Addendum, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in no event more than fifteen (15) business days following Discovery; provided, however, that the parties acknowledge and agree that this Section constitutes notice by CHC to Customer of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents. 'Unsuccessful Security Incidents' will include, but not be limited to, pings and other broadcast attacks on CHC's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access to, Use or Disclosure of PHI. CHC's notification to Customer of a Breach will comply with the requirements set forth in 45 C.F.R. 164.404.
Reporting of Improper Use or Disclosure, Security Incident or Breach. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, without unreasonable delay, and in any event no more than ten (10) business days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents.
Reporting of Improper Use or Disclosure, Security Incident or Breach. McKesson shall report to Provider any use or disclosure of PHI not provided for by the Underlying Agreement of which it becomes aware. McKesson shall report to Provider any Security Incident of which it becomes aware. McKesson shall notify Provider of any Breach of Unsecured PHI as soon as practicable, and no later than fifteen (15) days after discovery of such Breach. McKesson’s notification to Provider of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by McKesson to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Provider would need to include in its notification, as such particulars are identified in 42 U.S.C. § 17932 and 45 C.F.R. § 164.404.
