Common use of Reporting of Unauthorized Disclosures and Breaches Clause in Contracts

Reporting of Unauthorized Disclosures and Breaches. The Provider that creates, receives, maintains, or transmits protected health information in its role as a service provider under this agreement shall notify DHSS within 24 hours of any suspected or actual breach of security; intrusion; or unauthorized acquisition, access, use or disclosure of protected health information in violation of any applicable federal or state law. The Provider shall use a Notification of Suspected Breach Form (attached as Exhibit 2 to this Privacy and Security Procedures) to the contact person named in the Provider Agreement and to the Privacy and Security Officers of DHSS. The Provider shall identify for DHSS the individuals whose unsecured protected health information has been, or is reasonably believed to have been, breached so that DHSS can comply with any notification requirements if necessary. The Provider shall also indicate whether the protected health information subject to the suspected or actual breach; intrusion; or unauthorized acquisition, access, use or disclosure was encrypted or destroyed at the time. The Provider will be responsible for complying with any notification requirements under HIPAA, the HITECH Act, the Privacy and Security Rule or other law. The Provider will take prompt corrective action to cure any deficiencies that result in breaches of security; intrusion; or unauthorized acquisition, access, use, and disclosure. The Provider shall indemnify and hold harmless DHSS for any civil monetary penalty imposed, monetary settlement with, or award of damages against, DHSS for acts or omissions in violation of HIPAA, the HITECH Act, or the Privacy and Security Rule that are committed by the Provider or a member of its workforce. Provider shall also reimburse DHSS fro all costs incurred by DHSS that are associated with any mitigation, investigation, or notice of breach DHSS undertakes or provides under HIPAA, the HITECH Act, the Privacy and Security Rule, or other applicable law as a result of a breach of DHSS’s protected health information caused by the Provider or Provider’s agent or subcontractor. The Provider is not an agent of DHSS.

Reporting of Unauthorized Disclosures and Breaches. The Provider grantee that creates, receives, maintains, or transmits protected health information in its role as a service provider under this agreement grantee shall notify DHSS within 24 hours of any suspected or actual breach of security; intrusion; or unauthorized acquisition, access, use or disclosure of protected health information in violation of any applicable federal or state law. The Provider grantee shall use a Notification of Suspected Breach Form (attached as Exhibit 2 to this Privacy and Security Procedures) to the contact person grants administrator named in the Provider Grant Agreement and to the Privacy and Security Officers of DHSS. The Provider grantee shall identify for DHSS the individuals whose unsecured protected health information has been, or is reasonably believed to have been, breached so that DHSS can comply with any notification requirements if necessary. The Provider grantee shall also indicate whether the protected health information subject to the suspected or actual breach; intrusion; or unauthorized acquisition, access, use or disclosure was encrypted or destroyed at the time. The Provider grantee will be responsible for complying with any notification requirements under HIPAA, the HITECH Act, the Privacy and Security Rule or other law. The Provider grantee will take prompt corrective action to cure any deficiencies that result in breaches of security; intrusion; or unauthorized acquisition, access, use, and disclosure. The Provider grantee shall indemnify and hold harmless DHSS for any civil monetary penalty imposed, monetary settlement with, or award of damages against, DHSS for acts or omissions in violation of HIPAA, the HITECH Act, or the Privacy and Security Rule that are committed by the Provider grantee or a member of its workforce. Provider Grantee shall also reimburse DHSS fro for all costs incurred by DHSS that are associated with any mitigation, investigation, or notice of breach DHSS undertakes or provides under HIPAA, the HITECH Act, the Privacy and Security Rule, or other applicable law as a result of a breach of DHSS’s protected health information PHI caused by the Provider Grantee or ProviderXxxxxxx’s agent or subcontractor. The Provider grantee is not an agent of DHSS.

Reporting of Unauthorized Disclosures and Breaches. The Provider that creates, receives, maintains, or transmits protected health information in its role as a service provider under this agreement shall notify DHSS within 24 hours of any suspected or actual breach of security; intrusion; or unauthorized acquisition, access, use or disclosure of protected health information in violation of any applicable federal or state law. The Provider shall use a Notification of Suspected Breach Form (attached as Exhibit 2 to this Privacy and Security Procedures) to the contact person named in the Provider Agreement and to the Privacy and Security Officers of DHSS. The Provider shall identify for DHSS the individuals whose unsecured protected health information has been, or is reasonably believed to have been, breached so that DHSS can comply with any notification requirements if necessaryrequirements. The Provider shall also indicate whether the protected health information subject to the suspected or actual breach; intrusion; or unauthorized acquisition, access, use or disclosure was encrypted or destroyed at the time. The Provider will be responsible for complying with any notification requirements under HIPAA, the HITECH Act, the Privacy and Security Rule or other law. The Provider will take prompt corrective action to cure any deficiencies that result in breaches of security; intrusion; or unauthorized acquisition, access, use, and disclosure. The Provider shall indemnify and hold harmless DHSS for any civil monetary penalty imposed, imposed on or monetary settlement with, or award of damages against, reached by DHSS for acts or omissions in violation of HIPAA, the HITECH Act, or the Privacy and Security Rule that are committed by the Provider or a member of its workforce. Provider shall also reimburse DHSS fro all costs incurred by DHSS that are associated with any mitigation, investigation, or notice of breach DHSS undertakes or provides under HIPAA, the HITECH Act, the Privacy and Security Rule, or other applicable law as a result of a breach of DHSS’s protected health information caused by the Provider or Provider’s agent or subcontractor. The Provider is not an agent of DHSS.

Reporting of Unauthorized Disclosures and Breaches. The Provider that creates, receives, maintains, or transmits protected health information in its role as a service provider under this agreement shall notify DHSS DFCS within 24 hours of any suspected or actual breach of security; intrusion; or unauthorized acquisition, access, use or disclosure of protected health information in violation of any applicable federal or state law. The Provider shall use a Notification of Suspected Breach Form (attached as Exhibit 2 to this Privacy and Security Procedures) to the contact person named in the Provider Agreement and to the Privacy and Security Officers of DHSSDFCS. The Provider shall identify for DHSS DFCS the individuals whose unsecured protected health information has been, or is reasonably believed to have been, breached so that DHSS DFCS can comply with any notification requirements if necessary. The Provider shall also indicate whether the protected health information subject to the suspected or actual breach; intrusion; or unauthorized acquisition, access, use or disclosure was encrypted or destroyed at the time. The Provider will be responsible for complying with any notification requirements under HIPAA, the HITECH Act, the Privacy and Security Rule or other law. The Provider will take prompt corrective action to cure any deficiencies that result in breaches of security; intrusion; or unauthorized acquisition, access, use, and disclosure. The Provider shall indemnify and hold harmless DHSS DFCS for any civil monetary penalty imposed, monetary settlement with, or award of damages against, DHSS DFCS for acts or omissions in violation of HIPAA, the HITECH Act, or the Privacy and Security Rule that are committed by the Provider or a member of its workforce. Provider shall also reimburse DHSS fro DFCS for all costs incurred by DHSS DFCS that are associated with any mitigation, investigation, or notice of breach DHSS DFCS undertakes or provides under HIPAA, the HITECH Act, the Privacy and Security Rule, or other applicable law as a result of a breach of DHSS’s DFCS’ protected health information caused by the Provider or Provider’s agent or subcontractor. The Provider is not an agent of DHSSDFCS.