Reporting Security Incidents. The Business Associate will report to the County any Incident of which the Business Associate becomes aware that is:
Reporting Security Incidents. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware, in the following time and manner:
Reporting Security Incidents. Contractor agrees to report to the City any Security Incident immediately upon becoming aware of such. Contractor further agrees to provide the City with the following information regarding the Security Incident as soon as possible, but no more than five (5) business days after becoming aware of the Security Incident: (1) a brief description of what happened, including the dates the Security Incident occurred and was discovered; (2) a reproduction of the PHI or EPHI involved in the Security Incident; and (3) a description of whether and how the PHI or EPHI involved in the Security Incident was rendered unusable, unreadable, or indecipherable to unauthorized individuals either by encryption or otherwise destroying the PHI or EPHI prior to disposal. If Contractor determines that it is infeasible to reproduce the PHI or EPHI involved in the Security Incident, the Contractor agrees to notify the City in writing of the conditions that make reproduction infeasible and any information the Contractor has regarding the PHI or EPHI involved. Contractor agrees to cooperate in a timely fashion with the City regarding all Security Incidents reported to the City. The City will review all Security Incidents reported by Contractor. Contractor will take the following steps in response, to the extent necessary or required by law, including, but not limited to, (1) notifying the individual(s) whose PHI or EPHI was involved in the Security Incident, either in writing, via telephone, through the media, or by posting a notice on the City’s website, or through a combination of those methods, of the Security Incident; and (2) providing the individual(s) whose PHI or EPHI was involved in the Security Incident with credit monitoring services for a period of time to be determined by the City, at no cost to the individuals. The City, to the extent necessary or required by law, will provide notice of the Security Incident, as required by law, to the Secretary of the United States Department of Health and Human Services (“HHS”). Contractor agrees to reimburse the City for all expenses incurred as a result of Contractor’s Security Incidents, including, but not limited to, expenses related to the activities described above. Contractor agrees that the City will select the Contractors and negotiate the contracts related to said expenses.
Reporting Security Incidents. Business Associate will report to the Covered Entity and County’s Privacy Officer any Incident of which Business Associate becomes aware that is (1) a successful unauthorized access, use or disclosure of Electronic PHI or PI; or (2) modification or destruction of Electronic PHI or PI or (b) interference with system operations in an information system containing Electronic PHI or PI.
Reporting Security Incidents. Unless otherwise specified in the Authorized User Agreement, Contractor shall report any Security Incidents to the Authorized User in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy and associated standards ITS Policy NYS-S13-005 Cyber Incident Response Standard (or successor policy(ies)).
Reporting Security Incidents. 2.3.1 Business Associate will report security incidents that materially interfere with an information system used in connection with PHI. Business Associate will report those security incidents to HCA within five days of their discovery by Business Associate. If such an incident is also a Breach or may be a Breach, subsection 2.4 applies instead of this provision.
Reporting Security Incidents. Business Associate will report security incidents that materially interfere with an information system used in connection with PHI. Business Associate will report those security incidents to HCA within five (5) days of their discovery by Business Associate. If such an incident is also a Breach or may be a Breach, subsection 3 applies instead of this provision. Access Attempts shall be recorded in Business Associate’s system logs. Access Attempts are not categorically considered unauthorized Use or Disclosure, but Access Attempts do fall under the definition of Security Incident and Business Associate is required to report them to HCA. Since Business Associate’s reporting and HCA’s review of all records of Access Attempts would be materially burdensome to both parties without necessarily reducing risks to information systems or PHI, the parties agree that Business Associate will review logs and other records of Access Attempts, will investigate events where it is not clear whether or not an apparent Access Attempt was successful, and determine whether an Access Attempt:
Reporting Security Incidents. A. Company agrees to the following reporting procedures for Security Incidents that result in unauthorized access, use, disclosure, modification or destruction of EPHI or interference with system operations (“Successful Security Incidents”) and for security incidents that do not result in unauthorized access, use, disclosure, modification or destruction of EPHI or interference with system operations (“Unsuccessful Security Incidents”.) In the event that a Successful Security Incident involves EPHI, then Company will also be required to submit a breach report as required by Subsection 6.A and 6.B, in addition to the report described below in Section 7.B.
Reporting Security Incidents. VENDOR agrees to report to Community any Security Incident immediately upon becoming aware of such. VENDOR further agrees to provide Community with the following information regarding the Security Incident as soon as possible, but no more than five (5) business days after becoming aware of the Security Incident: (1) a brief description of what happened, including the dates the Security Incident occurred and was discovered;
Reporting Security Incidents. Business Associate will report to the Covered Entity any Security Incident of which Business Associate becomes aware that is (1) a successful unauthorized access, use or disclosure of any Electronic Protected Health Information; or (2) a successful major (a) modification or destruction of any Electronic Protected Health Information or (b) interference with system operations in an information system containing any Electronic Protected Health Information. Upon the Covered Entity’s request, Business Associate will report any incident of which Business Associate becomes aware that is a successful minor (a) modification or destruction of any Electronic Protected Health Information or (b) interference with system operations in an information system containing any Electronic Protected Health Information.
