Reporting Unsuccessful Security Incidents. The Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents. The foregoing notwithstanding, Business Associate shall, upon Covered Entity’s written request, report to Covered Entity Unsuccessful Security Incidents in accordance with the reporting requirements herein. For Unsuccessful Security Incidents, Business Associate shall provide Covered Entity, upon its written request, a report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies. Cooperation with Violations. Business Associate will cooperate with Covered Entity’s investigation and/or risk assessment with respect to any report made pursuant to Section 2.14, will abide by Covered Entity’s decision with respect to whether such acquisition, access, Use or Disclosure constitutes a Breach of PHI and will follow Covered Entity’s instructions with respect to any event reported to Covered Entity by Business Associate pursuant to Section 2.14. Business Associate shall maintain complete records regarding any event requiring reporting for the period required by 45 C.F.R. 164.530(j) or such longer period as may be required by state law and shall make such records available to Covered Entity promptly upon request but in no event later than within five (5) business days.
Appears in 7 contracts
Samples: Business Associate Addendum, Business Associate Agreement, Business Associate Agreement
