Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:
Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Independence from Material Breach Determination Except as set forth in Section X.D.1.c, these provisions for payment of Stipulated Penalties shall not affect or otherwise set a standard for OIG’s decision that CHSI has materially breached this CIA, which decision shall be made at OIG’s discretion and shall be governed by the provisions in Section X.D, below.