To Individuals. In the case of a breach of PHI or PI discovered by the Business Associate, the Business Associate shall first notify the Covered Entity and the County’s Privacy Officer of the pertinent details of the breach and upon prior approval of the County’s Privacy Officer shall notify each individual whose unsecured PHI or PI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of- date contact information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are ten (10) or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the web site of the Business Associate involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Business Associate to require urgency because of possible imminent misuse of unsecured PHI or PI, the Business Associate may also provide information to individuals by telephone or other means, as appropriate.
Appears in 7 contracts
Samples: Hillsborough County Business Associate Agreement, Hillsborough County Business Associate Agreement, Hillsborough County Business Associate Agreement
To Individuals. In the case of a breach of PHI or PI discovered Protected Health Information, as defined by HIPAA and HITECH, by the Business Associate, the Business Associate shall first notify the Covered Entity and the County’s Privacy Officer of the pertinent details of the breach and upon prior approval of the County’s Privacy Officer Covered Entity shall notify each individual whose unsecured PHI or PI Protected Health Information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual or personal representative (or the next of kin if the individual is deceased) at the last known address of the individual or next of kinkin or personal representative, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of- of-date contact contract information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are ten (10) or more individuals for which there is insufficient or out-out- of-date contact information, a conspicuous posting on the web site of the Business Associate covered entity involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Business Associate to require urgency because of possible imminent misuse of unsecured PHI or PIProtected Health Information, the Business Associate may also provide information to individuals by telephone or other means, as appropriate.
Appears in 4 contracts
Samples: Management Services, Compliance Agreement, Compliance Agreement
To Individuals. In the case of a breach of PHI or PI discovered by the Business Associate, the Business Associate shall first notify the Covered Entity and the County’s Privacy Officer of the pertinent details of the breach and upon prior approval of the County’s Privacy Officer shall notify each individual whose unsecured PHI or PI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of- of-date contact information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are ten (10) or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the web site of the Business Associate involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Business Associate to require urgency because of possible imminent misuse of unsecured PHI or PI, the Business Associate may also provide information to individuals by telephone or other means, as appropriate.
Appears in 3 contracts
