Notification of Possible Breach. BA shall notify CE within twenty-four (24) hours of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Contract or Addendum; any security incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in and information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by BA or its agents or subcontractors. The notification shall include, to the extent possible, the identification of each individual whose unsecured Protected Information has been, or is reasonably believed by the BA to have been, accessed, acquired, used, or disclosed, as well as any other available information that CE is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited to, 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. BA shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(c); 45 C.F.R. Section164.308(b)].
Notification of Possible Breach. BUSINESS ASSOCIATE shall notify COUNTY within twenty-four (24) hours of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Agreement; any security incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by BUSINESS ASSOCIATE or its agents or subcontractors. The notification shall include, to the extent possible, the identification of each individual whose unsecured Protected Information has been, or is reasonably believed by the BUSINESS ASSOCIATE to have been accessed, acquired, used, or disclosed, as well as any other available information that COUNTY is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited, to 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.l408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. BUSINESS ASSOCIATE shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws. [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)]. Any and all notices required pursuant to the terms and conditions of this provision shall be submitted to COUNTY at the following address: COUNTY: Humboldt County DHHS Compliance and Quality Assurance Office Attention: Compliance and Quality Assurance Administrator & Privacy Officer 000 X Xxxxxx Eureka, California 95501 (000) 000-0000
Notification of Possible Breach. CSMC shall notify Company promptly of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Services Agreement or this Agreement; any Security Incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by CSMC or its agents or subcontractors. Notwithstanding the foregoing, the parties understand that pings and other broadcast attacks on CSMC’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks and any combination of the above shall not be considered a Security Incident, so long as no such incident results in the defeat or circumvention of any security control, or in the unauthorized access, use or disclosure of PHI provided by Covered Entity. The notification shall include, to the extent possible, the identification of each individual whose unsecured Protected Information has been, or is reasonably believed by the business associate to have been, accessed, acquired, used, or disclosed, as well as any other available information that Company is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited, to 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. CSMC shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws. (This provision should be negotiated.) [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)].
Notification of Possible Breach. BUSINESS ASSOCIATE shall notify DHHS immediately upon discovery of breach or incident involving SSA data, or of any suspected or actual breach of Protected Information; any use or disclosure of Protected Information not permitted by the Agreement; any security incident (i.e., any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system) related to Protected Information, and any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by BUSINESS ASSOCIATE or its agents or subcontractors. The notification shall include, to the extent possible, the identification of each individual whose unsecured Protected Information has been, or is reasonably believed by the BUSINESS ASSOCIATE to have been accessed, acquired, used, or disclosed, as well as any other available information that DHHS is required to include in notification to the individual, the media, the Secretary, and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including, but not limited, to 45 C.F.R. Section 164.404 through 45 C.F.R. Section 164.l408, at the time of the notification required by this paragraph or promptly thereafter as information becomes available. BUSINESS ASSOCIATE shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws. [42 U.S.C. Section 17921; 45 C.F.R. Section 164.504(e)(2)(ii)(C); 45 C.F.R. Section 164.308(b)]. Any and all notices required pursuant to the terms and conditions of this provision shall be submitted to DHHS at the following address:
Notification of Possible Breach. AUTHORIZED ENTITY shall notify KAWEAH DELTA within twenty-four (24) hours of any suspected or actual breach or UNAUTHORIZED ACCESS of Protected Information. AUTHORIZED ENTITY shall take (i) prompt corrective action to cure any deficiencies and (ii) any action pertaining to unauthorized uses or disclosures required by applicable federal and state laws.
Notification of Possible Breach. CHPSO shall, following the discovery of any Breach of Unsecured PHI, Security Incident, as defined in the Security Rule, and/or any actual or suspected access, use or disclosure of Protected Information not permitted by the Contract and Addendum or applicable law notify CE in writing of such Breach or disclosure without unreasonable delay and in no case later than three business days after discovery CHPSO shall take prompt corrective action and any action required by applicable state or federal laws and regulations relating to such disclosure. CHPSO agrees to pay the actual costs of CE to provide required notifications and any associated costs incurred by CE, such as credit monitoring for affected patients, and including any civil or criminal monetary penalties or fines levied by any federal or state authority having jurisdiction if CE reasonably determines that the nature of the Breach warrants such measures.
