Providing Notice of Breaches. 8.1 If Covered Entity determines that an impermissible acquisition, access, use or disclosure of PHI for which one of Business Associate’s employees or agents was responsible constitutes a Breach as defined in 45 CFR § 164.402, and if requested by Covered Entity, Business Associate shall provide notice to the individual(s) whose PHI has been the subject of the Breach. When requested to provide notice, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. The cost of notice and related remedies shall be borne by Business Associate.
Providing Notice of Breaches. 8.1 If Covered Entity determines that a Breach of PHI for which Business Associate was responsible, and if requested by Covered Entity, Business Associate shall provide notice to the Individual whose PHI has been the subject of the Breach. When so requested, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. Business Associate shall be responsible for the cost of notice and related remedies.
Providing Notice of Breaches. If Covered Entity determines that a Breach of PHI for which Business Associate was responsible, and if requested by Covered Entity, Business Associate shall provide notice to the Individual whose PHI has been the subject of the Breach. When so requested, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. Business Associate shall be responsible for the cost of notice and related remedies. The notice to affected Individuals shall be provided as soon as reasonably possible and in no case later than sixty (60) calendar days after Business Associate reported the Breach to Covered Entity. The notice to affected Individuals shall be written in plain language and shall include, to the extent possible: 1) a brief description of what happened; 2) a description of the types of Unsecured PHI that were involved in the Breach; 3) any steps Individuals can take to protect themselves from potential harm resulting from the Breach; 4) a brief description of what the Business Associate is doing to investigate the Breach to mitigate harm to Individuals and to protect against further Breaches; and 5) contact procedures for Individuals to ask questions or obtain additional information, as set forth in 45 CFR § 164.404(c). Business Associate shall notify Individuals of Breaches as specified in 45 CFR § 164.404(d) (methods of Individual notice). In addition, when a Breach involves more than 500 residents of Vermont, Business Associate shall, if requested by Covered Entity, notify prominent media outlets serving Vermont, following the requirements set forth in 45 CFR § 164.406.
Providing Notice of Breaches. 7.1 If Business Associate determines that an impermissible acquisition, access, use or disclosure of PHI for which one of Business Associate’s employees or agents was responsible constitutes a Breach as defined in 45 CFR §164.402, and if requested by Covered Entity, Business Associate shall provide notice to the individuals whose PHI was the subject of the Breach. When requested to provide notice, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice. The cost of notice shall be borne by Business Associate. Covered Entity acknowledges and agrees that Business Associate may not have sufficient contact information regarding the affected individuals to allow Business Associate to meet its obligations under this Section 7. Business Associate’s obligations under this Section 7 shall be subject to Covered Entity providing Business Associate with the necessary contact information regarding the affected individuals.
Providing Notice of Breaches. 8.1 If Onpoint reasonably determines that an impermissible acquisition, access, use or disclosure of PHI for which one of Onpoint’s employees or agents was responsible constitutes a Breach of Unsecured PHI, and if requested by Covered Entity, Onpoint shall provide notice to the individual(s) whose PHI has been the subject of such Breach. When requested to provide notice, Onpoint shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. The cost of notice shall be borne by Onpoint. Covered Entity acknowledges and agrees that Onpoint may not have sufficient contact information regarding the affected individuals to allow Onpoint to meet its obligations under this Section 8.1. Onpoint’s obligations under this Section 8.1 shall be subject to Covered Entity providing Onpoint with the necessary contact information regarding the affected individuals.
