Corrective Action Obligations Sample Clauses
The Corrective Action Obligations clause requires a party to take specific steps to remedy any identified deficiencies, non-compliance, or failures in performance under the agreement. Typically, this involves promptly investigating the issue, developing a plan to address the problem, and implementing necessary changes or improvements within a set timeframe. This clause ensures that issues are addressed efficiently and helps maintain the quality and integrity of the contractual relationship by providing a clear process for resolving problems as they arise.
Corrective Action Obligations. The FMCNA Covered Entities agree to the following:
A. Conduct Risk Analysis
1. The FMCNA Covered Entities shall conduct an accurate and thorough assessment of the potential security risks and vulnerabilities to the confidentiality, integrity, and availability of the FMCNA Covered Entities’ electronic protected health information (“ePHI”) (“Risk Analysis”). The Risk Analysis shall incorporate the FMCNA Covered Entities’ facilities, whether owned or rented, and evaluate the risks to the ePHI on their electronic equipment, data systems, and applications controlled, administered or owned by the FMCNA Covered Entities, that contain, store, transmit, or receive ePHI. Prior to conducting the Risk Analysis, the FMCNA Covered Entities shall develop a complete inventory of all of their facilities, categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into their Risk Analysis.
2. Within fourteen (14) days of the Effective Date, the FMCNA Covered Entities shall submit to HHS the scope and methodology by which they propose to conduct the Risk Analysis described in paragraph
A.1. HHS shall notify the FMCNA Covered Entities whether the proposed scope and methodology is or is not consistent with 45 C.F.R. § 164.308 (a)(1)(ii)(A).
3. The FMCNA Covered Entities shall provide the Risk Analysis, consistent with paragraph V.A.l , to HHS within one hundred eighty (180) days of HHS’ approval of the FMCNA Covered Entities’ methodology described in paragraph V.A.2 for HHS’ review. Within ninety (90) days of its receipt of the FMCNA Covered Entities’ Risk Analysis, HHS will inform FMCNA Contact in writing as to whether HHS approves of the Risk Analysis or, if necessary to ensure compliance with 45 C.F.R. § 164.308(a)(1)(ii)(A), requires revisions to the Risk Analysis. If HHS requires revisions to the Risk Analysis, HHS shall provide FMCNA Contact with a detailed, written explanation of such required revisions and with comments and recommendations in order for the FMCNA Covered Entities to be able to prepare a revised Risk Analysis. Upon receiving notice of required revisions to the Risk Analysis from HHS and a description of any required changes to the Risk Analysis, the FMCNA Covered Entities shall have sixty (60) days in which to revise their Risk Analysis accordingly and submit the revised Risk Analysis to HHS for review and approval. This submission and review process shall continue until HHS approves the ...
Corrective Action Obligations. UM agrees to the following:
Corrective Action Obligations. AHP agrees to the following:
1. Within five (5) days of the Effective date, AHP shall use its best efforts to retrieve all photocopier hard drives that were contained in photocopiers previously leased by AHP that remain in the possession of Canon Financial Services, and safeguard all EPHI contained therein from impermissible disclosure. If AHP cannot retrieve said hard drives, AHP shall provide OCR with documentation explaining its “best efforts” and the reason it was unable to retrieve said hard drives. If AHP retrieves said hard drives, AHP shall provide OCR written certification that it has completed the requirements specified in this paragraph. AHP’s compliance with this corrective action will be based on the Region’s review and approval of the documentation explaining why its efforts failed to retrieve the hard drives.
2. Within thirty (30) days of the Effective Date, AHP shall conduct a comprehensive risk analysis of the EPHI security risks and vulnerabilities that incorporates all electronic equipment and systems controlled, owned or leased by AHP. AHP shall also, within this time period develop a plan, to address and mitigate any security risks and vulnerabilities found in this analysis and, if necessary, revise its present policies and procedures. The plan and any revised policies and procedures shall be forwarded to OCR for its review consistent with paragraph 3 below.
3. OCR shall review and recommend changes to the plan and any revised policies and procedures specified in paragraph 2. Upon receiving OCR’s recommended changes, AHP shall have thirty calendar days to provide a revised plan and any revised policies and procedures to OCR for review and approval. AHP shall implement the plan and distribute and train staff members on any revised policies and procedures within thirty (30) calendar days of OCR’s approval.
Corrective Action Obligations. Advocate agrees to the following:
Corrective Action Obligations. The Covered Entity agrees to the following:
A. Security Management Process
1. Within one year following the Effective Date the Covered Entity shall conduct a comprehensive, organizational-wide risk analysis of the ePHI security risks and vulnerabilities that incorporates all of the Covered Entity’s electronic media and systems.
2. The Covered Entity shall develop a risk management plan to address and mitigate any security risks and vulnerabilities following the risk analysis specified in paragraph
Corrective Action Obligations. NYP agrees to the following:
A. Policies and Procedures
1. NYP shall develop, maintain, and revise, as necessary, its written policies and procedures to comply with the Federal standards that govern the privacy and security of individually identifiable health information (45 C.F.R. Part 160 and Subparts A, C, and E of Part 164, the Privacy and Security Rules). NYP’s policies and procedures shall include, but not be limited to, the minimum content set forth in section V.C.
2. NYP shall provide such policies and procedures, consistent with paragraph 1 above, to HHS within ninety (90) days of the Effective Date for review and approval. Upon receiving any recommended changes to such policies and procedures from HHS, NYP shall have 30 days to revise such policies and procedures accordingly and provide the revised policies and procedures to HHS for review and approval.
3. NYP shall implement such policies and procedures within sixty (60) days of receipt of HHS’ final approval.
Corrective Action Obligations. UCLAHS agrees to the following:
Corrective Action Obligations. CU agrees to take the following corrective actions to address the Covered Conduct. To the extent necessary, CU shall collaborate with New York-Presbyterian (NYP) for the purpose of implementing the actions specified below:
A. Conduct a thorough Risk Analysis
Corrective Action Obligations. UW agrees to the following:
A. Security Management Process.