Documenting and Reporting Breaches 6.1 Business Associate shall report to Covered Entity any Breach of Unsecured PHI, including Breaches reported to it by a Subcontractor, as soon as it (or any of its employees or agents) becomes aware of any such Breach, and in no case later than two (2) business days after it (or any of its employees or agents) becomes aware of the Breach, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request. In addition to the requirements set forth in any applicable Business Associate Agreement as may be attached to this Contract, in the event of any actual security breach or reasonable belief of an actual security breach the Contractor either suffers or learns of that either compromises or could compromise State Data (a “Security Breach”), the Contractor shall notify the State within 24 hours of its discovery. Contractor shall immediately determine the nature and extent of the Security Breach, contain the incident by stopping the unauthorized practice, recover records, shut down the system that was breached, revoke access and/or correct weaknesses in physical security. Contractor shall report to the State: (i) the nature of the Security Breach; (ii) the State Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what the Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure; and (v) what corrective action the Contractor has taken or shall take to prevent future similar unauthorized use or disclosure. The Contractor shall provide such other information, including a written report, as reasonably requested by the State. Contractor shall analyze and document the incident and provide all notices required by applicable law. In accordance with Section 9 V.S.A. §2435(b)(3), the Contractor shall notify the Office of the Attorney General, or, if applicable, Vermont Department of Financial Regulation (“DFR”), within fourteen (14) business days of the Contractor’s discovery of the Security Breach. The notice shall provide a preliminary description of the breach. The foregoing notice requirement shall be included in the subcontracts of any of Contractor’s subcontractors, affiliates or agents which may be “data collectors” hereunder. The Contractor agrees to fully cooperate with the State and assume responsibility at its own expense for the following, to be determined in the sole discretion of the State: (i) notice to affected consumers if the State determines it to be appropriate under the circumstances of any particular Security Breach, in a form recommended by the AGO; and (ii) investigation and remediation associated with a Security Breach, including but not limited to, outside investigation, forensics, counsel, crisis management and credit monitoring, in the sole determination of the State. The Contractor agrees to comply with all applicable laws, as such laws may be amended from time to time (including, but not limited to, Chapter 62 of Title 9 of the Vermont Statutes and all applicable State and federal laws, rules or regulations) that require notification in the event of unauthorized release of personally-identifiable information or other event requiring notification. In addition to any other indemnification obligations in this Contract, the Contractor shall fully indemnify and save harmless the State from any costs, loss or damage to the State resulting from a Security Breach or the unauthorized disclosure of State Data by the Contractor, its officers, agents, employees, and subcontractors.
Records and Reporting 7.01. The Implementing Entity shall provide to the Board, through the Secretariat, the following reports and financial statements:
Data and Reports The School is consistent in providing information, data, documentation, evindence and reports requested by the Commission pursuant to HRS §302D-17. x Review of submissions.
Data Collection and Reporting 1. Grantee shall develop and use a local reporting unit that will provide an assigned location for all clients served within the Hospital. This information shall also be entered into Client Assignment and Registration (CARE)when reporting on beds utilized at the Hospital.
Safeguards Monitoring and Reporting 8. The Borrower shall do the following or cause the Project Executing Agency to do the following:
Monitoring and Reporting 3.1 The Contractor shall provide workforce monitoring data as detailed in paragraph 3.2 of this Schedule 8. A template for data collected in paragraphs 3.2, 3.3 and 3.4 will be provided by the Authority. Completed templates for the Contractor and each Sub-contractor will be submitted by the Contractor with the Diversity and Equality Delivery Plan within six (6) Months of the Commencement Date and annually thereafter. Contractors are required to provide workforce monitoring data for the workforce involved in delivery of the Contract. Data relating to the wider Contractor workforce and wider Sub-contractors workforce would however be well received by the Authority. Contractors and any Sub-contractors are required to submit percentage figures only in response to paragraphs 3.2(a), 3.2(b) and 3.2(c).
RECORDS, INFORMATION AND REPORTS Contractor shall maintain full and accurate records with respect to all matters covered under this Agreement. To the extent permitted by law, County shall have free access at all proper times or until the expiration of four (4) years after the furnishing of services to such records, and the right to examine and audit the same and to make transcripts therefrom, and to inspect all data, documents, proceedings, and activities pertaining to this Agreement. To the extent permitted by law, Contractor shall furnish County such periodic reports as County may request pertaining to the work or services undertaken pursuant to this Agreement. The costs and obligations incurred or to be incurred in connection therewith shall be borne by the Contractor.
Funding, Services and Reporting The HSP represents warrants and covenants that
Diverse Spend Reporting If the total value of the Contract may exceed $500,000, including all extension options, Contractor must track and report, on a quarterly basis, the amount paid to diverse businesses both: 1) directly to subcontractors performing under the Contract, and 2) indirectly to diverse businesses that provide supplies/services to your company (in proportion to the revenue from this Contract compared to Contractor’s overall revenue). When this applies, Contractor will register in a free portal to help report the Tier 2 diverse spend, and the requirement continues as long as the Contract is in effect.
