Notification of Breach. During the term of the Agreement, Business Associate shall notify Covered Entity in writing within twenty-four (24) hours of any suspected or actual breach of security, intrusion, HIPAA Breach, and/or any actual or suspected use or Disclosure of data in violation of any applicable federal or state laws or regulations. This duty includes the reporting of any Security Incident, of which it becomes aware, affecting the Electronic PHI. Business Associate shall take (i) prompt corrective action to cure any such deficiencies and (ii) any action pertaining to such unauthorized use or Disclosure required by applicable federal and/or state laws and regulations. Business Associate shall investigate such breach of security, intrusion, and/or HIPAA Breach, and provide a written report of the investigation to Covered Entity’s HIPAA Privacy Officer or other designee that is in compliance with 45 C.F.R. section 164.410 and that includes the identification of each individual whose PHI has been breached. The report shall be delivered within fifteen (15) working days of the discovery of the breach or unauthorized use or Disclosure. Business Associate shall be responsible for any obligations under the HIPAA Regulations to notify individuals of such breach, unless Covered Entity agrees otherwise.
Appears in 16 contracts
Samples: Hipaa Business Associate Agreement, Hipaa Business Associate Agreement, Hipaa Business Associate Agreement
