Common use of Notification of Breach Clause in Contracts

Notification of Breach. Business Associate shall notify Covered Entity within three (3) business days after it, or any of its employees or agents, reasonably suspects that a Breach of Unsecured PHI, may have occurred. Business Associate shall exercise reasonable diligence to become aware of whether a Breach of Unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered Entity. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach of Unsecured PHI has occurred and whether notification to affected Individuals of the Breach of Unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing Covered Entity with additional information related to the suspected Breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals must be notified because a Breach of Unsecured PHI has occurred and (ii) Business Associate is in a better position to notify the affected Individuals of such Breach, Business Associate shall immediately provide the required notice (1) within the time frame defined by 45 CFR 164.404(b), (2) in a form and containing such information reasonably requested by Covered Entity, (3) containing the content specified in 45 CFR 164.404(c), and (4) using the method(s) prescribed by 45 CFR 164.404(d). In addition, in the event that Covered Entity indicates to Business Associate that Covered Entity will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach of Unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of Business Associate’s breach of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matter.

Notification of Breach. Business Associate shall notify Covered Entity within three (3) business days after it, or any of its employees or agents, reasonably suspects that a Breach of Unsecured PHI, may have occurred. Business Associate shall exercise reasonable diligence to become aware of whether a Breach of Unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered Entity. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach of Unsecured PHI has occurred and whether notification to affected Individuals of the Breach of Unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing Covered Entity with additional information related to the suspected Breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals must be notified because a Breach of Unsecured PHI has occurred and (ii) Business Associate is in a better position to notify the affected Individuals of such Breach, Business Associate shall immediately provide the required notice (1) within the time frame defined by 45 CFR 164.404(b), (2) in a form and containing such information reasonably requested by Covered Entity, (3) containing the content specified in 45 CFR 164.404(c), and (4) using the method(s) prescribed by 45 CFR 164.404(d). In addition, in the event that Covered Entity indicates to Business Associate that Covered Entity will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach of Unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of Business Associate’s Associate‟s breach of its obligations under this Section, including reasonable attorney’s attorney‟s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matter.

Notification of Breach. Business Associate shall notify Covered Entity within three (3) business days after it, or any of its employees employees, subcontractors, or agents, reasonably suspects that a Breach breach of Unsecured PHI, unsecured PHI as defined by 45 CFR 164.402 may have occurred, irrespective of any occurrence or non-occurrence of harm. Notice to KDHE shall consist of notifying the KDHE Privacy Officer by phone or email of the occurrence of a Breach or suspected occurrence of a Breach. Business Associate shall exercise reasonable diligence to become aware of whether a Breach breach of Unsecured unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered Entity. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach breach of Unsecured unsecured PHI has occurred and whether notification to affected Individuals individuals of the Breach breach of Unsecured unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing the Covered Entity with additional information related to the suspected Breach breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals individuals must be notified because a Breach breach of Unsecured unsecured PHI has occurred and (ii) Business Associate is in a better the best position to notify the affected Individuals individuals of such Breachbreach, Business Associate shall immediately provide the required notice (1) within the time frame defined by 45 CFR 164.404(b), (2) in a form and containing such information reasonably requested by Covered Entity, (3) containing the content specified in 45 CFR 164.404(c), and (4) using the method(s) prescribed by 45 CFR 164.404(d). In addition, in the event that Covered Entity indicates to Business Associate that Covered Entity will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach breach of Unsecured unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of a Business Associate’s breach breach, or Business Associate’s subcontractor or agent’s breach, of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matterAgreement.

Notification of Breach. Business Associate shall notify Covered Entity Contractor within three (3) business days after it, or any of its employees employees, subcontractors, or agents, reasonably suspects that a Breach breach of Unsecured PHI, unsecured PHI as defined by 45 CFR 164.402 may have occurred, irrespective of any occurrence or non-occurrence of harm. Notice to KDHE shall consist of notifying the KDHE Privacy Officer by phone or email of the occurrence of a Breach or suspected occurrence of a Breach. Business Associate shall exercise reasonable diligence to become aware of whether a Breach breach of Unsecured unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered EntityContractor. Business Associate shall cooperate with Covered Entity Contractor in the determination as to whether a Breach breach of Unsecured unsecured PHI has occurred and whether notification to affected Individuals individuals of the Breach breach of Unsecured unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing the Covered Entity Contractor with additional information related to the suspected Breach breach as it becomes available. In the event that Covered Entity Contractor informs Business Associate that (i) Covered Entity Contractor has determined that the affected Individuals individuals must be notified because a Breach breach of Unsecured unsecured PHI has occurred and (ii) Business Associate is in a better the best position to notify the affected Individuals individuals of such Breachbreach, Business Associate shall immediately provide the required notice (1) within the time frame defined by 45 CFR 164.404(b), (2) in a form and containing such information reasonably requested by Covered EntityContractor, (3) containing the content specified in 45 CFR 164.404(c), and (4) using the method(s) prescribed by 45 CFR 164.404(d). In addition, in the event that Covered Entity Contractor indicates to Business Associate that Covered Entity Contractor will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity Contractor related to the obligation to provide a notification of a Breach breach of Unsecured unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity Contractor harmless from all liability, costs, expenses, claims or other damages that Covered EntityContractor, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of a Business Associate’s breach breach, or Business Associate’s subcontractor or agent’s breach, of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matterAgreement.

Notification of Breach. Business During the term of this Addendum, the Associate shall notify Covered Entity the Agency and, unless otherwise directed by the Agency in writing, the WV Office of Technology immediately by e-mail or web form upon the discovery of any Breach of unsecured PHI; or within three (3) business days after it24 hours by e-mail or web form of any suspected Security Incident, intrusion or unauthorized use or disclosure of PHI in violation of this Agreement and this Addendum, or any potential loss of its employees or agents, reasonably suspects that a Breach of Unsecured PHI, may have occurredconfidential data affecting this Agreement. Business Associate Notification shall exercise reasonable diligence be provided to become aware of whether a Breach of Unsecured PHI may have occurred the Agency Procurement Officer at xxx.xxxxx.xx.xx/xxxxx/xxxxxxxx/xxx/xxxxxxxx.xxx and, except as stated to unless otherwise directed by the contrary Agency in this Sectionwriting, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered EntityOffice of Technology at xxxxxxxx@xx.xxx or xxxxx://xxxx.xx.xxx/ot/ir/Default.aspx. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach of Unsecured PHI has occurred and whether notification to affected Individuals of the Breach of Unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing Covered Entity with additional information related to the suspected Breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals must be notified because a Breach of Unsecured PHI has occurred and (ii) Business Associate is in a better position to notify the affected Individuals of such Breach, Business The Associate shall immediately provide investigate such Security Incident, Breach, or unauthorized use or disclosure of PHI or confidential data. Within 72 hours of the required notice discovery, the Associate shall notify the Agency Procurement Officer, and, unless otherwise directed by the Agency in writing, the Office of Technology of: (1a) within Date of discovery; (b) What data elements were involved and the time frame defined by 45 CFR 164.404(b)extent of the data involved in the Breach; (c) A description of the unauthorized persons known or reasonably believed to have improperly used or disclosed PHI or confidential data; (d) A description of where the PHI or confidential data is believed to have been improperly transmitted, sent, or utilized; (2e) in a form and containing such information reasonably requested by Covered Entity, (3) containing A description of the content specified in 45 CFR 164.404(c), probable causes of the improper use or disclosure; and (4f) using Whether any federal or state laws requiring individual notifications of Breaches are triggered. Agency will coordinate with Associate to determine additional specific actions that will be required of the method(s) prescribed Associate for mitigation of the Breach, which may include notification to the individual or other authorities. All associated costs shall be borne by 45 CFR 164.404(d)the Associate. In additionThis may include, but not be limited to costs associated with notifying affected individuals. If the Associate enters into a subcontract relating to the Agreement where the subcontractor or agent receives PHI as described in section 2.a. of this Addendum, all such subcontracts or downstream agreements shall contain the same incident notification requirements as contained herein, with reporting directly to the Agency Procurement Officer. Failure to include such requirement in any subcontract or agreement may result in the event that Covered Entity indicates to Business Associate that Covered Entity will make Agency's termination of the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach of Unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of Business Associate’s breach of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matterAgreement.

Notification of Breach. Business Associate shall notify Covered Entity within three five (35) business days after it, or any of its employees employees, subcontractors, or agents, reasonably suspects discovers that a Breach breach of Unsecured PHI, unsecured PHI as defined by 45 CFR 164.402 may have occurred, irrespective of any occurrence or non-occurrence of harm. Notice to KDHE shall consist of notifying the KDHE Privacy Officer by phone or email of the occurrence of a Breach or suspected occurrence of a Breach. Business Associate shall exercise reasonable diligence to become aware of whether a Breach breach of Unsecured unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered Entity. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach breach of Unsecured unsecured PHI has occurred and whether notification to affected Individuals individuals of the Breach breach of Unsecured unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing the Covered Entity with additional information related to the suspected Breach breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals individuals must be notified because a Breach breach of Unsecured unsecured PHI has occurred and (ii) Business Associate is in a better the best position to notify the affected Individuals individuals of such Breachbreach, Business Associate shall immediately provide the required notice (1) within the time frame defined by 45 CFR 164.404(b), (2) in a form and containing such information reasonably requested by Covered Entity, (3) containing the content specified in 45 CFR 164.404(c), and (4) using the method(s) prescribed by 45 CFR 164.404(d). In addition, in the event that Covered Entity indicates to Business Associate that Covered Entity will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach breach of Unsecured unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of a Business Associate’s breach breach, or Business Associate’s subcontractor or agent’s breach, of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matterAgreement.

Notification of Breach. Business Associate shall notify Covered Entity within three (3) business days after it, or any of its employees or agents, reasonably suspects that a Breach breach of Unsecured unsecured PHI, as defined by 45 C.F.R. § 164.402, may have occurred. Business Associate shall exercise reasonable diligence to become aware of whether a Breach breach of Unsecured unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR C.F.R. § 164.410 in making the required notification to Covered Entity. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach breach of Unsecured unsecured PHI has occurred and whether notification to affected Individuals individuals of the Breach breach of Unsecured unsecured PHI is required by 45 CFR C.F.R. § 164.400 et seq., including continuously providing the Covered Entity with additional information related to the suspected Breach breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals individuals must be notified because a Breach breach of Unsecured unsecured PHI has occurred and (ii) Business Associate is in a better position to notify the affected Individuals individuals of such Breachbreach, Business Associate shall immediately provide the required notice (1) within the time frame defined by 45 CFR C.F.R. § 164.404(b), (2) in a form and containing such information reasonably requested by Covered Entity, (3) containing the content specified in 45 CFR C.F.R. § 164.404(c), and (4) using the method(s) prescribed by 45 CFR C.F.R. § 164.404(d). In addition, in the event that Covered Entity indicates to Business Associate that Covered Entity will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach breach of Unsecured unsecured PHI under 45 CFR C.F.R. 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of a Business Associate’s breach of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matter.

Notification of Breach. Business Associate shall notify Covered Entity within three (3) business days after it, or any of its employees employees, subcontractors, or agents, reasonably suspects that a Breach breach of Unsecured PHI, unsecured PHI as defined by 45 CFR 164.402 may have occurred, irrespective of any occurrence or non-occurrence of harm. Notice to KDHE shall consist of notifying the KDHE Privacy Officer by phone or email of the occurrence of a Breach or suspected occurrence of a Breach. Business Associate shall exercise reasonable diligence to become aware of whether a Breach breach of Unsecured unsecured PHI may have occurred and, except as stated to the contrary in this Section, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered Entity. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach breach of Unsecured unsecured PHI has occurred and whether notification to affected Individuals individuals Contract #10084 of the Breach breach of Unsecured unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing the Covered Entity with additional information related to the suspected Breach breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals individuals must be notified because a Breach breach of Unsecured unsecured PHI has occurred and (ii) Business Associate is in a better the best position to notify the affected Individuals individuals of such Breachbreach, Business Associate shall shalf immediately provide the required notice (1) within the time frame defined by 45 CFR 164.404(b), (2) in a form and containing such information reasonably requested by Covered Entity, (3) containing the content specified in 45 CFR 164.404(c), and (4) using the method(s) prescribed by 45 CFR 164.404(d). In addition, in the event that Covered Entity indicates to Business Associate that Covered Entity will make the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach breach of Unsecured unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of a Business Associate’s breach 's breach, or Business Associate's subcontractor or agent's breach, of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matterAgreement.

Notification of Breach. Business During the term of this Agreement, the Associate shall notify Covered Entity the Agency and, unless otherwise directed by the Agency in writing, the WV Office of Technology immediately by telephone call plus e-mail, web form or fax upon the discovery of any Breach of unsecured PHI; or within three (3) business days after it24 hours by e• mail or fax of any suspected Security Incident, intrusion or unauthorized use or disclosure of PHI in violation of this Agreement and this Addendum, or any potential loss of its employees or agents, reasonably suspects that a Breach of Unsecured PHI, may have occurredconfidential data affecting this Agreement. Business Associate Notification shall exercise reasonable diligence be provided to become aware of whether a Breach of Unsecured PHI may have occurred the Agency Procurement Officer at xxx.xxxxx.xx.xx/xxxxx/xxxxxxxx/xxx/xxxxxxxx.xxx and, except as stated to unless otherwise directed by the contrary Agency in this Sectionwriting, shall otherwise comply with 45 CFR 164.410 in making the required notification to Covered EntityOffice of Technology at xxxxxxxx@xx.xxx. Business Associate shall cooperate with Covered Entity in the determination as to whether a Breach of Unsecured PHI has occurred and whether notification to affected Individuals of the Breach of Unsecured PHI is required by 45 CFR 164.400 et seq., including continuously providing Covered Entity with additional information related to the suspected Breach as it becomes available. In the event that Covered Entity informs Business Associate that (i) Covered Entity has determined that the affected Individuals must be notified because a Breach of Unsecured PHI has occurred and (ii) Business Associate is in a better position to notify the affected Individuals of such Breach, Business The Associate shall immediately provide investigate such Security Incident, Breach, or unauthorized use or disclosure of PHI or confidential data. Within 72 hours of the required notice discovery, the Associate shall notify the Agency Procurement Officer, and, unless otherwise directed by the Agency in writing, the Office of Technology of: (1a) within Date of discovery; (b) What data elements were involved and the time frame defined by 45 CFR 164.404(b)extent of the data involved in the Breach; (c) A description of the unauthorized persons known or reasonably believed to have improperly used or disclosed PHI or confidential data; (d) A description of where the PHI or confidential data is believed to have been improperly transmitted, sent, or utilized; (2e) in a form and containing such information reasonably requested by Covered Entity, (3) containing A description of the content specified in 45 CFR 164.404(c), probable causes of the improper use or disclosure; and (4f) using Whether any federal or state laws requiring individual notifications of Breaches are triggered. Agency will coordinate with Associate to determine additional specific actions that will be required of the method(s) prescribed Associate for mitigation of the Breach, which may include notification to the individual or other authorities. All associated costs shall be borne by 45 CFR 164.404(d)the Associate. In additionThis may include, but not be limited to costs associated with notifying affected individuals. If the Associate enters into a subcontract relating to the Agreement where the subcontractor or agent receives PHI as described in Section 2.a of this Addendum, all such subcontracts or downstream agreements shall contain the same incident notification requirements as contained herein, with reporting directly to the Agency Procurement Officer. Failure to include such requirement in any subcontract or agreement may result in the event that Covered Entity indicates to Business Associate that Covered Entity will make Agency's termination of the required notification, Business Associate shall promptly take all other actions reasonably requested by Covered Entity related to the obligation to provide a notification of a Breach of Unsecured PHI under 45 CFR 164.400 et seq. Business Associate shall indemnify and hold Covered Entity harmless from all liability, costs, expenses, claims or other damages that Covered Entity, its related corporations, or any of its or their directors, officers, agents, or employees, may sustain as a result of Business Associate’s breach of its obligations under this Section, including reasonable attorney’s fees and any criminal or civil penalties, fines or assessments levied against Covered Entity, as the result of acts or omissions of Business Associate, by a court or administrative agency having jurisdiction over the matterAgreement.