Reporting Breaches and Security Incidents Sample Clauses

Reporting Breaches and Security Incidents. Without limiting any Business Associate Agreement entered into pursuant to Section 10 (Business Associate Agreement), HIO and Participant shall report to the other any use or disclosure of Patient Data not provided for by these Terms and Conditions of which HIO or Participant becomes aware, any security incident (other than an Unsuccessful Security Incident) concerning electronic Patient Data and any Breach of Privacy or Security. This report shall be made without unreasonable delay and in no case later than [insert number of days].
Sample 1Sample 2
AutoNDA by SimpleDocs
Reporting Breaches and Security Incidents. Within five(5) days of obtaining knowledge thereof, Business Associate will promptly report to Covered Entity any impermissible use or disclosure under Privacy Laws that compromises the security or privacy of the PHI (“Breach”) and any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system that does not compromise the security or privacy of the PHI (“Security Incidents”). Notice is hereby deemed provided, and no further notice will be given, with respect to routine unsuccessful attempts at unauthorized access to ePHI such as pings and other broadcast attacks on firewalls, denial of service attacks, failed login attempts, and port scans. Business Associate will identify and respond internally to suspected or known Security Incidents, and will mitigate, to the extent practicable, their harmful effects, document their outcomes, and provide such documentation to Covered Entity upon request. The Parties will meet and confer in good faith before notifying affected individuals and/or commencing any legal action regarding any suspected or actual Breach or Security Incident and/or breach of this BAA, so long as doing so will not constitute a violation of Privacy Laws, and shall comply with applicable Privacy Laws regarding the need for and nature of any notification. If the Parties are unable to agree during their meet and confer, Business Associate will not be responsible for any notification obligations under Privacy Laws, and specifically, without limitation, obligations under section 13402 of HITECH.
Sample 1
Reporting Breaches and Security Incidents. HIO shall on an annual basis provide a report to all Participants describing in summary form Unsuccessful Security Incidents reported by Participants to HIO pursuant to Section 9.2.2 (Reporting Unsuccessful Security Incidents).72 72 While not required by HIPAA or HITECH, the HIO may find it helpful to establish mechanisms by which all Participants are kept informed of the breaches that are most likely to affect them and/or their participation in health information sharing. These mechanisms may support the HIO’s efforts to enhance accountability and transparency within the health information sharing effort (see 17 (Transparency, Oversight, Enforcement and Accountability)). 10 BUSINESS ASSOCIATE AGREEMENT (Not Applicable for Model #2)73 If, pursuant to the applicable Participation Agreement, the HIO is to act as the business associate (as defined by HIPAA) of the Participant, the HIO shall enter into a Business Associate Contract with that Participant in the form attached hereto as Exhibit X.
Sample 1
Reporting Breaches and Security Incidents. Without limiting any Business Associate Agreement entered into pursuant to Section 10 (Business Associate Agreement), HIO and Participant shall report to the other any use or disclosure of Patient Data not provided for by 68 Under Model #1, under which the HIO will not be establishing or applying privacy, security or other standards for health information exchange, Section 9 (Privacy and Security of Patient Data) will be unnecessary. 69 Health care providers and other entities covered by HIPAA (and their business associates) and/or CMIA are subject to multiple legal requirements regarding the reporting of data breaches and security incidents. The provisions of Section 9.2 (Reporting of Breaches and Security Incidents) are not required for compliance with those laws. However, HIOs may find that establishing the reporting mechanisms described in Section 9.2 (Reporting of Breaches and Security Incidents) will prove sufficiently valuable in promoting trust among Participants to justify their additional burdens. Further, to the extent an HIO is acting as a business associate to a HIPAA-covered entity, it will be under HIPAA required to make timely notification of a breach of unsecured PHI to that covered entity. See Exhibit 1. The obligations described in Section 9.2 (Reporting of Breaches and Security Incidents) to report breaches and security incidents apply only to events involving “Patient Data.” Section 1.5.13 defines “Patient Data” to include only Patient Data exchanged by the HIO’s System or Services. Thus, Section 9.2 (Reporting of Breaches and Security Incidents) requires that Participants only report breaches and security incidents that directly relate to the Patient Data exchanged through the HIO, and does not require Participants to report on other privacy breaches and security incidents that they are not otherwise required to disclose publicly. these Terms and Conditions of which HIO or Participant becomes aware, any security incident (other than an Unsuccessful Security Incident) concerning electronic Patient Data and any Breach of Privacy or Security. This report shall be made without unreasonable delay and in no case later than [insert number of days].
Sample 1
Reporting Breaches and Security Incidents. HIO shall on an annual basis provide a report to all Participants describing in summary form Unsuccessful Security Incidents reported by Participants to HIO pursuant to Section 9.2.2 (Reporting Unsuccessful Security Incidents).6667 Terms and Conditions for Health Information Exchange Organization Participant’s Agreement Section 10 BUSINESS ASSOCIATE AGREEMENT (Not Applicable for Model #2)6768 If, pursuant to the applicable Participation Agreement, the HIO is to act as the business associate (as defined by HIPAA) of the Participant, then the terms of this Section 10 (Business Associate Agreement) shall apply to the HIO and the Participant.
Sample 1
Reporting Breaches and Security Incidents 
Sample 1

Related to Reporting Breaches and Security Incidents

  • Breaches and Security Incidents During the term of the Agreement, CONTRACTOR 27 agrees to implement reasonable systems for the discovery of any Breach of unsecured DHCS PI and PII 28 or security incident. CONTRACTOR agrees to give notification of any beach of unsecured DHCS PI 29 and PII or security incident in accordance with subparagraph F, of the Business Associate Contract, 30 Exhibit B to the Agreement.

  • Reporting Security Incidents The Business Associate will report to the County any Incident of which the Business Associate becomes aware that is:

  • Reporting Unsuccessful Security Incidents Business Associate shall provide Covered Entity upon written request a Report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies.

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.

  • Security Incidents 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.

  • Security Incident “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

  • Reporting Incidents The Interconnection Parties shall report to each other in writing as soon as practical all accidents or occurrences resulting in injuries to any person, including death, and any property damage arising out of the Interconnection Service Agreement.

  • Reporting and Documenting Breaches 6.1 Business Associate shall Report to Covered Entity any Breach of Unsecured PHI as soon as it, or any Person to whom PHI is disclosed under this Agreement, becomes aware of any such Breach, and in no event later than five (5) business days after such awareness, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. Such Report shall be timely made notwithstanding the fact that little information may be known at the time of the Report and need only include such information then available.

  • Security Incident Notification The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.

  • Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

Time is Money Join Law Insider Premium to draft better contracts faster.