Reporting of Breaches of Unsecured Protected Health Information Sample Clauses

Reporting of Breaches of Unsecured Protected Health Information. Business Associate will report in writing to Covered Entity’s Privacy Officer any Breach of Unsecured PHI, as defined in the Breach Notification Regulations, within ten (10) business days of the date Business Associate learns of the incident giving rise to the Breach. Business Associate will provide such information to Covered Entity as required in the Breach Notification Regulations. Business Associate will reimburse Covered Entity for any reasonable expenses Covered Entity incurs in notifying Individuals of a Breach caused by Business Associate or Business Associate’s subcontractors or agents, and for reasonable expenses Covered Entity incurs in mitigating harm to those Individuals. Business Associate also will defend, hold harmless and indemnify Covered Entity and its employees, agents, officers, directors, members, contractors, and subsidiary and affiliate entities, from and against any claims, losses, damages, liabilities, costs, expenses, penalties or obligations (including attorneys’ fees) which Covered Entity may incur due to a Breach caused by Business Associate or Business Associate’s subcontractors or agents.

Reporting of Breaches of Unsecured Protected Health Information. Business Associate will report in writing to ACO’s Privacy Officer any breach of unsecured PHI, as defined in the breach notification regulations, within ten (10) business days of the date Business Associate learns of the incident giving rise to the breach. Business Associate will provide such information to ACO as required in the regulations. Business Associate will reimburse ACO for any reasonable expenses ACO incurs in notifying individuals of a breach caused by Business Associate or Business Associate’s subcontractors or agents, and for reasonable expenses ACO incurs in mitigating harm to those Individuals. Business Associate also will defend, hold harmless and indemnify ACO and its employees, agents, officers, directors, members, contractors, and subsidiary and affiliate entities, from and against any claims, losses, damages, liabilities, costs, expenses, penalties or obligations (including attorneys’ fees) which ACO may incur due to a breach caused by Business Associate or Business Associate’s subcontractors or agents.

Reporting of Breaches of Unsecured Protected Health Information. In the event of a Breach of Unsecured PHI, Business Associate agrees to report the information required by 45 C.F.R. § 164.410 without unreasonable delay and in no case later than two (2) days after the Breach is discovered or deemed discovered under such section. Business Associate will cooperate with the Covered Component in investigating the Breach and in meeting the Covered Component’s legal obligations in connection with the Breach. If requested by the Covered Component, in the event of a Breach of Unsecured PHI, Business Associate will notify or direct its subcontractor(s) to notify, as applicable, an Individual as required by 45 C.F.R. §164.404, the media as required by 45 C.F.R. §164.406, and the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) as required by 45 C.F.R. §164.408. Business Associate will provide the Covered Component with any and all information necessary about a Breach of Unsecured PHI in order for the Covered Component to comply with its obligations under 45 C.F.R. Part 164, Subpart D.

Reporting of Breaches of Unsecured Protected Health Information. Business Associate, following the discovery of a Breach of Unsecured Protected Health Information, subject to any law enforcement delay permitted by 45 C.F.R. Section 164.412, shall notify KP of the Breach immediately, but in no event later than five (5) calendar days thereafter (unless a shorter period for notification is required by your Business Relationship with KP), by calling the Xxxxxx Permanente National Compliance Hotline at 1-888- 774-9100 and providing notice as set forth in Section 5.8 (Notices) below. A Breach shall be treated as discovered by the Business Associate pursuant to the provisions of 45 C.F.R. Section 164.410(a)(2). The information included in Business Associate’s notification shall be in accordance with the HIPAA Regulations, including, without limitation, 45 C.F.R. Section 164.410(c), and guidance provided by the Secretary. Notwithstanding the foregoing, to the extent that Business Associate creates, receives, maintains, or transmits PHI of Medi-Cal members or patients to or for Xxxxxx Foundation Health Plan, Inc., Business Associate shall notify KP by telephone, plus email, immediately upon the discovery of a Breach of Unsecured Protected Health Information.