To Individuals. In the case of a breach of PHI or PI discovered by the Business Associate, the Business Associate shall first notify the Covered Entity and the County’s Privacy Officer of the pertinent details of the breach and upon prior approval of the County’s Privacy Officer shall notify each individual whose unsecured PHI or PI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of- date contact information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are ten (10) or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the web site of the Business Associate involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Business Associate to require urgency because of possible imminent misuse of unsecured PHI or PI, the Business Associate may also provide information to individuals by telephone or other means, as appropriate.
To Individuals. In the case of a breach of protected health information discovered by the Vendor, the Vendor shall first notify the Agency of the pertinent details of the breach and upon prior approval of the Agency shall notify each individual whose unsecured protected health information has been, or is reasonably believed by the Vendor to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of-date contract information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are 10 or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the Web site of the covered entity involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Vendor to require urgency because of possible imminent misuse of unsecured protected health information, the Vendor may also provide information to individuals by telephone or other means, as appropriate.
To Individuals. In the case of a breach of Protected Health Information discovered by the Business Associate, the Business Associate shall first notify the Covered Entity of the pertinent details of the breach and upon prior approval of the Covered Entity shall notify each individual whose unsecured Protected Health Information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of-date contract information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are 10 or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the Web site of the covered entity involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Business Associate to require urgency because of possible imminent misuse of unsecured Protected Health Information, the Business Associate may also provide information to individuals by telephone or other means, as appropriate.
To Individuals. In the case of a breach of protected health information, as defined by HIPAA and HITECH, by the Business Associate, the Business Associate shall first notify the Covered Entity of the pertinent details of the breach and upon prior approval of the Covered Entity shall notify each individual whose unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual or personal representative (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin or personal representative, respectively, or, if specified as a preference by the individual, by electronic mail. Where there is insufficient, or out-of-date contract information (including a phone number, email address, or any other form of appropriate communication) that precludes written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, in the case that there are 10 or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the Web site of the covered entity involved or notice in major print of broadcast media, including major media in the geographic areas where the individuals affected by the breach likely reside. In any case deemed by the Business Associate to require urgency because of possible imminent misuse of unsecured protected health information, the Business Associate may also provide information to individuals by telephone or other means, as appropriate.
To Individuals. In the case of a breach of PHI discovered by Business Associate, Business Associate shall first notify Department of the pertinent details of the breach and upon prior approval of Department shall notify each individual whose unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used or disclosed as a result of such breach. Such notification shall be in writing by first-class mail to the individual (or the next of kin if the individual is deceased) at the last known address of the individual or next of kin, respectively, or, if specified as a preference by the individual, by electronic mail. The notification may be provided in one or more mailings as information is available. Where there is insufficient, or out- of-date contact information (including a phone number, email address, or any other form of appropriate communication) that precludes direct written (or, if specifically requested, electronic) notification to the individual, a substitute form of notice shall be provided, including, if there are 10 (ten) or more individuals for which there is insufficient or out-of-date contact information, a conspicuous posting on the website of the Business Associate involved or notice in major print or broadcast media, including major media in geographic areas where the individuals affected by the breach likely reside. Such a notice in media or web posting will include a toll-free phone number where an individual can learn whether or not the individual’s unsecured protected health information is possibly included in the breach. In any case deemed by Business Associate to require urgency because of possible imminent misuse of unsecured PHI, Business Associate may also provide information to individuals by telephone or other means, as appropriate.
