Breach Notification Requirements. If the Covered Entity determines a breach of unsecured protected health information by the Business Associate has occurred, the Business Associate will be responsible for notifying the individuals whose unsecured protected health information was breached in accordance with 42 USC 17932 and 45 CFR 164.404 through 164.406. The Business Associate must provide evidence to the Covered Entity that appropriate notifications to individuals and/or media, when necessary, as specified in 45 CFR 164.404 and 45 CFR 164.406 has occurred. The Business Associate is responsible for all costs associated with notification to individuals, the media or others as well as costs associated with mitigating future breaches. The Business Associate must notify the Secretary of all breaches in accordance with 45 CFR 164.408 and must provide the Covered Entity with a copy of all notifications made to the Secretary.
Appears in 3 contracts
Sources: Business Associate Addendum, Grant Agreement, Grant Agreement