Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law. b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions). c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent. d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI: (1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information; (2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information; (3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and (4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 55 contracts
Sources: Services Contract, Services Agreement, It Services Contract
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).CFR
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 6 contracts
Sources: It Services Contract, It Services Contract, It Services Contract
Breach Notification. a. 11.8.1. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS Great Rivers or involving DSHS Great Rivers’ clients, Business Associate will take all measures required by state or federal law.
b. 11.8.2. Business Associate will notify DSHS Great Rivers within one three (13) business day days of discovery by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. 11.8.3. Business Associate will notify the DSHS Great Rivers Contact shown on the cover page of this Contract within one five (15) business day days by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Great Rivers Contact. Business Associate will coordinate and cooperate with DSHS Great Rivers to provide a copy of its investigation and other information requested by DSHSGreat Rivers, including advance copies of any notifications required for DSHS Great Rivers review before disseminating and verification of the dates notifications were sent.
d. 11.8.4. If DSHS Great Rivers or the Contractor determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) 11.8.4.1. requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) 11.8.4.2. requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) 11.8.4.3. requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS 11.8.4.4. Great Rivers will take appropriate remedial measures up to termination of this Contract.
Appears in 5 contracts
Sources: Provider Contract, Provider Contract, Provider Contract
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. . Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. . Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. . If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) : requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) ; requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) ; requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) and DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 3 contracts
Sources: Services Agreement, Services Agreement, Services Agreement
Breach Notification. a. In ▇. ▇▇ the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business ▇. ▇▇▇▇▇▇▇▇ Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business ▇. ▇▇▇▇▇▇▇▇ Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 3 contracts
Sources: Services Agreement, It Services Contract, It Services Contract
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS DOC or involving DSHS DOC clients, Business Associate will take all measures required by state or federal law.
b. . Business Associate will notify DSHS DOC within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. . Business Associate will notify the DSHS DOC Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS DOC Contact. Business Associate will coordinate and cooperate with DSHS DOC to provide a copy of its investigation and other information requested by DSHSDOC, including advance copies of any notifications required for DSHS DOC review before disseminating and verification of the dates notifications were sent.
d. . If DSHS DOC determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) : requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) ; requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) ; requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS ; DOC will take appropriate remedial measures up to termination of this Contract.
Appears in 2 contracts
Breach Notification. a. With respect to any Unsecured PHI, Business Associate shall report to the Covered Entity any suspected Breach (as defined in the HITECH Act and implementing regulations) discovered by Business Associate or any agent or subcontractor within five (5) business days of Discovery including any incident that involves an unauthorized acquisition, access, use or disclosure of PHI, even if Business Associate believes the incident will not rise to the level of a Breach. The report must include (or be supplemented on an ongoing basis as information becomes available) with:
(i) the identification of all Individuals whose Unsecured PHI was or is believed to have been involved
(ii) all other information reasonably requested by Covered Entity to enable the Covered Entity to perform and document a risk assessment in accordance with the HITECH Act and implementing regulations to determine whether a Breach occurred, and;
(iii) all other information reasonably necessary to provide notice to Individuals, HHS and/or the media. At the Covered Entity’s sole option, the Covered Entity may delegate to Business Associate the responsibility for determining (and providing evidence to the Covered Entity) that any such incident is a Breach, including the requirement to perform a risk assessment, and/or for providing or paying all costs to the Covered Entity to provide all legally required notifications to Individuals, HHS and/or the media, on behalf of the Covered Entity. Business Associate shall provide these notifications in accordance with the data breach notification requirements set forth in the HITECH Act and 45 C.F.R. Parts 160 and 164 subparts A, D & E as of their respective Compliance Dates, and shall pay for the reasonable and actual costs associated with such notifications. In the event that the Covered Entity delegates these obligations to Business Associate and in the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clientsBreach, without unreasonable delay, and in any event no later than sixty (60) calendar days after Discovery, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing shall provide the Covered Entity with written notification of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation risk assessment of the Breach, to include the following: date and time a list of the BreachIndividuals, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation the template notification letter Business Associate is sending to Individuals, and other information requested by DSHSevidence that all required notifications, including advance copies of any media or Secretary notifications required for DSHS review before disseminating and verification of the dates notifications were senthave been made.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: Business Associate Agreement
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. . Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. . Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. . If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: Services Contract
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;and
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: Services Agreement
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS DOC or involving DSHS DOC clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS DOC within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS DOC Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS DOC Contact. Business Associate will coordinate and cooperate with DSHS DOC to provide a copy of its investigation and other information requested by DSHSDOC, including advance copies of any notifications required for DSHS DOC review before disseminating and verification of the dates notifications were sent.
d. If DSHS DOC determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and;
(4) DSHS DOC will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: Business Associate Agreement
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-e- mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: It Professional Service Contract
Breach Notification. a. a) In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS HCA or involving DSHS HCA clients, Business Associate will take all measures required by state or federal law.
b. b) Business Associate will notify DSHS within one (1) business day the contact identified in Subsection 13.1 by telephone and in writing within five (5) business days of any acquisition, access, Use use or disclosure of PHI not allowed by the provisions of this Contract Agreement or not authorized by HIPAA Rules or required by law of which it becomes aware which that potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions)Information.
c. c) Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day HCA Privacy Officer identified in Section 13.1 above by telephone or e-mail within five (5) business days of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed written (fax or other written email acceptable) explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS HCA to provide a copy of its investigation and other information requested by DSHSHCA, including advance copies of any notifications required for DSHS HCA’s review before disseminating and verification of the dates notifications were sent.
d. d) If DSHS HCA determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) i. requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) ii. requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) iii. requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS iv. HCA will take appropriate remedial measures up to termination of this ContractAgreement.
Appears in 1 contract
Sources: Data Share Agreement
Breach Notification. a. 1 0.1 In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS GCBH or involving DSHS GCBH clients, Business Associate will take all measures required by state or federal law.
b. 1 0.2 Business Associate will notify DSHS the GCBH HIPM Officer within one five (15) business day days by telephone and in writing email or by telephone, of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract Agreement or not authorized by HIPAA HIPM Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. 1 0.3 Business Associate will notify the DSHS Contact shown on the cover page of this Contract GCBH HIPM Officer within one five (15) business day days by telephone email or e-mail by telephone, of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS ContactGCBH HIPM Officer. Business Associate will coordinate and cooperate with DSHS GCBH to provide a copy of its investigation and other information requested by DSHSGCBH, including advance copies of any notifications required for DSHS GCBH review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.. State Contract EXHIBIT B
Appears in 1 contract
Sources: State Mental Health Agreement
Breach Notification. a. a) In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS SE WA ALTC COG or involving DSHS SE WA ALTC COG clients, Business Associate will take all measures required by state or federal law.
b. b) Business Associate will notify DSHS SE WA ALTC COG within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. c) Business Associate will notify the DSHS SE WA ALTC COG Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS SE WA ALTC COG Contact. Business Associate will coordinate and cooperate with DSHS SE WA ALTC COG to provide a copy of its investigation and other information requested by DSHSSE WA ALTC COG, including advance copies of any notifications required for DSHS SE WA ALTC COG review before disseminating and verification of the dates notifications were sent.
d. d) If DSHS SE WA ALTC COG determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) i. requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) ii. requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) iii. requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS iv. SE WA ALTC COG will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: Performance Agreement
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one three (13) business day days by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one three (13) business day days by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: Services Agreement
Breach Notification. a. 6.1 In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS GCBH or involving DSHS clientsGCBH Individuals, Business Associate will take all measures required by state or federal law.
b. 6.2 Business Associate will notify DSHS the GCBH HIPPA Office within one five (15) business day days by telephone and in writing email or by telephone, of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract Agreement or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as information a defined in 45 CFR 164.402 (Definitions).
c. 6.3 Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one GCBH HIPAA Office with five (15) business day days by telephone email or e-mail by telephone, of any potential Breach of security or privacy of PHI by the Business Associate or its tis Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed faced or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual Individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS ContactGCBH HIPAA Office. Business Associate will coordinate and cooperate with DSHS GCBH to provide a copy of its investigation and other information requested by DSHSGCBH, including advance copies of any notifications required for DSHS GCBH review before disseminating dissemination and verification of the dates notifications were sent.
d. 6.4 If DSHS either Party determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHIPHI received from GCBH or involving GCBH Individuals, the following must occur:
(1) requiring 6.4.1 Requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests request for additional information;
(2) requiring 6.4.2 Requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs cost for notifying the media and receiving and responding to media questions or requests request for additional information;
(3) 6.4.3 requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification notification to the Secretary), Business Associate bears the responsibility and costs cost for notifying the Secretary and receiving and responding to the Secretary’s media questions or requests request for additional information; and
(4) DSHS 6.4.4 Either Party will take appropriate remedial measures up to termination of this ContractAgreement.
Appears in 1 contract
Sources: Single Case Agreement
Breach Notification. a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of Unsecured PHI obtained from DSHS or involving DSHS clientscaused by Business Associate, Business Associate will take all measures required by comply with the requirements of state or federal lawlaw that are applicable to Business Associate in its performance of Services hereunder.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Breach of Unsecured PHI or Use or disclosure of PHI by Business Associate not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law Business Associate Agreement of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions)aware.
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day of its discovery by telephone or e-mail of any potential Breach of security or privacy of Unsecured PHI by the Business Associate or its Subcontractors or agentsagents that has actually occurred or that Business Associate reasonably believes has occurred. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following, to the extent known and subsequently as such information becomes available: date and time of the Breach, date Breach was discovered, location and nature nature/types of the PHIPHI involved in the Breach, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contactcontact for DSHS to ask questions or learn additional information about the Breach. Business Associate will address communications to the DSHS Contact. Business Associate will reasonably coordinate and cooperate with DSHS to provide a copy of its investigation and other all information requested by DSHS, including advance copies of required to be in any notifications required for DSHS review before disseminating and verification of the dates notifications were sentnotifications.
d. If DSHS determines that Subject to the limitation of liability in Section 28, if a Breach of unsecured PHI is caused by Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:):
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and for the costs for of notifying the affected Individuals and of call center support for receiving and responding to those Individuals’ questions or requests for additional informationinformation for a period of 90 days or such longer period as required by law;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and for the costs for of notifying the media and receiving and of responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and for the costs for of notifying the Secretary and receiving and of responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will may take appropriate remedial measures up to termination of this Contract.
Appears in 1 contract
Sources: It Services Contract
Breach Notification. a. 13.8.1 In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS HCA or involving DSHS HCA clients, Business Associate will take all measures required by state or federal law.
b. 13.8.2 Business Associate will notify DSHS within one (1) business day the contact identified in Subsection 13.1 by telephone and in writing within five (5) business days of any acquisition, access, Use use or disclosure of PHI not allowed by the provisions of this Contract Agreement or not authorized by HIPAA Rules or required by law of which it becomes aware which that potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions)Information.
c. 13.8.3 Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day HCA Privacy Officer identified in Section 13.1 above by telephone or e-mail within five (5) business days of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed written (fax or other written email acceptable) explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS HCA to provide a copy of its investigation and other information requested by DSHSHCA, including advance copies of any notifications required for DSHS HCA’s review before disseminating and verification of the dates notifications were sent.
d. 13.8.4 If DSHS HCA determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) i. requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;information;
(2) ii. requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) iii. requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and DocuSign Envelope ID: 32FB1332-4022-4126-B466-475E5D0F2FD3 receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS iv. HCA will take appropriate remedial measures up to termination of this ContractAgreement.
Appears in 1 contract
Sources: Memorandum of Understanding