Breach Reporting Sample Clauses
POPULAR SAMPLE Copied 3 times
Breach Reporting. Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Covered Entity by Business Associate shall be required only upon request. "Unsuccessful Security Incidents" shall include, but not be limited to, pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate's notification to Covered Entity of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404.
Breach Reporting. If SSA or VA suspects or confirms a breach, as defined by OMB M-17-12 or suspects or experiences an incident involving the loss or breach of PII provided by SSA or VA under the terms of this Agreement, they will follow the breach reporting guidelines issued by OMB and agency policy. In the event of a reportable breach under OMB guidance involving PII, the agency experiencing the breach is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team, the agency’s privacy office). In addition, the agency experiencing the breach (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this Agreement. If VA is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), VA will call SSA’s National Network Service Center toll free at ▇-▇▇▇-▇▇▇-▇▇▇▇. SSA must also notify VA’s Systems Security Contact and the VA Network and Security Operations Center (1-800- 877-4328) within one hour.
Breach Reporting. Contractor shall report breaches and suspected security incidents to County, to include:
Breach Reporting. Contractor will report, in writing, any breach of protected health information to State within five (5) business days of discovery, in accordance with 45 C.F.R § 164.410.
a. Identities of the Individuals whose unsecured Protected Health Information has been breached.
b. Date of the breach and date of its discovery.
c. Description of the steps taken to investigate the breach, mitigate its effects, and prevent future breaches.
d. Sanctions imposed on members of Contractor’s workforce involved in the breach.
e. Other available information that is required to be included in notification to the Individual under 45 C.F.R. § 164.404(c).
f. Statement that Contractor has notified, or will notify, affected data subjects in accordance with 45 C.F.R. § 164.404.
Breach Reporting. In the event that the agency receiving the information experiences a security incident or disaster that results in the suspected or confirmed inadvertent disclosure of the data exchanged pursuant to this MOA, the agency experiencing the incident or disaster will send formal written electronic notification to the supplying agency’s designated contact person immediately if possible and in a timeframe consistent with the agency’s breach reporting policies after detection of the incident or disaster. The written electronic notification will describe the security incident or disaster in detail, including what data exchanged pursuant to this MOA may have been inadvertently disclosed.
Breach Reporting. ICUK shall notify Customer without undue delay of becoming aware of any Personal Data Breach involving Personal Data Processed on behalf of the Customer using the Services, and thereafter co-operate with Customer and provide assistance as may be reasonably required by Customer in the investigation, remediation and mitigation of such breach. ICUK shall provide reasonable assistance to Customer in respect of any and breach reporting obligations Customer may have, and provide such additional information relating to such breach as Customer may reasonably require.
Breach Reporting. Tribe will report, in writing, any breach of protected health information to State within five (5) business days of discovery, in accordance with 45 C.F.R § 164.410. Content of report to State. Reports to the authorized representative regarding breaches of protected health information will include:
Breach Reporting. If SSA or VA suspects or confirms a breach, as defined by OMB M-17-12 or suspects or experiences an incident involving the loss or breach of PII provided by SSA or VA under the terms of this Agreement, they will follow the breach reporting guidelines issued by OMB and agency policy. In the event of a reportable breach under OMB guidance involving PII, the agency experiencing the breach is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team, the agency’s privacy office). In addition, the agency experiencing the breach (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this Agreement. If VA is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), VA will call SSA’s National Network Service Center toll free at ▇-▇▇▇-▇▇▇-▇▇▇▇. SSA must also notify VA’s Systems Security Contact and the VA Network and Security Operations Center (▇ ▇▇▇-▇▇▇-▇▇▇▇) within one hour. If SSA is unable to speak with VA’s Systems Security Contact within one hour, SSA will contact the VA/VHA Situation Room at (▇▇▇) ▇▇▇-▇▇▇▇.
Breach Reporting. Report in writing to Covered Entity within two (2) business days after discovery, any suspected or actual: (a) access, use or disclosure of PHI not permitted by this Agreement; (b) Breach of unsecured PHI in accordance with 45 CFR 164.410; (c) security breach or intrusion; (d) use or disclosure of PHI in violation of any applicable federal or state laws or regulations. Business Associate will implement a reasonable system for discovery of Breaches.
Breach Reporting. Business Associate shall report to ABC any Breaches of PHI. Business Associate shall make such report to ABC' Privacy Official not more than two calendar days after Business Associate knows, or should reasonably have known, of such Breach. Business Associate shall cooperate with ABC in investigating such Breach, and in meeting ABC' obligations under the HITECH Act and any other security breach notification laws. Business Associate shall report all Breaches to ABC in writing (and in the format requested by ABC) and such reports shall, at a minimum:
i. Identify the nature of the Breach including the date of the Breach and the date of discovery of the Breach;
ii. Identify which elements of the PHI (e.g., full name, social security number, date of birth, etc.) were breached, or were part of the Breach;
iii. Identify who was responsible for the Breach and who received the PHI;
iv. Identify what corrective actions Business Associate took or will take to prevent further incidents of a Breach;
v. Identify what Business Associate did or will do to mitigate any deleterious effect of the Breach;
vi. Identify Business Associate contact information and procedures to enable ABC to obtain additional information if required; and
vii. Provide such other information, including a written report, as ABC may reasonably request.
viii. Business Associate shall reimburse ABC for all Breach notification costs arising out of or in connection with, any Breach, including but not limited to, postage and mailing fees and the provision of credit monitoring services for affected individuals.