IN EVENT OF A BREACH Sample Clauses
IN EVENT OF A BREACH. A. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from Covered Entity or involving Covered Entity clients, Business
B. Business Associate will notify Covered Entity within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Agreement or not authorized by HIPAA Rules or required by law of which it becomes aware and which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
C. Business Associate shall promptly notify Covered Entity by telephone or email of any potential Breach of security or privacy of PHI by the Business Associate or Business Associate’s employee, office or agents. Business Associate’s notification to Covered Entity hereunder shall:
1. Be made to Covered Entity no later than one (1) business day after discovery of the Breach, except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security;
2. Include the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of a Breach; and
3. Be in substantially the same form as Exhibit B hereto.
D. In the event of an unauthorized Use or disclosure of PHI or a Breach of Unsecured PHI, Business Associate shall mitigate, to the extent practicable, any harmful effects of said disclosure that are known to it.
E. If Covered Entity determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
1. requiring notification of Individuals under 45 CFR 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
2. requiring notification of the media under 45 CFR 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
3. requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests f...
IN EVENT OF A BREACH. A. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from Covered Entity or involving Covered Entity clients, Business Associate will take all measures required by state or federal law.
B. Business Associate will notify Covered Entity within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Agreement or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
C. Business Associate shall promptly notify Covered Entity by telephone or email of any potential Breach of security or privacy of PHI by the Business Associate or Business Associate’s employee, office or agents. Business Associate’s notification to Covered Entity hereunder shall:
1. Be made to Covered Entity no later than one (1) business day after discovery of the Breach, except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security;
2. Include the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of a Breach; and
3. Be in substantially the same form as Exhibit B hereto.
D. In the event of an unauthorized Use or disclosure of PHI or a Breach of Unsecured PHI, Business Associate shall mitigate, to the extent practicable, any harmful effects of said disclosure that are known to it.
E. If Covered Entity determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
1. requiring notification of Individuals under 45 CFR 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
2. requiring notification of the media under 45 CFR 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
3. requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and rece...
IN EVENT OF A BREACH. A. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from Covered Entity or involving Covered Entity clients, Business Associate will take all measures required by state or federal law.
B. Business Associate will notify Covered Entity within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Agreement or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
C. Business Associate shall promptly notify Covered Entity by telephone or email of any potential Breach of security or privacy of PHI by the Business Associate or Business Associate's employee, office or agents. Business Associate's notification to Covered Entity hereunder shall:
1 . Be made to Covered Entity no later than one (1) business day after discovery of the Breach, except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security;