Notification of Security Incident. Business Associate agrees to report to Covered Entity any successful Security Incident within [insert number of days] days of the date on which the Business Associate becomes aware of such successful Security Incident.36 33 See 45 CFR § 164.410(c)(2). 34 See 45 CFR § 164.412. 35 HIPAA and HITECH require this provision to be in all business associate agreements although the regulations do not specify a manner and time of notification. See 45 CFR § 164.504(e)(2)(ii)(C). Note that this obligation to notify a covered entity of unauthorized or improper use or disclosure is separate from and in addition to the breach notification requirements described in Paragraph C.1 of this Agreement and corresponding footnote which applies specifically to unsecured PHI.
Appears in 3 contracts
Sources: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement