Common use of Reporting of Improper Use or Disclosure, Security Incident or Breach Clause in Contracts

Reporting of Improper Use or Disclosure, Security Incident or Breach. Alliance will report to Member any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in any event no more than five (5) days following discovery and will provide a further report within a reasonable period of time after the information becomes available using commercially reasonable efforts to do so within ten (10) days following discovery; provided, however, that Member acknowledges and agrees that this Section constitutes notice by Alliance to Member of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Member by Alliance will be required only upon request. “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Alliance’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Alliance’s notification to Member of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Alliance to have been, accessed, acquired or disclosed during the Breach; (ii) any particulars regarding the Breach that a Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404; and (iii) the remedial actions taken by Alliance to mitigate the adverse effects of the Breach.

Reporting of Improper Use or Disclosure, Security Incident or Breach. Alliance PointCare will report to Member Customer any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in any event no more than five that becomes known to PointCare, within ten (510) days following discovery discovery, and will provide a further report within a reasonable period of time after the information becomes available using commercially reasonable efforts to do so within ten (10) days following discoveryso; provided, however, that Member Customer acknowledges and agrees that this Section constitutes notice by Alliance PointCare to Member Customer of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Member Customer by Alliance PointCare will be required only upon request. “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on AlliancePointCare’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. AlliancePointCare’s notification to Member Customer of a Breach will include, where commercially reasonable, information to determine: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Alliance PointCare to have been, accessed, acquired or disclosed during the Breach; (ii) any particulars regarding the Breach that a Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404; and (iii) the any remedial actions taken by Alliance PointCare to mitigate the adverse effects of the Breach.

Reporting of Improper Use or Disclosure, Security Incident or Breach. Alliance will report to Member Participant any use or disclosure of PHI not permitted under this BAA, Breach of Unsecured PHI or any Security Incident, without unreasonable delay, and in any event no more than five (5) days following discovery and will provide a further report within a reasonable period of time after the information becomes available using commercially reasonable efforts to do so within ten (10) days following discovery; provided, however, that Member Participant acknowledges and agrees that this Section constitutes notice by Alliance to Member Participant of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Member Participant by Alliance will be required only upon request. “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Alliance’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Alliance’s notification to Member Participant of a Breach will include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Alliance to have been, accessed, acquired or disclosed during the Breach; (ii) any particulars regarding the Breach that a Covered Entity would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404; and (iii) the remedial actions taken by Alliance to mitigate the adverse effects of the Breach.