Reporting of Unauthorized Use or Disclosure of PHI. (a) Outside Entity shall, within one (1) working day of becoming aware of an unauthorized use or disclosure of PHI accessed or received from Baptist via EpicCare Link by Outside Entity, its officers, directors, employees, contractors, agents or by a third party to which Outside Entity disclosed PHI, report any such disclosure to Baptist. (b) If at any time Outside Entity has reason to believe that PHI accessed, disclosed, or transmitted pursuant to this Agreement may have been accessed, used, acquired, or disclosed without proper authorization or contrary to the terms of this Agreement, Outside Entity will immediately give Baptist notice and take actions to prevent recurrence and any other steps required by law. Outside Entity shall be responsible for any and all breach notification obligations in response to such notification consistent with HIPAA and other applicable law. The parties agree that Baptist shall have no responsibility for any such notification obligations unless, in its sole discretion, Baptist determines that notification from Baptist is appropriate or required under the circumstances. To the extent Baptist deems warranted, in its sole discretion, Baptist will provide notice or require Outside Entity to provide notice to individuals whose PHI may have been improperly used, acquired, accessed or disclosed.
Appears in 2 contracts
Sources: Epiccare Link Access Agreement, Epiccare Link Access Agreement