Reporting Security Incidents Sample Clauses

Reporting Security Incidents. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware, in the following time and manner: (a) Any actual, successful Security Incident will be reported to Covered Entity in writing, within five (5) business days of the date on which Business Associate becomes aware of such Security Incident (b) Any attempted, unsuccessful Security Incident of which Business Associate becomes aware will be reported to Covered Entity in writing, on a reasonable basis, at the written request of Covered Entity. If the Security Rule is amended to remove the requirement to report unsuccessful attempts at unauthorized access, this subsection (ii) shall no longer apply as of the effective date of the amendment of the Security Rule.

Reporting Security Incidents. Contractor agrees to report to the City any Security Incident immediately upon becoming aware of such. Contractor further agrees to provide the City with the following information regarding the Security Incident as soon as possible, but no more than five (5) business days after becoming aware of the Security Incident: (1) a brief description of what happened, including the dates the Security Incident occurred and was discovered; (2) a reproduction of the PHI or EPHI involved in the Security Incident; and (3) a description of whether and how the PHI or EPHI involved in the Security Incident was rendered unusable, unreadable, or indecipherable to unauthorized individuals either by encryption or otherwise destroying the PHI or EPHI prior to disposal. If Contractor determines that it is infeasible to reproduce the PHI or EPHI involved in the Security Incident, the Contractor agrees to notify the City in writing of the conditions that make reproduction infeasible and any information the Contractor has regarding the PHI or EPHI involved. Contractor agrees to cooperate in a timely fashion with the City regarding all Security Incidents reported to the City. The City will review all Security Incidents reported by Contractor. Contractor will take the following steps in response, to the extent necessary or required by law, including, but not limited to, (1) notifying the individual(s) whose PHI or EPHI was involved in the Security Incident, either in writing, via telephone, through the media, or by posting a notice on the City’s website, or through a combination of those methods, of the Security Incident; and (2) providing the individual(s) whose PHI or EPHI was involved in the Security Incident with credit monitoring services for a period of time to be determined by the City, at no cost to the individuals. The City, to the extent necessary or required by law, will provide notice of the Security Incident, as required by law, to the Secretary of the United States Department of Health and Human Services (“HHS”). Contractor agrees to reimburse the City for all expenses incurred as a result of Contractor’s Security Incidents, including, but not limited to, expenses related to the activities described above. Contractor agrees that the City will select the Contractors and negotiate the contracts related to said expenses.

Reporting Security Incidents. Business Associate shall report any Security Incident of which it is aware, following the same reporting obligations described above; provided, however, the parties acknowledge the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) which are trivial in nature. The parties agree that this BAA serves as notice of the existence of such Unsuccessful Security Incidents and that no further notice is required except as described below. “Unsuccessful Security Incidents” shall include, but are not limited to, pings and other broadcast attacks on BA’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above. To the extent that BA becomes aware of an unusually high number of such Unsuccessful Security Incidents due to the repeated acts of a single party, Business Associate shall notify Covered Entity of the Unsuccessful Security Incidents and provide the name, if available, of said party. At the request of Covered Entity, Business Associate shall identify the date of the Security Incident, the scope of the Security Incident, Business Associate’s response to the Security Incident, and the identification of the party responsible for causing the Security Incident, if known. Cooperation with Violations. Business Associate will cooperate with Covered Entity’s investigation and/or risk assessment with respect to any report made pursuant to Section 2.5, will abide by Covered Entity’s decision with respect to whether such acquisition, access, Use or Disclosure constitutes a Breach of PHI and will follow Covered Entity’s instructions with respect to any event reported to Covered Entity by Business Associate pursuant to Section 2.5. Business Associate shall maintain complete records regarding any event requiring reporting for the period required by 45 C.F.R. 164.530(j) or such longer period as may be required by state law and shall make such records available to Covered Entity promptly upon request but in no event later than within five (5) business days.

Reporting Security Incidents. Unless otherwise specified in the Authorized User Agreement, Contractor shall report any Security Incidents to the Authorized User in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy and associated standards ITS Policy NYS-S13-005 Cyber Incident Response Standard (or successor policy(ies)).

Reporting Security Incidents. BUSINESS ASSOCIATE agrees to immediately report to the COUNTY any security incident of which it becomes aware. Security incidents include attempted or successful unauthorized access, use disclosure, modification, or destruction of information or interference with system operations in an information system.

Reporting Security Incidents. VENDOR agrees to report to Community any Security Incident immediately upon becoming aware of such. VENDOR further agrees to provide Community with the following information regarding the Security Incident as soon as possible, but no more than five (5) business days after becoming aware of the Security Incident: (1) a brief description of what happened, including the dates the Security Incident occurred and was discovered;

Reporting Security Incidents. Business Associate will report to the Covered Entity any Security Incident of which Business Associate becomes aware that is (1) a successful unauthorized access, use or disclosure of any Electronic Protected Health Information; or

Reporting Security Incidents. The HSDA PI is responsible for immediately reporting any and all actual or suspected information security incidents to the HPC director and ITS at ▇▇▇-▇▇▇-▇▇▇▇ or ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/contact. For purposes of this policy, a security incident means unlawful or unauthorized access or acquisition of data that compromises the security, confidentiality, or integrity of information maintained by the SDA PI at HPC. This includes security incidents that involve physical security as well as computer or information systems security.

Reporting Security Incidents. Business Associate will report to the Covered Entity any Security Incident of which Business Associate becomes aware that is (1) a successful unauthorized access, use or disclosure of any Electronic Protected Health Information; or (2) a successful major (a) modification or destruction of any Electronic Protected Health Information or (b) interference with system operations in an information system containing any Electronic Protected Health Information. Upon the Covered Entity’s request, Business Associate will report any incident of which Business Associate becomes aware that is a successful minor (a) modification or destruction of any Electronic Protected Health Information or (b) interference with system operations in an information system containing any Electronic Protected Health Information.