My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2023/11/29 Council Agenda Packet
>
Council Agenda Packets
>
2023
>
2023/11/29 Council Agenda Packet
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
12/4/2023 10:53:02 AM
Creation date
11/29/2023 6:06:59 PM
Metadata
Fields
Template:
Council Agenda Packet
Date
11/29/2023
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
449
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Download electronic document
View images
View plain text
<br /> <br /> <br />10 <br />Associate, upon request by the Covered Entity, will provide Covered Entity all information relevant to Business <br />Associate’s written assessment of harm to affected Individuals. <br />(3) Breach Notification to Individuals. <br />Business Associate expressly recognizes that Covered Entity has certain reporting and disclosure obligations <br />to the Secretary and the Individual in case of a security breach of Unsecured PHI. Business Associate must <br />provide to Covered Entity in writing all information necessary for Covered Entity to comply with Sub Title D <br />Title IV Section 13402 of the HITECH Act without reasonable delay, and in no case later than 30 days following <br />the discovery of the breach. Business Associate’s duty to notify Covered Entity of any breach does not permit <br />Business Associate to notify those Individuals whose PHI has been breached by Business Associate without <br />the express written permission of Covered Entity to do so. Any and all notification to those Individuals whose <br />PHI has been breached will be made under the direction, review and control of Covered Entity. <br />(4) Breach Notification for Other Confidential Personal Information. <br />In addition to the reporting under paragraph 1, Business Associate will notify Covered Entity of any breach of <br />computerized Confidential Personal Information. Such notification will include the information required under <br />paragraph (2) above. <br />(5) Mitigation. <br />In the event of a Breach by Business Associate or any Representative, Business Associate at its sole cost <br />will, in consultation with Covered Entity, mitigate, to the extent practicable, any harmful effect of such Breach <br />that is known to Business Associate. Business Associate will cooperate with Covered Entity in preparing and <br />providing notification to affected Individuals or Secretary of a Breach of Unsecured PHI that the Covered Entity <br />determines is appropriate. The Business Associate will pay all reasonable costs incurred by Covered Entity <br />related to addressing a Breach of Unsecured PHI maintained or under the control of Business Associate or <br />its Representatives. <br />B. Improper Disclosures. <br />Business Associate will track all disclosures of PHI to third parties, including those made to Business <br />Associate’s Representatives, other than those disclosures that meet the exception criteria of 45 CFR § <br />164.528. <br />Business Associate will report to Covered Entity any use or disclosure of any PHI by Business Associate or <br />its Representatives that does not constitute a Breach, but is an unauthorized or improper use or disclosure of <br />any PHI under this Agreement or applicable federal and state laws. Business Associate will report to Covered <br />Entity any such unauthorized use or disclosure as soon as practicable, but in no event later than five (5) <br />business days of the date on which Business Associate becomes aware of such use or disclosure. In the <br />event of an unauthorized use or disclosure, Business Associate will at its sole cost, in consultation with <br />Covered Entity, mitigate, to the extent practicable, any harmful effect of any such disclosure that is known to <br />Business Associate under the same terms that Business Associate would mitigate a Breach. <br />C. Security Incidents. <br />Business Associate will report to Covered Entity any attempted or successful (1) unauthorized access, use, <br />disclosure, modification, or destruction of Electronic PHI, or (2) interference with Business Associate’s system <br />operations in Business Associate’s information systems that contain Electronic PHI, of which Business
The URL can be used to link to this page
Your browser does not support the video tag.