My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
BMI Audit Services LLC 2/22/2019
>
Contracts
>
6 Years Then Destroy
>
2019
>
BMI Audit Services LLC 2/22/2019
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/28/2019 9:47:55 AM
Creation date
2/28/2019 9:47:49 AM
Metadata
Fields
Template:
Contracts
Contractor's Name
BMI Audit Services LLC
Approval Date
2/22/2019
End Date
12/31/2019
Department
Finance
Department Project Manager
Susy Haugen
Subject / Project Title
HIPPA Agreement
Tracking Number
0001648
Total Compensation
$0.00
Contract Type
Agreement
Contract Subtype
Professional Services
Retention Period
6 Years Then Destroy
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
BML:> BMI Audit Services <br /> Security Incidents that are attempted but unsuccessful, Business Associate may notify Covered <br /> Entity in a monthly aggregate report. Covered Entity and Business Associate agree to act together <br /> in good faith to take reasonable steps to investigate and mitigate any harm caused by such <br /> unauthorized use or Security Incident. <br /> 3.14 Breach of Unsecured PHI. A Breach occurs when a use or disclosure of PHI violates the <br /> Privacy Rule and compromises the security or privacy of the PHI. Once a violation is discovered, <br /> the Business Associate must presume that a breach has occurred unless it can demonstrate that <br /> there is a "low probability" that the PHI has been compromised based on a risk assessment <br /> consisting of the four factors described below. Prior to conducting the risk assessment described <br /> herein, the Business Associate must provide an initial notification to the Covered Entity of a <br /> suspected Breach as described in(a). <br /> (a) Initial Notification.The Business Associate shall notify the Covered <br /> Entity on the same business day it discovers a Breach or suspected Breach <br /> of Unsecured PHI. <br /> (b) Risk Assessment. The risk assessment is fact specific and should <br /> consider the following at a minimum: <br /> (i) The nature and extent of the PHI involved, including the <br /> types of identifiers and the likelihood of re-identification; <br /> (ii) The unauthorized person who used the PHI or to whom the <br /> disclosure was made; <br /> (iii) Whether the PHI was actually acquired or viewed and <br /> (iv) The extent to which the risk to the PHI has been mitigated. <br /> If after the risk assessment the Business Associate concludes there is more <br /> than a "low probability" that the PHI has been compromised, and no <br /> exception from 45 C.F.R. § 164.402(2) applies, then notifications must be <br /> provided in accordance with(c), (d), and(e) below. <br /> (c) Follow Up Notification. When a Business Associate discovers a <br /> Breach of Unsecured PHI, the Business Associate shall notify the Covered <br /> Entity with the following information, to the extent possible, as soon as it <br /> becomes available: <br /> (i) identification of each individual whose Unsecured PHI has <br /> been, or is reasonably believed to have been Breached; <br /> (ii) a brief description of the Breach, including the type of <br /> Breach(e.g.,theft, loss, improper disposal,hacking),location of the <br /> Breach (e.g., laptop, desktop, paper), how the Breach occurred, the <br /> date the Breach occurred and the date the Breach was discovered,if <br /> known; <br /> Business Associate Agreement 5 <br />
The URL can be used to link to this page
Your browser does not support the video tag.