Agmt23 Navia Benefit Solutions - Laserfiche WebLink

Browse Search

REV:01-20-23 MI 2.6.5. A brief description of any action taken to investigate the Breach, mitigate losses, and to protect against any further Breaches. 2.6.6. Contact procedures for Individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, web site, or postal address. 2.7. If a law enforcement official determines that a notification or notice would impede a criminal investigation or cause damage to national security, such notification, notice or posting shall be delayed in accordance with 45 CFR 164.412. Upon Covered Entity’s request, Business Associate will provide notice of Breach to the Individual(s) affected and such notice shall include, to the extent possible, the information listed in 2.6., unless, upon occurrence of a Breach, Covered Entity requests to disseminate or Business Associate and Covered Entity agree that Covered Entity will disseminate the notice(s). Any notice provided by Covered Entity to the Individual(s) shall comply with the content requirements listed in section 2.6., as well as any requirements provided under HIPAA, HITECH, and other applicable government guidance. Any notice required to be provided to HHS will be provided by Covered Entity. Business Associate agrees to report to Covered Entity any Use or Disclosure of PHI not provided for by this Exhibit and/or any Security Incident of which it becomes aware, provided that notice is hereby deemed given for Unsuccessful Security Incidents and no further notice of such Unsuccessful Security Incidents shall be given. For purposes of this Section, “Unsuccessful Security Incidents” mean, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, as long as no such incident results in unauthorized access, acquisition, Use, or Disclosure of Protected Health Information. Notification(s) under this Section, if any, will be delivered to contacts identified by the Employer by any means Business Associate selects, including through e-mail. Business Associate’s obligation to report under this Section is not and will not be construed as an acknowledgement by Business Associate of any fault or liability with respect to any Use, Disclosure, or Security Incident. 2.8. Business Associate shall require each of its subcontractors, agents, or brokers, that creates, receives, maintains, or transmits PHI on behalf of Covered Entity to enter into a written agreement with Business Associate that provides satisfactory assurances that the subcontractor will appropriately safeguard that information, including without limitation the subcontractor’s agreement to be bound by the same restrictions and conditions that apply to Business Associate with respect to such information. 2.9. Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI relating to the use and disclosure of PHI available to the Secretary, within ten (10) Business Days after receipt of written request or otherwise as designated by the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule 2.10. Business Associate agrees to document disclosures of PHI and information related to such disclosures as required for Covered Entity to respond to a written request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR 164.528. Business Associate will not be obligated to record disclosures of PHI or otherwise account for disclosures of PHI if neither Covered Entity nor Business Associate is required to account for such disclosures pursuant to the Privacy Rule. 2.11. Business Associate agrees to provide to Covered Entity or, upon Covered Entity’s request, to an Individual, within ten (10) Business Days after receipt of written request, information collected in accordance with Section 2.10 of this Exhibit, in order ATTY/AGR.2023.010/Navia Benefit Solutions (Navia Services (Dental HRA) 2023) (Page 38 of 42)