My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
25A - AGMT EMPLOYEE TRACKING SVCS
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2018
>
09/18/2018
>
25A - AGMT EMPLOYEE TRACKING SVCS
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
9/13/2018 5:00:05 PM
Creation date
9/13/2018 4:55:51 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Personnel Services
Item #
25A
Date
9/18/2018
Destruction Year
2023
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
24
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
164.410, and any Security Incident of which it becomes aware. The Business Associate will make the report to <br />the Covered Entity's Privacy Official not more than twenty-five (25) calendar days after the Business Associate <br />becomes aware of such non -permitted use or disclosure. If a delay is requested by a law-enforcement official in <br />accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the <br />applicable time period. The Business Associate's report will at least: <br />(A) Identify the nature of the Breach or other non -permitted use or disclosure, which will include a brief <br />description of what happened, including the date of any Breach and the date of the discovery of the <br />Breach; <br />(B) Identify the Covered Entity's Protected Health Information that was subject to the non -permitted use or <br />disclosure or Breach (such as whether full name, social security number, date of birth, home address, <br />account number or other information were involved) on an Individual basis; <br />(C) Identify who made the non -permitted use or disclosure and who received the non -permitted use or <br />disclosure; <br />(D) Identify what corrective or Investigational action the Business Associate took or will take to prevent <br />further non -permitted uses or disclosures, to mitigate harmful effects and to protect against any further <br />Breaches; <br />(E) Identify what steps the Individuals who were subject to a Breach should take to protect themselves; and <br />(F) Provide such other Information, including a written report and risk assessment under 45 CFR §164.402, <br />as the Covered Entity may reasonably request, <br />(iii) Security Incidents. The Business Associate will report to The Covered Entity any Security Incident of <br />which the Business Associate becomes aware. The Business Associate will make this report once per month, <br />except If any such Security Incident resulted in a disclosure not permitted by this Agreement or Breach of <br />Unsecured Protected Health Information, Business Associate will make the report in accordance with the <br />provisions set forth above, <br />(b) Mitigation. The Business Associate shall mitigate, to the extent practicable, any harmful effect known to the <br />Business Associate resulting from a use or disclosure in violation of this Agreement. <br />VIII. Term and Termination <br />(a) Tenn. The term of this Agreement shall be effective as of the date specified below, and shall terminate when all <br />Protected Health Information provided by the Covered Entity to the Business Associate, or created or received by <br />the Business Associate on behalf of the Covered Entity, is destroyed or returned to the Covered Entity, or, if It Is <br />infeasible to return or destroy Protected Health Information, protections are extended to such information, in <br />accordance with the termination provisions in this section. <br />(b) Right to Terminate for Cause. The Covered Entity may terminate this Agreement if it determines, in its sole <br />discretion that the Business Associate has breached a material term of this Agreement, and upon written notice to <br />the Business Associate of the breach, the Business Associate fails to cure the breach within thirty (30) calendar <br />days after receipt of the notice. Any such termination will be effective Immediately or at such other date specified in <br />the Covered Entity's notice of termination. <br />(c) Treatment of Protected Health Information on Termination. <br />(i) Return or Destruction of Covered Entity's Protected Health Information as Feasible. Upon <br />termination or other conclusion of this Agreement, the Business Associate will, if feasible, return to the Covered <br />Entity or destroy all of the Covered Entity's Protected Health Information in whatever form or medium, Including <br />all copies thereof and all data, compilations, and other works derived there from that allow Identification of any <br />Individual who Is a subject of the Covered Entity's Protected Health Information. This provision shall apply to <br />Protected Health Information that is In the possession of Subcontractors or agents of the Business Associate. <br />Further, the Business Associate shall require any such Subcontractor or agent to certify to the Business <br />Associate that It returned to the Business Associate (so that the Business Associate may return it to the <br />Covered Entity) or destroyed all such information which could be returned or destroyed. The Business <br />25A-18 <br />
The URL can be used to link to this page
Your browser does not support the video tag.