Laserfiche WebLink
Consolidated Agme=nt -FY13 BK:00024 PG0895 Page 22 of 22 <br />II. Reporting and Breach Notification Requirements <br />a. BA shall notify CE within twenty -four (24) hours of any suspected or actual incident, breach, or <br />intrusion involving the unauthorized access, acquisition, use or disclosure of Confidential <br />Information by Business Associate's employees. <br />b. BA shall, following the discovery of a breach of unsecured PHI, as defined in the HITECH Act or <br />accompanying regulations, notify CE of such breach pursuant to the terms of 45 CFR § 164.410 <br />and cooperate in the CE's breach analysis procedures, including risk assessment, if requested. A <br />breach shall be treated as discovered by BA as of the first day on which such breach is known to <br />BA or, by exercising reasonable diligence, would have been known to BA. BA will provide such <br />notification to CE without unreasonable delay and in no event later than forty (45) calendar days <br />after discovery of the breach. Such notification will contain the elements required in 45 CFR § <br />164.410. <br />Signatures: <br />LOCAL SIGNATURES <br />Health Directo Date <br />Covered Entity (Lo,�al Health Dept) <br />STATE OF NORTH CAROLINA <br />Business Associate Date <br />(Division of Public Health) <br />