2010-06-07_(2).pdf - 19318.8K - BridgeportCT.gov
2010-06-07_(2).pdf - 19318.8K - BridgeportCT.gov
2010-06-07_(2).pdf - 19318.8K - BridgeportCT.gov
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Customer Name Bridgeport City BOE<br />
Administrative Services Only Agreement<br />
A Implement administrative physical andtechnical safeguards that reasonably and appropriately<br />
protect the confidentiality integrity and availability of the Electronic Protected Health<br />
Information that ConnecticutGeneral creates receives maintains or transmits onbehalfofthe<br />
Plan as required by the Security Standards<br />
B Ensure that any agent including asubcontractor to whom COllilecticut General provides such<br />
information agrees to<br />
implement reasonable and appropriate sllfeguards to protect it and<br />
C<br />
Report to the Plan any Security Incident of which it becomes aware<br />
Section 6 Reporting of Violations Connecticut General shall r port to the Plan any use or<br />
disclosure of PHI not provided for by this Addendum of which it becomes aware Connecticut<br />
General agrees to<br />
mitigate to the extent practicable any harmful effe ct from a use or disclosure of<br />
PHI in violation ofthis Addendum ofwhich it is aware<br />
Section 7 Security Breach Notification Connecticut General will notify the Plan ofa Breach<br />
without unreasonable delay<br />
This notification will include to the extent known<br />
i the names of the individuals whose PHI was involved in the Breach<br />
ii the circumstances surrounding the Breach<br />
Hi the date ofthe Breach and the date of its discovery<br />
iv<br />
the information Breached<br />
v<br />
any steps the impacted individuals should take to protect themselves<br />
vi the steps Connecticut General is taking to investigate the Breac h mitigate losses and protect<br />
against future Breaches and<br />
vii a contact person<br />
who can<br />
provide additional information about the Breach<br />
Connecticut General will perform a fact based risk assessment as required by the HITECH Act to<br />
determine whetherthere is a<br />
significant risk offinancial or<br />
reputational<br />
other harm to the individual<br />
whose PHI was<br />
impacted<br />
Connecticut General will provide the Plan with the results of its risk<br />
assessment and will make a recommendation to the Plan regarding whether notification is required<br />
pursuant to 45 CFR 9164 404 408 With the Plan s<br />
prior approval Connecticut General will issue<br />
such notices to individuals to the Department of Health and Human Services and to the media as<br />
the Plan is required to issue pursuant to and in accordance with the requirements of 45 CFR<br />
S 164<br />
404 408 Connecticut General will pay the costs of issuing notiees required by<br />
law and other<br />
remediation and mitigation which in Business Associate s discretion are appropriate and necessary<br />
to address the Breach Connecticut General will not be<br />
required to issue notifications that are not<br />
mandated by applicable law Connecticut General will maintain a log<br />
ofBreaches and will provide<br />
such log to the Plan annually to support the Plan s regulatory reporting obligations<br />
Section 8 Disclosures to and Agreements by Third Parties Connectiicut General shall ensure that<br />
each agent and subcontractor to whom it provides PHI agrees to the same restrictions and conditions<br />
with respect to such PHI that apply to Connecticut General pursuant to this Addendum<br />
OS 21<strong>2010</strong><br />
38