Laserfiche WebLink
2.5 Gehring Group shall comply with all granted requests for confidential communication of <br />PHI, pursuant to 45 C.F.R. § 164.522(b), upon written notice from Client. <br />2.6 Gehring Group shall report to Client any use or disclosure of PHI not permitted by this <br />Agreement of which Gehring Group becomes aware within fifteen (1 5) business days of <br />its becoming aware, and will take such corrective action necessary, or as reasonably <br />directed by Client, in order to prevent and minimize damage to any Individual and to <br />prevent any further such occurrences. <br />2.7 Following the discovery of a Breach of Unsecured PHI, Gehring Group shall notify the <br />Client without unreasonable delay and in no case no later than fifteen (15) days after <br />discovery of the Breach. The notification shall include the identification of each <br />Individual whose Unsecured PHI has been or is reasonably believed by Gehring Group to <br />have been accessed, acquired, used or disclosed during the Breach. Gehring Group shall <br />provide the Client with any other available information that the Client requires to notify <br />affected individuals under the Privacy Rule. <br />2.8 Gehring Group shall make reasonable efforts to mitigate, to the extent practicable or as <br />reasonably directed by Client, any harmful effect that is known to Gehring Group <br />resulting from a breach of this Agreement or HIPAA that is directly caused by Gehring <br />Group. <br />2.9 Gehring Group shall report to Client any Security Incident within five (5) business days <br />of when it becomes aware of such Security Incident. Gehring Group shall mitigate to the <br />extent practicable or as reasonably directed by Client any harmful effect that is known to <br />Gehring Group of a Security Incident by Gehring Group. <br />2.10 Gehring Group shall take reasonable steps to ensure that any Subcontractor performing <br />services for Client agrees in writing to the same restrictions and conditions that apply to <br />Gehring Group with regard to its creation, use, and disclosure of PHI and Electronic PHI <br />in accordance with 45 C.F.R. §§ 164.308(b)(2), 164.502(e)(I)(ii) and 164.504(e)(5). <br />Gehring Group shall, upon written request from Client, provide a list of any <br />Subcontractors with whom Gehring Group has contracted to perform services for Client. <br />Gehring Group shall advise Client if any Subcontractor breaches its agreement with <br />Gehring Group with respect to the disclosure or use of PHI or Electronic PHI. If <br />Gehring Group knows of a pattern of activity or practice of its Subcontractor that <br />constitutes a material breach or violation of the Subcontractor's duties and obligations <br />under its agreement with the Subcontractor ("Subcontractor Material Breach"), Gehring <br />Group shall cure the breach or provide a reasonable period for Subcontractor to cure the <br />Subcontractor Material Breach; provided, however, that if Gehring Group cannot, or <br />Subcontractor does not, cure the Subcontractor Material Breach within such period, <br />Gehring Group shall terminate the agreement with Subcontractor, if feasible, at the end of <br />such period. <br />2.11 Gehring Group shall, upon written request from Client, provide to Client a copy of any <br />PHI or Electronic PHI in a Designated Record Set, as defined in 45 C.F.R. § 164.501. <br />Page 4 of 8 <br />17535410v 1 <br />74 <br />