Laserfiche WebLink
2.5 Gehring Group shall comply with all granted requests for confidential communication of <br />PHI, pursuant to 45 C.F.R. § 164.522(b), upon written notice from Client. <br />2.6 Gehring Group shall report to Client any use or disclosure of PHI not permitted by this <br />Agreement of which Gehring Group becomes aware within fifteen (15) business days of <br />its becoming aware, and will take such corrective action necessary, or as reasonably <br />directed by Client, in order to prevent and minimize damage to any Individual and to <br />prevent any further such occurrences. <br />2.7 Following the discovery of a Breach of Unsecured PHI, Gehring Group shall notify the <br />Client without unreasonable delay and in no case no later than fifteen (15) days after <br />discovery of the Breach. The notification shall include the identification of each <br />Individual whose Unsecured PHI has been or is reasonably believed by Gehring Group to <br />have been accessed, acquired, used or disclosed during the Breach. Gehring Group shall <br />provide the Client with any other available information that the Client requires to notify <br />affected individuals under the Privacy Rule. <br />2.8 Gehring Group shall make reasonable efforts to mitigate, to the extent practicable or as <br />reasonably directed by Client, any harmful effect that is known to Gehring Group <br />resulting from a breach of this Agreement or HIPAA that is directly caused by Gehring <br />Group. <br />2.9 Gehring Group shall report to Client any Security Incident within five (5) business days <br />of when it becomes aware of such Security Incident. Gehring Group shall mitigate to the <br />extent practicable or as reasonably directed by Client any harmful effect that is known to <br />Gehring Group of a Security Incident by Gehring Group. <br />2.10 Gehring Group shall ensure that any Subcontractor performing services for Client agrees <br />in writing to the same restrictions and conditions that apply to Gehring Group with regard <br />to its creation, use, and disclosure of PHI and Electronic PHI in accordance with 45 <br />C.F.R. §§ 164.308(b)(2), 164.502(e)(1)(ii) and 164.504(e)(5). Gehring Group shall, upon <br />written request from Client, provide a list of any Subcontractors with whom Gehring <br />Group has contracted to perform services for Client. Gehring Group shall advise Client if <br />any Subcontractor breaches its agreement with Gehring Group with respect to the <br />disclosure or use of PHI or Electronic PHI. If Gehring Group knows of an activity or <br />practice of its Subcontractor that constitutes a material breach or violation of the <br />Subcontractor's duties and obligations under its agreement with the Subcontractor <br />("Subcontractor Material Breach"), Gehring Group shall cure the breach or provide a <br />reasonable period for Subcontractor to cure the Subcontractor Material Breach; provided, <br />however, that if Gehring Group cannot, or Subcontractor does not, cure the Subcontractor <br />Material Breach within such period, Gehring Group shall terminate the agreement with <br />Subcontractor, if feasible, at the end of such period. <br />2.11 Gehring Group shall, upon written request from Client, provide to Client a copy of any <br />PHI or Electronic PHI in a Designated Record Set, as defined in 45 C.F.R. § 164.501, <br />created or maintained by Gehring Group, and not also maintained by Client, within thirty <br />(30) days of receipt of the request. <br />Page 4 of 8 <br />17535410v.1 <br />104 <br />