Orange County NC Website
Browse       Search
(c) Contents of Notification. The notification required by this Section 9 shall <br /> include sufficient information for NC HIE and notified Participants to understand the nature and <br /> the extent of the Breach. For instance,such notification should include,to the extent available at <br /> the time of the notification the following information: <br /> i. A brief description of what happened,including the date of the Breach <br /> and the date of discovery of the Breach,if known; <br /> ii. The identification of each Individual whose Patient Information has <br /> been,or is reasonably believed to have been, accessed,acquired,used, <br /> or Disclosed during the Breach; <br /> iii. Description of the roles of the people involved in the Breach (e.g., <br /> employees,Authorized Users,service providers,unauthorized persons, <br /> etc.); <br /> iv. Description of the types of Patient Information that were involved in <br /> the Breach(whether full name, Social Security number, date of birth, <br /> home address, account number, diagnosis, disability code, or other <br /> types of information were involved); <br /> V. Description of Participants likely impacted by the Breach; <br /> vi. Number of Individuals or records impacted/estimated to be impacted <br /> by the Breach; <br /> vii. Description of actions taken to investigate the Breach, to mitigate <br /> harm to Individuals,and to protect against any further Breach; <br /> viii. Current status of the Breach(under investigation or resolved); <br /> ix. Contact procedures for Individuals to ask questions or learn additional <br /> information, which shalt include a toll-free telephone number, an e- <br /> mail address,Web site,or postal address;and <br /> X. Corrective action taken and steps planned to be taken to prevent a <br /> similar Breach. <br /> (d) The notifying party shall have a duty to supplement the information <br /> contained in the notification as it becomes available and to cooperate with other Participants and <br /> NC HIE in mitigating the effects of the Breach. <br /> (e) Except as provided for in Section 9(c)(ii),the notification required by this <br /> Section 9 shall not include any Patient Information. <br /> (f) NC HIE will provide, in a timely manner, a summary of the Breach to <br /> such Participants that does not identify any of the Participants or Individuals involved in the <br /> Breach. <br /> (g) This Section 9 shall not be deemed to supersede or relieve a party's <br /> reporting obligations(if any) under relevant security incident, breach notification or <br /> confidentiality provisions of Applicable Law, including, but not limited to, those related to <br /> Individuals. <br /> (h) The parties shall work together to coordinate any notification to <br /> Individuals, and applicable regulatory agencies, and any public announcement regarding the <br /> Breach that may be required by Applicable Law or the policies of a party. <br /> 10. CONFIDENTIAL BUSINESS INFORMATION. <br /> 11 <br />