(1) All reasonable regulatory assessments, forensic audit expenses, breach notification expenses, and post event services expenses resulting from a data security event occurring and reported to Diversified Insurance while such Participating Merchant is enrolled in the Program; and
(2) Any regulatory penalty and regulatory event expenses resulting from a regulatory action commenced and reported to Modern Compliance Solutions, Inc. while such Participating Client is enrolled in the Program.
Backed by an Insurance Policy
The Program is backed by an insurance policy (the “Policy”) from our insurance company. You are not an “insured” or beneficiary under the Policy and nothing in this Agreement creates a relationship between you and our insurance company (or any other of our insurance company’s affiliate). Neither our insurance company nor Modern Compliance Solutions, Inc. is providing you with insurance pursuant to this Agreement. Our insurance company will manage claims and payment processing under the Program.
The Program provides benefits to you only if you provide a timely and complete report of a data security event or regulatory action as soon as you become aware of such event or action. You will need to provide details on the data security event or regulatory action including, but not limited to: a complete description of the data security event or regulatory action, all documents relating to the data security event or regulatory action and any other pertinent information requested by or on behalf of Modern Compliance Solutions, Inc. To report a data security event or regulatory action under the Program, contact: [email protected].
CLIENT ASSUMES SOLE RESPONSIBILITY AND LIABILITY FOR MAKING TIMELY AND COMPLETE CLAIMS UNDER THE PROGRAM, PROVIDING NECESSARY OR REQUESTED DATA AND INFORMATION, AND OTHERWISE COMPLYING WITH THE TERMS AND CONDITIONS SET FORTH IN THE PROGRAM. CLIENT MUST HAVE A COMPLETED, CURRENT HIPAA ONE® SECURITY RISK ANALYSIS, VALID SUBSCRIPTION, AND NOTIFIED MODERN COMPLIANCE SOLUTIONS, INC. VIA THE ASSURANCE REGISTRATION PAGE:
- YOUR ORGANIZATION HAS REMEDIATED 100% OF THE RISKS IDENTIFIED IN THE ASSESSMENT,
- CONDUCTED PENETRATION TESTING BY MODERN COMPLIANCE SOLUTIONS AND
- REMEDIATED ALL RISKS IDENTIFIED IN THE PENETRATION TESTING.
MODERN COMPLIANCE SOLUTIONS, INC. SHALL HAVE NO LIABILITY TO ANY PARTICIPATING ORGANIZATION UNDER THE PROGRAM IN THE EVENT, AND TO THE FULLEST EXTENT, THAT OUR INSURANCE COMPANY DENIES COVERAGE UNDER THE POLICY FOR ANY GIVEN DATA SECURITY EVENT OR REGULATORY ACTION. MODERN COMPLIANCE SOLUTIONS, INC.’S DUTY TO PROVIDE PAYMENTS TO ANY PARTICIPATING ORGANIZATION FOR COSTS ARISING FROM ANY DATA SECURITY EVENT OR REGULATORY ACTION UNDER THE PROGRAM WILL BE MADE ONLY AFTER, AND TO THE EXTENT THAT, MODERN COMPLIANCE SOLUTIONS, INC. RECEIVES PAYMENT FROM OUR INSURANCE COMPANY UNDER THE POLICY.
THE PROGRAM LIMIT IS THE MOST ANY PARTICIPATING ORGANIZATION CAN RECOVER FOR EACH HIPAA ONE® IDENTIFICATION NUMBER DURING A TWELVE (12) MONTH PERIOD FOR ANY OR ALL SUCH COSTS OR EXPENSES, COMBINED, AND REGARDLESS OF THE NUMBER OF DATA SECURITY EVENTS DISCOVERED OR REGULATORY ACTIONS TAKEN.