As part of Bamboo Health Policies and Procedures, all Security Incidents relating to the improper use or disclosure of Protected Health Information (PHI) must be reported to Bamboo Health's Privacy Officer upon discovery. If the Security Incident is determined to have resulted in a Successful Breach (rather than merely a Potential Breach), Bamboo Health will follow the Breach notification procedures outlined in the Business Associate Agreement that governs the use or disclosure of the PHI that is the subject of the Breach.