Breach Notification Rule

The HIPAA Breach Notification Rule is a component of the Health Insurance Portability and Accountability Act (HIPAA) that establishes requirements for covered entities and their business associates to notify affected individuals, the Department of Health and Human Services (HHS), and, in some cases, the media, in the event of a breach of unsecured protected health information (PHI). The Breach Notification Rule defines a breach as an unauthorized acquisition, access, use, or disclosure of PHI that compromises its security or privacy. Covered entities are required to conduct a risk assessment to determine the likelihood of harm to individuals as a result of the breach and, if necessary, provide notifications to affected individuals, HHS, and the media.

Go to Top