Index
Patient RightsFederal

Breach Notification Rule

Summary

Requires HIPAA covered entities to provide notification following a breach of unsecured protected health information.

Rights & Rules

  • 01.
    You must be notified within 60 days if your medical data is breached.
  • 02.
    If a breach affects over 500 people, the media must be notified.

Penalties

  • 01.
    Fines up to $1.9 million per year for identical violations.
  • 02.
    Required corrective action plans overseen by the Office for Civil Rights (OCR).

Verified Citations

45 CFR §§ 164.400-414

Source
"Following a breach of unsecured protected health information, covered entities must provide notification of the breach to affected individuals."