HIPAA Compliance Guide

HIPAA Overview & Regulations

HIPAA Compliance Guide
What is HIPAA? What is a HIPAA BAA?
Regulations
General Administrative Requirements
Subpart A
General Provisions
Subpart B
Preemption Of State Law
Subpart C
Compliance and Investigations
Subpart D
Imposition of Civil Money Penalties
Subpart E
Procedures for Hearings
Administrative Requirements
Subpart A
General Provisions
Subpart D
Standard Unique Health Identifier For Health Care Providers
Subpart E
Standard Unique Health Identifier For Health Plans
Subpart F
Standard Unique Employer Identifier
Subpart I
General Provisions For Transactions
Subpart J
Code Sets
Subpart K
Health Care Claims Or Equivalent Encounter Information
Subpart L
Eligibility For A Health Plan
Subpart M
Referral Certification And Authorization
Subpart N
Health Care Claim Status
Subpart O
Enrollment And Disenrollment In A Health Plan
Subpart P
Health Care Electronic Funds Transfers (EFT) And Remittance Advice
Subpart Q
Health Plan Premium Payments
Subpart R
Coordination Of Benefits
Subpart S
Medicaid Pharmacy Subrogation
Security and Privacy
Subpart A
General Provisions
Subpart C
Security Standards For The Protection Of Electronic Protected Health Information
Subpart D
Notification In The Case Of Breach Of Unsecured Protected Health Information
Subpart E
Privacy Of Individually Identifiable Health Information

Security and Privacy   >   Notification In The Case Of Breach Of Unsecured Protected Health Information

§ 164.406 Notification to the media

(a) Standard. For a breach of unsecured protected health information involving more than 500 residents of a State or jurisdiction, a covered entity shall, following the discovery of the breach as provided in § 164.404(a)(2), notify prominent media outlets serving the State or jurisdiction.

(b) Implementation specification: Timeliness of notification. Except as provided in § 164.412, a covered entity shall provide the notification required by paragraph (a) of this section without unreasonable delay and in no case later than 60 calendar days after discovery of a breach.

(c) Implementation specifications: Content of notification. The notification required by paragraph (a) of this section shall meet the requirements of § 164.404(c).

[74 FR 42740, Aug. 24, 2009, as amended at 78 FR 5695, Jan. 25, 2013]

HIPAA Regulations

§ 164.404: Notification to individuals

HIPAA Regulations

§ 164.408: Notification to the Secretary