HIPAA Breach Notification Rule

GPTKB entity

Statements (19)
Predicate Object
gptkbp:instanceOf gptkb:United_States_federal_law
gptkbp:appliesTo business associates
covered entities
gptkbp:codifiedIn gptkb:45_CFR_§§_164.400-414
gptkbp:defines breach as unauthorized acquisition, access, use, or disclosure of protected health information
gptkbp:enforcedBy gptkb:U.S._Department_of_Health_and_Human_Services
gptkbp:excludes breaches of secured (encrypted) protected health information
https://www.w3.org/2000/01/rdf-schema#label HIPAA Breach Notification Rule
gptkbp:notificationDeadline without unreasonable delay and no later than 60 days after discovery
gptkbp:partOf gptkb:Health_Insurance_Portability_and_Accountability_Act
gptkbp:penaltiesForNoncompliance civil monetary penalties
gptkbp:purpose to ensure individuals are informed of breaches of their health information
gptkbp:relatedTo gptkb:HITECH_Act
gptkbp:requires covered entities to notify the media if a breach affects more than 500 residents of a state or jurisdiction
covered entities to notify the Secretary of HHS of breaches
covered entities to notify affected individuals of breaches of unsecured protected health information
gptkbp:startDate September 23, 2009
gptkbp:bfsParent gptkb:Health_Breach_Notification_Rule
gptkbp:bfsLayer 5