We value your privacy

We use cookies on our website to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Join the upcoming compliance walkthrough in our "Live Demo" series.  Register Now!

HIPAA Rules: Breach Notification Rule

The Health Insurance Portability and Accountability Act was passed initially in 1996, but the HIPAA Breach Notification Rule was added in 2009. (HIPAA).

The HIPAA Compromise Notification Rule mandates that after a breach of unprotected health information, HIPAA-covered entities and their business partners must notify affected individuals (PHI). A breach is generally understood as the unauthorized use or disclosure of PHI that jeopardizes its security or privacy. Unless the covered company or business associate can show a minimal chance of compromised PHI, such use or disclosure of PHI is deemed a breach.

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the HIPAA Breach Notification Rule were released in 2009. In case of an unsecured PHI breach, this Rule mandates reporting to the impacted parties, the US Department of Health and Human Services, and also the media in some cases.

A covered entity’s breach notification obligations differ based on whether the breach affects 500 or more individuals or fewer than 500 individuals. If the number of individuals affected by a breach is uncertain at the time of submission, the covered entity should provide an estimate, and, if it discovers additional information should submit updates in a prescribed manner.

To guarantee the security of patient data, covered entities and business partners with access to PHI are required to put administrative, physical, and technical safeguards in place. In addition, they must adhere to the HIPAA Privacy Rule and have plans for a data breach.

See Scrut in action!

Schedule a Demo