Summer Special - Exclusion List Monitoring - Call For Details

Login

Breach Notification

Breach Notification

The Rule

The Breach Notification Rule, part of the Health Information Technology for Economic and Clinical Health (HITECH) Act under the American Recovery and Reinvestment Act of 2009 (ARRA), ensures that individuals are informed if their unsecured protected health information (PHI) is compromised.

The rule applies to both covered entities and business associates. If a breach involves unsecured PHI—meaning it hasn’t been protected using a method approved by the U.S. Department of Health and Human Services (HHS)—then notification becomes mandatory. This includes PHI in electronic, paper, or oral form that unauthorized individuals could access, read, or use.

 

Who to Notify

Healthcare practices must notify:

  • The individuals affected by the breach,

  • The Secretary of HHS, and

  • The media, if the breach affects more than 500 people.

Practices must send a written notice by first-class mail to the individual’s last known address or to their next of kin. The message must use plain language and include specific details about the breach.

If the individual has agreed to receive emails, the notice may be sent electronically instead.

Get Started with Compliance Solutions

Ready to Get Started?

Contact us today to learn how we can help your practice maintain complete compliance.

Schedule a Consultation
Expert Support
0 /7
Compliance Rate
0 %
Years Experience
0 +
Satisfied Clients
0 +

Billing Compliance

Corporate Compliance

HIPAA/HITECH

OSHA Compliance

Additional Resources

Facebook-f Instagram Youtube Linkedin
Sales: 1-888-MED-SAFE
(781) 237-9700

© 2025 MedSafe. All Rights Reserved.

HashWebs Web Design