§ 164.400 Applicability
The requirements of this subpart shall apply with respect to breaches of protected health information occurring on…
Read MoreBreach
§ 164.402 Definitions
As used in this subpart, the following terms have the following meanings: Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises…
Read More§ 164.404 Notification to individuals
(a) Standard— (1) General rule. A covered entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected health information has…
Read More§ 164.406 Notification to the media
(a) Standard. For a breach of unsecured protected health information involving more than 500 residents of a State or jurisdiction, a covered entity shall, following the discovery of the breach…
Read More§ 164.408 Notification to the Secretary
(a) Standard. A covered entity shall, following the discovery of a breach of unsecured protected health information as provided in §164.404(a)(2), notify the Secretary. (b) Implementation specifications: Breaches involving 500 or more individuals. For breaches of unsecured protected health information involving 500 or more individuals…
Read More