Question about your notification policy…


New member
If HHS doesn’t require us to notify patients every time we are breached, why do you recommend it?


Staff member
This is not true. All hipaa breaches must be reported. The U.S. Department of Health and Human Services (HHS) DOES REQUIRE breach notification. HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act. Source: - It's also important to keep in mind that almost every state has breach notification laws that must be followed in the event of a hipaa breach too!


New member
You need to review the Breach notification this is very strict. If you're provdiing cover overseas remember that GDPR requires similar notifications to be issued inside a set time period.
$900 Gets You HIPAA Security + 23-Point SEO Checkup - Learn More