HIPAA BREACH NOTIFICATION Sample Clauses

The HIPAA Breach Notification clause requires parties to promptly inform each other if there is a breach involving protected health information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). This typically involves specifying the timeframe for notification, the method of communication, and the information that must be included in the notice, such as the nature of the breach and the individuals affected. The core function of this clause is to ensure compliance with federal law and to facilitate a timely response to data breaches, thereby protecting the privacy of individuals and minimizing potential harm.
HIPAA BREACH NOTIFICATION. 14.1. Section 13402 of the American Reinvestment and Recovery Act of 2009 added the requirement that covered entities notify the affected individual upon the unauthorized use or disclosure of PHI in their possession. 14.2. A breach is treated as “discovered” on the first day we learn of the breach or could have learned of the breach had we exercised reasonable diligence. 14.3. When required to notify an affected individual, it must be by first class mail to the individual’s last known address. We can give notification via email if individual has previously agreed to receive such notifications by email. Where an individual is deceased, notification should be made to the next of kin or the individual’s personal representative. 14.4. If the contact information is out-of-date for fewer than 10 individuals, substitute notice can be made by telephone or other means. If it is out- of-date for 10 or more individuals, substitute notice can be given in the form of: 14.4.1. A conspicuous posting for at least 90 days on home page of website. 14.4.2. A conspicuous notice in a major newspaper or on a broadcast network 14.4.3. For breaches involving the unsecured PHI of 500 or more individuals – please contact your Compliance Officer as there are specific requirements to follow-up.
View SourceView Similar (4)
HIPAA BREACH NOTIFICATION. 14.1. Section 13402 of the American Reinvestment and Recovery Act of 2009 added the requirement that covered entities notify the affected individua l upon the unauthorized use or disclosure of PHI in their possession. 14.2. A breach is treated as “discovered” on the first day we learn of the breach or could have learned of the breach had we exercised reasonable diligence. 14.3. When required to notify an affected individua l, it must be by first class mail to the individua l’s last known address. We can give notification via email if individua l has previously agreed to receive such notifications by email. Where an individual is deceased, notification should be made to the next of kin or the individua l’s personal representative. 14.4. If the contact information is out-of-date for fewer than 10 individua ls, substitute notice can be made by telephone or other means. If it is out- of-date for 10 or more individua ls, substitute notice can be given in the form of: 14.4.1. A conspicuous posting for at least 90 days on home page of website. 14.4.2. A conspicuous notice in a major newspaper or on a broadcast network 14.4.3. For breaches involving the unsecured PHI of 500 or more individuals – please contact your Compliance Officer as there are specific requirements to follow-up.
View Source
HIPAA BREACH NOTIFICATION 
View Source