Providing HIPAA-Required Notice after PHI Breach Visual Checklist

Summary

This visual checklist provides an overview of the required types of notice that must be given regarding a data breach that constitutes a reportable breach of protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, 45 C.F.R. §§ 164.400 through 164.414. Under the Breach Notification Rule, HIPAA-defined covered entities (CEs)—healthcare providers, plans, and clearinghouses—must notify affected individuals, the federal government, and, in some cases, the media following reportable breaches of individuals' PHI.