Compliance Calendar/Resource
Notice & DisclosureRecurring

HIPAA Breach Notification

HITECH Act; 45 CFR §§ 164.400-414

Self-insured plans must notify affected individuals, HHS, and (if 500+ individuals affected) prominent media outlets of any breach of unsecured PHI. Business associates must notify the plan within 60 days of discovering a breach.

ResponsibleClient/Other TPA (compliance TPA)
Deliver ToAffected individuals; HHS; Media (if 500+ affected)
DeadlineTo individuals: without unreasonable delay, no later than 60 days after discovery. To HHS: annually (if <500) or within 60 days (if 500+)
Get Your Compliance Calendar →

Track this and 71 other federal requirements. Personalized to your plan.

HIPAA Breach Notification | Compliance Calendar — Benefits Blake