HIPAA

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

Breach Notification Rule

HIPAA requirement that covered entities notify affected individuals within 60 days of discovering a breach of unsecured PHI. Breaches affecting 500 or more individuals also require notification to HHS and prominent media outlets.

From the library

The full analysis on Breach Notification Rule.

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.