HIPAA
Breach Notification Rule
The HIPAA rule requiring notice when unsecured PHI is exposed.
The Breach Notification Rule requires covered entities and business associates to notify affected individuals, HHS, and in some cases the media when unsecured PHI is exposed. It sits alongside the Privacy and Security Rules and defines reporting timelines after a breach is discovered.
Accidental disclosures can trigger it too. See examples of unintentional HIPAA violations.