The HIPAA Breach Notification Rule, 45 CFR ยงยง 164.400-414, requires HIPAA covered entities and their business associates to provide notification to patients and the Department of Health and Human Services (HHS), following a breach of unsecured protected health information.
Your ePHI data is deemed UNSECURED when
....
