HIPAA Breach Notification Rule
E181950
The HIPAA Breach Notification Rule is a U.S. federal regulation that requires covered entities and their business associates to notify affected individuals, regulators, and sometimes the media when unsecured protected health information is compromised.
All labels observed (2)
| Label | Occurrences |
|---|---|
| HIPAA Breach Notification Rule canonical | 2 |
| Health Insurance Portability and Accountability Act breach notification rule | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1605899 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: HIPAA Breach Notification Rule Context triple: [Health Insurance Portability and Accountability Act, implementedBy, HIPAA Breach Notification Rule]
-
A.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that sets national standards for protecting sensitive patient health information and improving the portability and continuity of health insurance coverage.
-
B.
New York State Department of Financial Services Cybersecurity Regulation
The New York State Department of Financial Services Cybersecurity Regulation is a pioneering set of cybersecurity requirements for financial institutions operating in New York, mandating robust risk-based programs, incident reporting, and governance to protect consumers and the financial system from cyber threats.
-
C.
Patient Safety Organization program
The Patient Safety Organization program is a federal initiative that supports organizations in collecting, analyzing, and sharing healthcare error data to improve patient safety and reduce medical harm.
-
D.
Privacy Act of 1974
The Privacy Act of 1974 is a U.S. federal law that governs how federal agencies collect, maintain, use, and disclose individuals’ personal information, granting citizens rights to access and correct records about themselves.
-
E.
Federal Information Security Modernization Act of 2014
The Federal Information Security Modernization Act of 2014 is a U.S. law that updates and strengthens federal government information security practices by clarifying agency responsibilities, enhancing oversight, and modernizing the framework for protecting federal information systems.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: HIPAA Breach Notification Rule Target entity description: The HIPAA Breach Notification Rule is a U.S. federal regulation that requires covered entities and their business associates to notify affected individuals, regulators, and sometimes the media when unsecured protected health information is compromised.
-
A.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that sets national standards for protecting sensitive patient health information and improving the portability and continuity of health insurance coverage.
-
B.
New York State Department of Financial Services Cybersecurity Regulation
The New York State Department of Financial Services Cybersecurity Regulation is a pioneering set of cybersecurity requirements for financial institutions operating in New York, mandating robust risk-based programs, incident reporting, and governance to protect consumers and the financial system from cyber threats.
-
C.
Patient Safety Organization program
The Patient Safety Organization program is a federal initiative that supports organizations in collecting, analyzing, and sharing healthcare error data to improve patient safety and reduce medical harm.
-
D.
Privacy Act of 1974
The Privacy Act of 1974 is a U.S. federal law that governs how federal agencies collect, maintain, use, and disclose individuals’ personal information, granting citizens rights to access and correct records about themselves.
-
E.
Federal Information Security Modernization Act of 2014
The Federal Information Security Modernization Act of 2014 is a U.S. law that updates and strengthens federal government information security practices by clarifying agency responsibilities, enhancing oversight, and modernizing the framework for protecting federal information systems.
- F. None of above. chosen
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
HIPAA regulation
ⓘ
U.S. federal regulation ⓘ |
| allowsAnnualHHSReportingWhen | breach affects fewer than 500 individuals ⓘ |
| appliesTo |
HIPAA business associates
ⓘ
HIPAA covered entities ⓘ |
| appliesToDataType |
unsecured PHI
ⓘ
unsecured protected health information ⓘ |
| authority |
HITECH Act
ⓘ
HITECH Act ⓘ
surface form:
Health Information Technology for Economic and Clinical Health Act
|
| codifiedIn | 45 CFR Part 164 Subpart D ⓘ |
| definesSecuredPHIBy | encryption or destruction in accordance with HHS guidance ⓘ |
| definesTerm |
breach of unsecured protected health information
ⓘ
unsecured protected health information ⓘ |
| effectiveDate | September 23, 2009 ⓘ |
| enforcedBy |
Office for Civil Rights
ⓘ
surface form:
HHS Office for Civil Rights
United States Department of Health and Human Services ⓘ
surface form:
U.S. Department of Health and Human Services
|
| excludes | breaches involving secured PHI ⓘ |
| implementedBy |
HITECH Act
ⓘ
surface form:
HITECH Act amendments to HIPAA
|
| jurisdiction |
United States of America
ⓘ
surface form:
United States
|
| mediaNotificationThreshold | breach affecting more than 500 residents of a state or jurisdiction ⓘ |
| notificationDeadline |
no later than 60 days following discovery of a breach
ⓘ
without unreasonable delay ⓘ |
| notificationTrigger | acquisition, access, use, or disclosure of unsecured PHI in a manner not permitted under the HIPAA Privacy Rule ⓘ |
| partOf |
Health Insurance Portability and Accountability Act
ⓘ
surface form:
HIPAA
Health Insurance Portability and Accountability Act ⓘ |
| penaltiesForNonCompliance | civil monetary penalties under HIPAA ⓘ |
| primaryGoal |
to ensure individuals are informed when their health information is compromised
ⓘ
to promote transparency about breaches of protected health information ⓘ |
| relatedTo |
HIPAA Privacy Rule
ⓘ
HIPAA Security Rule ⓘ |
| requires |
documentation of breach investigations
ⓘ
risk assessment to determine probability that PHI has been compromised ⓘ timely breach notification ⓘ |
| requiresBusinessAssociate | to notify covered entity of breaches of unsecured PHI ⓘ |
| requiresHHSNotificationWhen | breach affects 500 or more individuals ⓘ |
| requiresMediaNotificationWhen | breach affects more than 500 residents of a state or jurisdiction ⓘ |
| requiresNoticeContent |
contact procedures for individuals to ask questions or learn additional information
ⓘ
description of the types of information involved ⓘ description of what happened ⓘ steps individuals should take to protect themselves ⓘ what the covered entity is doing to investigate and mitigate the breach ⓘ |
| requiresNotificationMethod |
electronic mail if the individual has agreed to electronic notice
ⓘ
first-class mail ⓘ |
| requiresNotificationTo |
United States Department of Health and Human Services
ⓘ
surface form:
U.S. Department of Health and Human Services
affected individuals ⓘ prominent media outlets in certain cases ⓘ |
| requiresSubstituteNoticeWhen | insufficient or out-of-date contact information for 10 or more individuals ⓘ |
| sector | healthcare ⓘ |
| substituteNoticeMethods |
media notice
ⓘ
website posting ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: HIPAA Breach Notification Rule Description of subject: The HIPAA Breach Notification Rule is a U.S. federal regulation that requires covered entities and their business associates to notify affected individuals, regulators, and sometimes the media when unsecured protected health information is compromised.
Referenced by (3)
Full triples — surface form annotated when it differs from this entity's canonical label.