Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We have made big changes to make the eCFR easier to use. Be sure to leave feedback using the Feedback button on the bottom right of each page!

e-CFR data is current as of January 21, 2021

Title 16Chapter ISubchapter CPart 318 → §318.6


Title 16: Commercial Practices
PART 318—HEALTH BREACH NOTIFICATION RULE


§318.6   Content of notice.

Regardless of the method by which notice is provided to individuals under §318.5 of this part, notice of a breach of security shall be in plain language and include, to the extent possible, the following:

(a) A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known;

(b) A description of the types of unsecured PHR identifiable health information that were involved in the breach (such as full name, Social Security number, date of birth, home address, account number, or disability code);

(c) Steps individuals should take to protect themselves from potential harm resulting from the breach;

(d) A brief description of what the entity that suffered the breach is doing to investigate the breach, to mitigate harm, and to protect against any further breaches; and

(e) Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an email address, Web site, or postal address.

Need assistance?