Which of the following are considered Breach Notification requirements?

The standards in this rule address the use and disclosure of individuals’ health information by entities subject to HIPAA. This rule also contains standards for individuals’ rights to understand and control how their health information is used. The main objective of this rule is to ensure PHI is properly protected while still allowing the flow of health information to promote high quality health care.

This rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called “electronic protected health information” (ePHI). This rule does not apply to PHI transmitted orally or in writing.

This rule implements several provisions of the Hitech Act that strengthen the privacy and security for health information established within HIPAA which led to finalizing the next rule we will discuss.

This rule requires Covered Entities and their Business Associates to provide notification for any breach of unsecured PHI.

This rule provides standards and guidelines for enforcing all of these rules within HIPAA.