We use cookies to better understand how you use our site and to improve your experience by personalizing content. Please review our updated Privacy Policy and Terms of Use. If you accept the use of cookies, please click the "I accept" button.I acceptI declineX
Skip navigational links

Breach Notification and Enforcement



This tutorial provides an overview of the process for determining whether an impermissible access, use, or disclosure of an individual's protected health information constitutes a breach for which notification must be made under the Health Information Technology for Economic and Clinical Health Act breach notification rule. It also outlines who must receive notice of a breach, the required time frames for notification, and the required contents of breach notifications. Finally, it describes the extent of civil monetary penalties that may be imposed for different categories of violations of the Health Information Portability and Accountability Act of 1996 and highlights the enforcement activity of the Office for Civil Rights to date.


Patricia MarkusPatricia A. Markus, Esquire
Smith Moore Leatherwood LLP
Raleigh, NC


Note: This tutorial was recorded on June 14, 2012, and published on November 1, 2012, so the information presented is current as of the recording date. ​

© 2018 American Health Lawyers Association. All rights reserved. 1620 Eye Street NW, 6th Floor, Washington, DC 20006-4010 P. 202-833-1100 F. 202-833-1105