Identify protocols related to the reporting of breaches.

Identification should include risk assessment and agency reporting, such as

• individual notice
• media notice
• submission of the breach notification form to the Secretary of HHS (https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf?faces-redirect=true Links to an external site.)
• Submit a Notice for a Breach Affecting 500 or More Individuals
• Submit a Notice for a Breach Affecting Fewer than 500 Individuals (https://ocrportal.hhs.gov/ocr/breach/breach_form.jsf) Links to an external site. 
  
  
• notification by a business associate
• notification by a healthcare system
• administrative requirements and burden of proof.

Teacher Resource: Breach Notification Rule (https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html Links to an external site.), U.S. Department of Health and Human Services

Process/Skill Questions:

• How would an organization access and complete the forms necessary for notification of a data breach related to 500 or fewer individuals?
• How would an organization access and complete the forms necessary for notification of a data breach related to 500 or more individuals?