Breaches of protected health information must be reported to the individual and to the Secretary of HHS using guidelines provided by the Secretary of HHS.
Breaches of Protected Health Information
The HIPAA Breach Notification Rule, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.