Skip to Content

HIPAA Privacy - Content of Notification 164.404(c)(1)

591  Matthew Burdick September 29, 2022  Notice of Privacy Practices (Privacy)

Overview:
ยง164.404(c)(1)
Content of Notification.
The notification required by paragraph (a) of this section shall include, to the extent possible:

(A) A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known;
(B) A description of the types of unsecured protected health information that were involved in the breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved);
(C) Any steps the individual should take to protect themselves from potential harm resulting from the breach;
(D) A brief description of what the covered entity is doing to investigation the breach, to mitigate harm to individuals, and to protect against further breaches; and
(E) Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an email address, Web site, or postal address.
(2) The notification required by paragraph (a) of this section shall be written in plain language.


Action Items:
1) Inquire of management whether the covered entity has used a standard template(s) or form letter(s) for notification to individuals for breaches or for specific types of breaches. If the covered entity has used such templates or form letters, obtain the documents and evaluate whether they include this section's required elements.
2) Obtain a list of breaches, if any, that occurred in the previous calendar year. Obtain and review a copy of a single written notice sent to affected individuals for each breach incident in the previous calendar year. For the first five breach incidents that occurred in the previous calendar year, obtain and evaluate documentation related to the required content in the written notices sent to affected individuals.


Related Documents:
1) Standard template(s) or form letter(s) for notification to individuals for breaches or for specific types of breaches.
2) List of breaches, if any, that occurred in the previous calendar year.
3) Copy of a single written notice sent to affected individuals for each breach incident in the previous calendar year.
4) Documentation related to the required content in the written notices sent to affected individuals.


Additional Guidance:
Contact procedures for individuals to ask questions or learn additional information shall include a toll-free telephone number, an e-mail address, Web site, or postal address. The notifications are required to be written in plain language.
Not Rated
Secure Code