Home Blog

Business Associate notification requirements


If a breach of unsecured protected health information occurs at or by a business associate, the business associate must notify the provider following the discovery of the breach.  A business associate must provide notice to the provider without unreasonable delay and no later than 60 days from the discovery of the breach.  To the extent possible, the business associate should provide the provider with the identification of each individual affected by the breach as well as any other available information required to be provided by the provider in its notification to affected individuals.