Marduk Method
  • Components
  • Pricing
  • Contact
  • Sign In
  • Search
  • Default
    • Theme
May 21, 2026

Breach Notification Rule & Incident Response

# Breach Notification Rule & Incident Response This module covers how to recognize and respond to HIPAA security incidents and potential breaches. ## What is a breach? A breach is an impermissible use or disclosure of PHI that compromises its security or privacy — **UNLESS one of these exceptions applies:** - The PHI was encrypted to HIPAA standards AND the decryption key was not compromised, OR - An unauthorized person could not reasonably have retained the PHI (e.g., wrong-number call immediately corrected) When in doubt, **report it** — the Security Officer determines whether the exception applies. ## When to report immediately Report the same day you discover or suspect: - PHI was accessed by an unauthorized person (wrong email, lost device, unauthorized login) - A device or account with PHI access was lost or stolen - PHI was sent to the wrong recipient - Unexpected system activity or unauthorized access detected ## How to report 1. Contact your direct manager immediately 2. Email Security Officer: j@chimaro.ai 3. For urgent incidents: contact all above simultaneously via phone **Do not investigate, contain, or remediate alone.** Preserve evidence and wait for Security Officer guidance. ## Notification timelines (after breach is confirmed) | Recipient | Timeline | |---|---| | Affected individuals | Within 60 days of discovery | | HHS Secretary | Within 60 days (add to breach log; annual report if < 500 individuals) | | Media (state) | Within 60 days if ≥ 500 individuals in a state affected | | Customer (Covered Entity) | Without unreasonable delay; high-severity: 24 hours | ## Common incident scenarios - **Wrong email with PHI attached** → Report immediately; document recipient; assess sensitivity - **Lost/stolen laptop** → Report immediately; remotely wipe if available; change all passwords - **Unauthorized database query** → Report immediately; preserve logs; do not query further - **Phishing credential compromise** → Change passwords, revoke tokens, report immediately ## Attestation Completing this module confirms you know how to recognize and report potential HIPAA incidents.
← Back to Academy