 |
If a breach of unsecured protected health information occurs at or by
a business associate, the business associate must notify the covered
entity following the discovery of the breach. A business associate must
provide notice to the covered entity without unreasonable delay and no
later than 60 days from the discovery of the breach. To the extent
possible, the business associate should provide the covered entity with
the identification of each individual affected by the breach as well as
any other available information required to be provided by the covered
entity in its notification to affected individuals.
|
|
