16 CFR 318.6 - Content of notice.

§ 318.6 Content of notice.
Regardless of the method by which notice is provided to individuals under § 318.5 of this part, notice of a breach of security shall be in plain language and include, to the extent possible, the following:
(a) A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known;
(b) A description of the types of unsecured PHR identifiable health information that were involved in the breach (such as full name, Social Security number, date of birth, home address, account number, or disability code);
(c) Steps individuals should take to protect themselves from potential harm resulting from the breach;
(d) A brief description of what the entity that suffered the breach is doing to investigate the breach, to mitigate harm, and to protect against any further breaches; and
(e) Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an email address, Web site, or postal address.

Title 16 published on 2014-01-01

no entries appear in the Federal Register after this date.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


Statutes at Large