45 CFR 164.402 - Definitions.

Status message

There is 1 rule appearing in the Federal Register for 45 CFR 164. View below or at eCFR (GPOAccess)
§ 164.402 Definitions.
As used in this subpart, the following terms have the following meanings:
Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information.
(1)
(i) For purposes of this definition, compromises the security or privacy of the protected health information means poses a significant risk of financial, reputational, or other harm to the individual.
(ii) A use or disclosure of protected health information that does not include the identifiers listed at § 164.514(e)(2), date of birth, and zip code does not compromise the security or privacy of the protected health information.
(2) Breach excludes:
(i) Any unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted under subpart E of this part.
(ii) Any inadvertent disclosure by a person who is authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under subpart E of this part.
(iii) A disclosure of protected health information where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.
Unsecured protected health information means protected health information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in the guidance issued under section 13402(h)(2) ofPublic Law 111-5 on the HHS Web site.

Title 45 published on 2013-10-01

The following are only the Rules published in the Federal Register after the published date of Title 45.

For a complete list of all Rules, Proposed Rules, and Notices view the Rulemaking tab.

  • 2014-02-06; vol. 79 # 25 - Thursday, February 6, 2014
    1. 79 FR 7290 - CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports
      GPO FDSys XML | Text
      DEPARTMENT OF HEALTH AND HUMAN SERVICES, Office of the Secretary, Centers for Medicare & Medicaid Services
      Final rule.
      Effective Date: These regulations are effective on April 7, 2014. HIPAA covered entities must comply with the applicable requirements of this final rule by October 6, 2014.
      42 CFR Part 493

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code

Title 45 published on 2013-10-01

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 45 CFR 164 after this date.

  • 2014-02-06; vol. 79 # 25 - Thursday, February 6, 2014
    1. 79 FR 7290 - CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports
      GPO FDSys XML | Text
      DEPARTMENT OF HEALTH AND HUMAN SERVICES, Office of the Secretary, Centers for Medicare & Medicaid Services
      Final rule.
      Effective Date: These regulations are effective on April 7, 2014. HIPAA covered entities must comply with the applicable requirements of this final rule by October 6, 2014.
      42 CFR Part 493