What legally constitutes a HIPAA breach, how and when affected parties must be notified, and the civil and criminal penalties that follow — illustrated with real enforcement cases.
🎙 8 min 39 sec
🎙
Now Playing
Episode 4 — Breaches & Enforcement
What You'll Hear
The legal definition of a HIPAA breach — the four-factor risk assessment and what qualifies as "unsecured" PHI
Breach notification requirements: timelines for notifying individuals (60 days), the media, and HHS for large breaches
Civil and criminal penalty tiers — from $100 per violation for unknowing violations up to $1.9 million annually per category
Real enforcement case studies showing how OCR investigations unfold and what organizations paid for common compliance failures