Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What is the HIPAA Breach Notification Rule?

‍

The HIPAA Breach Notification Rule is a 2009 addition to the original Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The HIPAA Breach Notification Rule requires HIPAA-covered entities and their business associates to provide notification following a breach of unsecured protected health information (PHI). Generally defined, a breach is an impermissible use or disclosure of PHI that compromises its security or privacy. Such use or disclosure of PHI is presumed to be a breach unless the covered entity or business associate demonstrates a low probability of compromised PHI.

The HIPAA Breach Notification Rule was introduced in conjunction with the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. This Rule requires notification to affected individuals, the U.S. Department of Health and Human Services, and in some cases, the media, in the event of a breach of unsecured PHI.

Covered entities and business associates with access to PHI are obligated to ensure administrative, physical, and technical safeguards are in place to maintain the security of patient data. Additionally, they must have procedures in place should a data breach occur and comply with the HIPAA Privacy Rule.

Related Terms

Additional resources you might like:

GDPR

Blog

GDPR compliance for US companies: Step-by-step guide

Learn how GDPR impacts US organizations and what it takes to achieve compliance.

GDPR

Blog

An actionable guide to GDPR compliance for startups

Learn what GDPR compliance means for startups and how to achieve it while building trust and scaling with confidence.

Compliance

Blog

How to choose the best regulatory compliance software: A buyer’s guide

Find out what to look for in compliance software as AI and regulatory requirements continue to change.

GDPR

Events

Learn How to Automate Compliance for ISO 27001, GDPR, and more

Join our live demo to learn how Vanta automates compliance for ISO 27001, DORA, the EU AI Act, and more, saving you time and money.

Compliance

Events

Learn How to Automate Compliance for SOC 2, ISO 27001, and More

Watch our on-demand demo to learn how Vanta can help you accelerate compliance with deep automation and agentic workflows that handle evidence, policies, and remediation for you across frameworks like SOC 2, ISO 27001, HIPAA, and more.

ISO 27001

Blog

The Australian startups guide to ISO 27001

Understand the benefits, steps to certification, and how Vanta simplifies the journey.

SOC 2

Blog

What is SOC 2 and why Australian startups need it

SOC 2 for Aussie startups.

Compliance

Events

3 Steps to Kick Off First-Time Compliance in 2026

Watch this on-demand webinar to learn how to make compliance work at your pace, without slowing momentum, stalling deals, or putting revenue at risk.

Vendor Risk Management

Events

Office Hour: Transform how you manage third-party and internal risk

Check out our on demand Office Hour where we dive deeper into Vanta’s vision for unified, continuous, AI-powered risk management, and what it means for your business today.

Follow us

What is the HIPAA Breach Notification Rule?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast