Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · CFR · Title 16 — Commercial Practices · Part 318 — Health Breach Notification Rule · § 318.4

§ 318.4. Timeliness of notification.

258 words·~1 min read·/us/cfr/t16/s§ 318.4·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)In general. Except as provided in paragraph
(d)of this section (exception for law enforcement), all notifications required under § 318.3(a)(1) (required notice to individuals), (a)(3) (required notice to media), and
(b)(required notice by third party service providers), shall be sent without unreasonable delay and in no case later than 60 calendar days after the discovery of a breach of security.
(b)Timing of notice to FTC. All notifications required under § 318.5(c) (regarding notice to FTC) involving the unsecured PHR identifiable health information of 500 or more individuals shall be provided contemporaneously with the notice required by paragraph
(a)of this section. All logged notifications required under § 318.5(c) (regarding notice to FTC) involving the unsecured PHR identifiable health information of fewer than 500 individuals may be sent annually to the Federal Trade Commission no later than 60 calendar days following the end of the calendar year.
(c)Burden of proof. The vendor of personal health records, PHR related entity, and third party service provider involved shall have the burden of demonstrating that all notifications were made as required under this part, including evidence demonstrating the necessity of any delay.
(d)Law enforcement exception. If a law enforcement official determines that a notification, notice, or posting required under this part would impede a criminal investigation or cause damage to national security, such notification, notice, or posting shall be delayed. This paragraph
(d)shall be implemented in the same manner as provided under 45 CFR 164.528(a)(2), in the case of a disclosure covered under § 164.528(a)(2).
Connections1 off-index
1 reference not yet in our index
  • 45 CFR 164.528(a)(2)
Citation graph
cites case law
§ 318.4
Timeliness of notification.
Cite45 CFR 164.528(a)(2)
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.