Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · CFR · Title 16 — Commercial Practices · Part 318 — Health Breach Notification Rule · § 318.6

§ 318.6. Content of notice.

273 words·~1 min read·/us/cfr/t16/s§ 318.6·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Regardless of the method by which notice is provided to individuals under § 318.5 (regarding methods of notice), notice of a breach of security shall be in plain language and include, to the extent possible, the following:
(a)A brief description of what happened, including: the date of the breach and the date of the discovery of the breach, if known; and the full name or identity (or, where providing the full name or identity would pose a risk to individuals or the entity providing notice, a description) of any third parties that acquired unsecured PHR identifiable health information as a result of a breach of security, if this information is known to the vendor of personal health records or PHR related entity;
(b)A description of the types of unsecured PHR identifiable health information that were involved in the breach (such as but not limited to full name, Social Security number, date of birth, home address, account number, health diagnosis or condition, lab results, medications, other treatment information, the individual's use of a health-related mobile application, or device identifier (in combination with another data element));
(c)Steps individuals should take to protect themselves from potential harm resulting from the breach;
(d)A brief description of what the entity that experienced the breach is doing to investigate the breach, to mitigate harm, to protect against any further breaches, and to protect affected individuals, such as offering credit monitoring or other services; and
(e)Contact procedures for individuals to ask questions or learn additional information, which must include two or more of the following: toll-free telephone number; email address; website; within-application; or postal address.
Connections1 cite this
Citation graph
cites case law
§ 318.6
Content of notice.
Fed. Reg.×1
Cites 0Cited by 1 across 1 source
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.